A lot of security folks have little to no development experience, complicating their jobs when they want to do something that’s slightly different from what existing tools can do. Python provides a particularly useful tool for them because of its innate readability, support for multiple programming paradigms, and tremendous library of existing modules that we can adapt and connect to do new and interesting things. And for those of us with more extensive programming backgrounds in addition to our security skill sets, Python provides an excellent workbench for nearly any relevant task.
This book
Violent Python does not pretend in any way to teach readers how to program. In fact, when kicking off the brief section introducing the language itself, it flat-out refers to the reader “as an experienced programmer” (p. 6). However, a motivated hacker with limited exposure to Python can still follow along and pick things up relatively quickly, as VP doesn’t really use any particularly esoteric language features.
That said, it also does not necessarily require the reader to cover it linearly from page 1 to the end. The subtitle of the book, after all, calls it a “cookbook for hackers”, and it handles its end of the bargain. VP does not go into great detail for these projects but illustrates how to accomplish them relatively simply, primarily as inspiration for the reader who can then use the ideas and code as building blocks for self-driven projects.
I rarely like getting technology books in electronic format, and so I have the paperback copy. Given the complete lack of diagrams in this book, however, it wouldn’t matter as much in this case. The paper and printing quality seems relatively high; the papers have a smooth, creamy texture, and the book has wide margins that lend themselves very well to note taking and similar marginalia. While I’m not particularly a fan of the particular typeface used for code in the book, I didn’t find it so distracting as to make it impossible to work. As has become sadly common these days, the book contains a number of typographical errors and I really wish the publisher had put it through one more review iteration to catch them. Perhaps the companion site will eventually contain appropriate errata.
Contents
Chapter 2, “Penetration Testing with Python”, provides examples of how to perform a port scan (first using the socket API and then with nmap integration), brute forcing, using weaknesses in SSH key generation, injecting malicious IFRAMEs, interacting with Metasploit, and sending custom buffer overflow code over the network.
Chapter 3, “Forensic Investigations with Python”, discusses analyzing the history of wireless access points in the Windows registry (including geolocation), investigation of the Recycle Bin, examining metadata in various document types, and using application artifacts like SQLite databases in Firefox and Skype or iTunes Mobile.
Chapter 4, “Network Traffic Analysis with Python”, gets into better geolocation, packet parsing using dpkt and Scapy, KML generation, and analyzing various types of traffic like the LOIC DDOS tool, varying TTLs from spoofed port scans, and DNS fast-flux, and TCP sequence prediction. It also briefly covers generating packets to match IDS signatures.
Chapter 5, “Wireless Mayhem with Python”, reviews mining WiFi traffic for personal information like payment cards and authentication credentials, analyzing 802.11 probes and beacons, intercepting and hijacking UAV command traffic, detecting Firesheep use, and manipulate Bluetooth networks.
Chapter 6, “Web Recon with Python”, explains the Mechanize and BeautifulSoup libraries as well as using the Google and Twitter APIs, plus a small section on spear phishing.
Chapter 7, “Antivirus Evasion with Python”, covers how to use Pyinstaller to obfuscate a Metasploit payload from antivirus as well as how to check your code automatically against AV scanners.
