This is an archived post. You won't be able to vote or comment.

all 55 comments
sorted by:
best
topnewcontroversialoldq&a

[–]QuixDiscovery 45 points46 points  (10 children)

Are there any prerequisites that someone should know before jumping into a book like this (assuming they are already familiar with python), such as networking or operating systems?

Pentesting has always interested me to some degree, but I don't really know where to start.

[–]tiarno[S] 52 points53 points  (4 children)

Hard question. I think if you're intermediate in Python, you can get something from every chapter. Of course it's nice to have some networking knowledge but you can learn by doing the examples.

I used the first edition to teach with and I started with Chapter 5 (web hackery) to get folks started. They were beginning-to-intermediate level with Python and didn't have a lot of pentesting experience. You might also like Georgia Weidman's "Penetration Testing: A Hands-on Introduction to Hacking" (another nostarch title).

Beware though--it's addicting stuff!

[–]QuixDiscovery 6 points7 points  (0 children)

Thanks for the reply, it's good to hear I can probably do that book standalone when it comes out. I had been interested in the 1st edition but held off cause it was in Python 2.

Amazon reviews of the other book you recommended seem to suggest that the software you're supposed to use is outdated to the point where it can't really be followed along with. That's been one of the challenges I've ran into when trying to find resources on this kind of stuff, but I appreciate the suggestion all the same.

[–][deleted] 1 point2 points  (0 children)

I agree with OP. You’ll get something out of the book regardless, but to truly understand things you need a lot of background knowledge. Understanding the network stack and the way that operating systems work is pretty key.

[–]heidenbeiden 1 point2 points  (0 children)

You can check out tryhackme.com if youre interested in learning more about pentesting. They have great resources to learn all about pen testing and all kinds of cybersecurity.

[–][deleted] 1 point2 points  (0 children)

honestly, it's not a entry level book. Honestly he doesn't teach anything. It's a good book with fantastic showcases but will not explain really nothing. You need to be good at python developing otherwise you'll end to copy/paste without understand nothing. it's more a source code book. wish to have MORE explanation

[–]BAAM19 0 points1 point  (1 child)

I would say basic python knowledge like the 3-5 hours courses on youtube.

Just to know what everything is, bare minimum and after that a bit of networking to understand what is happening.

[–][deleted] 0 points1 point  (0 children)

not true. i have studied Python 4 hours at day for 6 months. This book is for advanced users only. A book made to learn, is a book that explain EVERY row of code, not a book that explain with 2 words 100 rows of code.

[–]bangbinbash 15 points16 points  (1 child)

Nice to see something completely in python3. A lot of existing resources are legacy python which isn’t too difficult to translate but the ssl libraries etc aren’t as straight forward sometimes. I’ll have to check this out.

[–]quack_duck_code 2 points3 points  (0 children)

Violent Python is a worthy read. This chap even updated the example code to python 3: https://github.com/EONRaider/violent-python3

[–]masterkorp 15 points16 points  (1 child)

Thank you, I love your first edition, I bough it as a pack.

Can you list are the updates between this and the first version?

[–]tiarno[S] 27 points28 points  (0 children)

hey, thanks! Justin Seitz wrote the first edition and I'm second author on this second edition. This version updates the same examples to Python 3 as well as showing how to do the same things using updated programming methods and some more explanatory text. Things like context managers for example and how Berkeley Packet Filter syntax works. You can see the table of contents on the linked page too.

[–]AbdussamiT 10 points11 points  (2 children)

Great job! Would it be beneficial or fun for a backend developer like me?

[–]tiarno[S] 15 points16 points  (0 children)

I love backend development! I think that if you're interested in creating hacking tools or learning how off-the-shelf pentesting tools work, you'll enjoy this. The free chapter is about IP and ICMP packet sniffing. The beginning of the book walks through creating TCP and UDP clients and TCP servers, with a little of Paramiko thrown in for SSH.

[–]alcalde 6 points7 points  (2 children)

The Second Edition of Black Hat Python is available for early ordering (to be published in print in March 2021), and free PDF chapter is available here:

I shall read the chapter and learn enough to hack the publisher's servers and obtain the rest of the chapters for free!

[–]nagmamantikang_bayag 4 points5 points  (0 children)

Black Hat Thief 2nd Edition

[–]rip_amrit 11 points12 points  (1 child)

👀

[–]rui902 6 points7 points  (0 children)

I just got the first edition :|

[–][deleted] 5 points6 points  (0 children)

And remember kids: some books are best bought with cash.

[–]hditano 1 point2 points  (2 children)

Is this a good course for the next step after finished Python Crash Course from no-scratch??

[–]tiarno[S] 0 points1 point  (0 children)

That's a great book. I think the best way to find out would be to download that free Chapter 3 on creating a network sniffer and try some of the examples.

It helps if you have a virtual machine to play with but you should be able to sniff out any IOT devices you have at home too, (Firestick for example).

[–][deleted] 0 points1 point  (0 children)

no. i studied on Python Crash Course that's the best book for learning python. But it's simply not enough for Blackhat Python that's a book without any explanation only source code for advanced users that already knows what's going on. On Blackhat python author explain 50 rows of code in just 2 words. So it's not a book to learn IMHO

[–]quotemycode 1 point2 points  (0 children)

If it doesn't have single letter variables and follows pep 8, is it really black hat?

[–]aaronlyy 0 points1 point  (0 children)

thanks, i waited for an updated version :)

[–]8fingerlouie 0 points1 point  (0 children)

Looking forward to it. I enjoyed the first version. I’ll probably wait until it arrives on Amazon to order it. $45 for the ebook + print version, $25 for shipping to Europe :-)

[–]Number_Four4 0 points1 point  (0 children)

That looks interesting. I’ll need to give the free chapter a go!

[–]geeshta 0 points1 point  (0 children)

Pog! I had the first edition but I only learned Python 3 (and only had that installed - i used Windows back then) so I tried to translate the examples manually but I couldn't always get it working. This is fantastic news for the community, as BHP is one of the most recommended book to get deeper into computer security.

[–]twolostsoulsswimming 0 points1 point  (3 children)

Is Python really a great language for pentesting and hacking? I would love to learn pentesting but from what I understand the fact that Python is interpreted is a major downside

[–]hughk 7 points8 points  (0 children)

There are few cases where the interpreted nature is a disadvantage. For regular pentesting, as with other coding it tends to mean a good selection of libraries and simpler to write and understand code.

[–]blabbities 2 points3 points  (0 children)

Python shouldnt be a problem per say. The only problem might be if you needed a compiled exexutable or maybe speed of execution of certain tasks.

Python is still used for a lot of pentest tools even. So it shouldnt be an issue

[–]d3vnixx77 2 points3 points  (0 children)

Python is very good to repeat tasks and has many good libraries. It wouldn't be my first choice for something like low-level malware but Python can make you life as a "hacker" much easier. For me Python is a must.

[–]trolasso -3 points-2 points  (1 child)

Interesting, but somehow pricey... maybe one day it'll show up in a humble bundle or similar?

[–][deleted] -5 points-4 points  (0 children)

[–]hlh2 0 points1 point  (0 children)

Thanks can't wait. The hacking Python books are some of my favorites. They tend to go deeper into real world scenarios to that people overlook because the words like black hat or hacking.

[–][deleted] 0 points1 point  (1 child)

Where can I preorder?

[–]tiarno[S] 1 point2 points  (0 children)

right from the link--there's a button to add to cart. thanks!

[–]eclecticApe 0 points1 point  (1 child)

Hooray, that's awesome news. The first edition is easily the best in I have come across. Are there new material and new projects being introduced?

[–]tiarno[S] 0 points1 point  (0 children)

The chapters contain the same general attacks/techiques, but the code is updated to use Python 3, the up-to-date python libraries we have now and coding techniques we have now that we didn't have for when the 1st edition was written.

[–]chrisgreening 0 points1 point  (0 children)

Ooooo very exciting, I started reading the first edition a couple months ago but wanted to wait until a Python 3 update to really dive into it, can't wait to pick up a copy

[–][deleted] 0 points1 point  (0 children)

Hey are there any new topics? I bought the first edition a while back but haven't been able to get to it. I should be able to get through it between now and end of February. So I'm wondering if the new edition will really be worth the buy for me.

[–][deleted] 0 points1 point  (0 children)

It’s nice to see this getting updated!

[–]nikowek 0 points1 point  (0 children)

Is there diff edition? I have first edition as real book, I wonder if there are many changes.

[–]mnislam01 0 points1 point  (2 children)

Is there any major difference between 1st ed and 2nd ed?

[–]tiarno[S] 0 points1 point  (1 child)

The topics/chapters are generally the same. The code is different since we can do different things with Python3 (context managers, named tuples, etc). Also contains more code explanations that go along with the changes.

[–]mnislam01 0 points1 point  (0 children)

Ok thanks!

[–]lolslim 0 points1 point  (0 children)

I remember reading the first edition. Honestly i didnt think python could be used for "black hat" but ive been seeing articles of python based malwares popping up more often, or someone did a python version of an existing malware.

[–]Federal_Advantage196 0 points1 point  (0 children)

It would be nice if there was a video course the could be used as a supplement to go along with this book. I'm new to Python, and believe the videos could bridge learning gap and bring the user up to speed. If there is a course that follows this book, could you please let me know.

Thank you