What do you think?
Rate this book
Grey Hat Python: Python Programming for Hackers
"Grey Hat Python: Python Programming for Hackers" aims not only to explain how to use publicly available tools written in Python, to help find software vulnerabilities, but also how to develop your own tools. Python is becoming the programming language of choice for hackeds, reverse engineers and software testers. In this book, the author examines the different libraries that help the programmer to developed their own software to test for vulnerabilities as Weill as exploiting that software. Python can be used to assist in security testing and analyzing software. This is the first book to cover the usage of Python specifically for hackers. The author will cover and discuss topics such as: How use python oriented debuggers to detect software vulnerabilities Quick creation of powerful fuzzers and the use of python oriented fuzzers The use of open source python libraries to develop tools to automate tedious tasks such as port scanning, sniffing and vulnerability assessment. Tools development to test for web application security issues Develop exploits in python using open source tools.
540 pages, Paperback
First published August 1, 2008
68 people are currently reading
995 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 10 of 10 reviews
December 13, 2014
I really liked this book. If you are new to fuzzing, exploit development or Immunity Debugger or IDA Pro this book will be worth your time to check out. But, if you are already familiar with these topics, this book would be too introductory for you and I would probably skip it.
This book covers quite a bit of ground in its 181 pages. From debuggers, and fuzzers to emulation, each topic is introduced well enough that you will have good base knowledge to continue on from where the book ends.
In the first chapter, we get a Python refresher. I say refresher as this book does not attempt to teach you Python. While none of the Python in the book is particularly difficult, if you don't have a grasp of programming in general then I would highly recommend learning Python first. If you do know Python, this first section definitely shouldn't be skipped as it also introduces the ctypes library which is used extensively throughout the rest of the book.
The next three chapters in the book focus on debuggers. They cover a bit of debugger design, including as how to write a Windows debugger from scratch all in Python. Different types of breakpoints are introduced and you learn how each works at a low level. The book then introduces the PyDbg framework and finishes the debugger chapters by introducing the popular Immunity Debugger, which has Python scripting capabilities.
Moving on through the next few chapters, the book introduces us to function hooking and code injection. Both topics are given great explanations with plenty of code examples and uses, such as file hiding and backdoors. These two chapters also serve as a starting point for the following few chapters, introducing us to Fuzzing. Like the previous chapters, Justin Seitz walks us through creation of a fuzzer from scratch, before introducing us to the Sulley fuzzing framework. He then walks us through the construction of a simple network fuzzer to fuzz an FTP service. Our education in fuzzing ends with using the Immunity driverlib to fuzz a Windows driver.
This book covers quite a bit of ground in its 181 pages. From debuggers, and fuzzers to emulation, each topic is introduced well enough that you will have good base knowledge to continue on from where the book ends.
In the first chapter, we get a Python refresher. I say refresher as this book does not attempt to teach you Python. While none of the Python in the book is particularly difficult, if you don't have a grasp of programming in general then I would highly recommend learning Python first. If you do know Python, this first section definitely shouldn't be skipped as it also introduces the ctypes library which is used extensively throughout the rest of the book.
The next three chapters in the book focus on debuggers. They cover a bit of debugger design, including as how to write a Windows debugger from scratch all in Python. Different types of breakpoints are introduced and you learn how each works at a low level. The book then introduces the PyDbg framework and finishes the debugger chapters by introducing the popular Immunity Debugger, which has Python scripting capabilities.
Moving on through the next few chapters, the book introduces us to function hooking and code injection. Both topics are given great explanations with plenty of code examples and uses, such as file hiding and backdoors. These two chapters also serve as a starting point for the following few chapters, introducing us to Fuzzing. Like the previous chapters, Justin Seitz walks us through creation of a fuzzer from scratch, before introducing us to the Sulley fuzzing framework. He then walks us through the construction of a simple network fuzzer to fuzz an FTP service. Our education in fuzzing ends with using the Immunity driverlib to fuzz a Windows driver.
January 9, 2015
I thought it was certainly interesting but too short to do anything useful.
August 31, 2017
It was good but the Windows API functions were not supported in the newer functions of windows. Some of the modules and tools used are also almost obsolete, or not free.
Read
September 22, 2019Book focus on introducing python in reverse engineering / debug process and your target environment is Windows operation system.
February 23, 2015
Книга представляет из себя краткий обзор техник и инструментов для обратной инженерии с использованием Python. Могла бы послужить неплохим введением в предмет, если не учитывать некоторые моменты: 1. ориентирована она, прежде всего, на PE и Windows API; 2. не содержит введения в язык ассемблера; 3. последние главы, похоже, вымучены и повествование обрывается.
April 26, 2015
Would be a lot better if a good editor took a look at it.
A lot of the code has trivial errors... others are more trivial. Some have TODOs (including in the included sample code archive) and unfortunately a lot of the examples are 'stale' because they work only on Windows XP on a 32bit x86.
A lot of the code has trivial errors... others are more trivial. Some have TODOs (including in the included sample code archive) and unfortunately a lot of the examples are 'stale' because they work only on Windows XP on a 32bit x86.
September 6, 2014
Awesome book if you into reverse engineering!
Using python to clearly describe reverse techniques and principals.
Using python to clearly describe reverse techniques and principals.
Read
October 19, 2014Good for developing skills beyond completing just the first trivial buffer overflow.
August 2, 2016
Very Windows-centric.
Displaying 1 - 10 of 10 reviews