What do you think?
Rate this book
Black Hat Go: Go Programming For Hackers and Pentesters
Like the best-selling Black Hat Python, Black Hat Go explores the darker side of the popular Go programming language. This collection of short scripts will help you test your systems, build and automate tools to fit your needs, and improve your offensive security skillset.
Black Hat Go explores the darker side of Go, the popular programming language revered by hackers for its simplicity, efficiency, and reliability. It provides an arsenal of practical tactics from the perspective of security practitioners and hackers to help you test your systems, build and automate tools to fit your needs, and improve your offensive security skillset, all using the power of Go.
You'll begin your journey with a basic overview of Go's syntax and philosophy and then start to explore examples that you can leverage for tool development, including common network protocols like HTTP, DNS, and SMB. You'll then dig into various tactics and problems that penetration testers encounter, addressing things like data pilfering, packet sniffing, and exploit development. You'll create dynamic, pluggable tools before diving into cryptography, attacking Microsoft Windows, and implementing steganography.
You'll learn how to:
• Make performant tools that can be used for your own security projects
• Create usable tools that interact with remote APIs
• Scrape arbitrary HTML data
• Use Go's standard package, net/http, for building HTTP servers
• Write your own DNS server and proxy
• Use DNS tunneling to establish a C2 channel out of a restrictive network
• Create a vulnerability fuzzer to discover an application's security weaknesses
• Use plug-ins and extensions to future-proof productsBuild an RC2 symmetric-key brute-forcer
• Implant data within a Portable Network Graphics (PNG) image.
Are you ready to add to your arsenal of security tools? Then let's Go!
Black Hat Go explores the darker side of Go, the popular programming language revered by hackers for its simplicity, efficiency, and reliability. It provides an arsenal of practical tactics from the perspective of security practitioners and hackers to help you test your systems, build and automate tools to fit your needs, and improve your offensive security skillset, all using the power of Go.
You'll begin your journey with a basic overview of Go's syntax and philosophy and then start to explore examples that you can leverage for tool development, including common network protocols like HTTP, DNS, and SMB. You'll then dig into various tactics and problems that penetration testers encounter, addressing things like data pilfering, packet sniffing, and exploit development. You'll create dynamic, pluggable tools before diving into cryptography, attacking Microsoft Windows, and implementing steganography.
You'll learn how to:
• Make performant tools that can be used for your own security projects
• Create usable tools that interact with remote APIs
• Scrape arbitrary HTML data
• Use Go's standard package, net/http, for building HTTP servers
• Write your own DNS server and proxy
• Use DNS tunneling to establish a C2 channel out of a restrictive network
• Create a vulnerability fuzzer to discover an application's security weaknesses
• Use plug-ins and extensions to future-proof productsBuild an RC2 symmetric-key brute-forcer
• Implant data within a Portable Network Graphics (PNG) image.
Are you ready to add to your arsenal of security tools? Then let's Go!
368 pages, Kindle Edition
Published February 4, 2020
100 people are currently reading
367 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 13 of 13 reviews
September 23, 2020
I did find myself googling for code snippets, reading more docs about Go language and even watch a few YT video.
the Black series like python was a killer books and well written. This book lacks in both technical/coding stuffs and also the writing style was not good enough with not much of explanations.
It's a rare case to give a book 2 star ratings however in this case I did that because the book deserve it. need much much improvement and more time in presenting the concepts and why use it. it's not in a par for usual No starch publishing, Sorry.
the Black series like python was a killer books and well written. This book lacks in both technical/coding stuffs and also the writing style was not good enough with not much of explanations.
It's a rare case to give a book 2 star ratings however in this case I did that because the book deserve it. need much much improvement and more time in presenting the concepts and why use it. it's not in a par for usual No starch publishing, Sorry.
August 22, 2020
Lot's of great examples of some simple problems, but it didn't go too in depth into pentesting techniques or security. It also felt like an intro to Go book, which probably limited what examples could be shown. Perhaps I'm biased against these types of combo books (intro language + intro topic), but I wish it was longer going deeper into discussion, or instead assume more knowledge and be able to fit into the given pages.
June 26, 2024
shits ass burger king better
July 24, 2021
A great introduction to Go for the security minded, for me it absolutely gave me the tools I needed to apply Go to my job and I used it as launchpad to look into golang more deeply.
As result I've used the knowledge on a regular basis, making my own tools to "win" in restricted environments, where as previously I wouldn't have ever been sufficient enough in any language to even think about doing that. Whether that's down to me just "getting" golang better than any other language, I'm not sure. Before I had read several other programming books, including the very popular Black Hat Python: Python Programming for Hackers and Pentesters, but none ever got me off the ground into programming like this one did.
Ultimately the reviews here are valid when they say it's not always very in-depth. However, I think they've missed the book's purpose. IT IS NOT a book that will make you a security professional through go, nor will it make you a competent go programmer through security examples. You can't expect to understand the nuances of network enumeration because you've seen a single go example of port scanning, it's a topic far broader than any individual book, let alone one chapter as it appears here.
I think it's a book primarily designed to bolster an existing knowledge or experience of cybersecurity, whether you're a professional Penetration Tester or a cybersecurity student. The aim is to get you some quick practical examples of using go in the context of Penetration Testing, with just enough knowledge to start making your own tools. In that regard, I think it works perfectly well.
As result I've used the knowledge on a regular basis, making my own tools to "win" in restricted environments, where as previously I wouldn't have ever been sufficient enough in any language to even think about doing that. Whether that's down to me just "getting" golang better than any other language, I'm not sure. Before I had read several other programming books, including the very popular Black Hat Python: Python Programming for Hackers and Pentesters, but none ever got me off the ground into programming like this one did.
Ultimately the reviews here are valid when they say it's not always very in-depth. However, I think they've missed the book's purpose. IT IS NOT a book that will make you a security professional through go, nor will it make you a competent go programmer through security examples. You can't expect to understand the nuances of network enumeration because you've seen a single go example of port scanning, it's a topic far broader than any individual book, let alone one chapter as it appears here.
I think it's a book primarily designed to bolster an existing knowledge or experience of cybersecurity, whether you're a professional Penetration Tester or a cybersecurity student. The aim is to get you some quick practical examples of using go in the context of Penetration Testing, with just enough knowledge to start making your own tools. In that regard, I think it works perfectly well.
May 23, 2020
Este libro es un compendio muy variado de implementaciones en Go de mecanismos de ataque y extracción de información.
Cada módulo del libro se enfoca en una tecnología: DNS, sistemas de ficheros y bases de datos, esteganografía, etcétera, y cada uno tiene una breve introducción teórica para poner en situación las implicaciones y el impacto que puede conseguir. El desarrollo de la implementación está bien explicado sin extenderse demasiado en conceptos básicos, siendo útil también para profundizar en aprender y mejorar el conocimiento general en Go.
Cuenta con un módulo dedicado a introducción de Go, que evidentemente su función es más de referencia que explicativa, y acaba con un módulo muy ámbicioso para desarrollar un sistema de comando y control mínimo pero completo.
Cada módulo del libro se enfoca en una tecnología: DNS, sistemas de ficheros y bases de datos, esteganografía, etcétera, y cada uno tiene una breve introducción teórica para poner en situación las implicaciones y el impacto que puede conseguir. El desarrollo de la implementación está bien explicado sin extenderse demasiado en conceptos básicos, siendo útil también para profundizar en aprender y mejorar el conocimiento general en Go.
Cuenta con un módulo dedicado a introducción de Go, que evidentemente su función es más de referencia que explicativa, y acaba con un módulo muy ámbicioso para desarrollar un sistema de comando y control mínimo pero completo.
January 1, 2024
This was my first paper book on the language, after maintaining an open-source project written in Go for about a year — hey, you need to read programming language books once in a while, right? I got it for fun. It’s not as horrible as Amazon reviews suggest. I would not recommend it as “the best practice introduction” to the language, even though it positions itself as the one for beginners. Coding practices in the book are rather ugly and somewhat outdated, but how it’s written and how ideas are applied make it fun. You can check out code examples on GitHub.And, of course, my introduction to the language started with an interactive Tour of Go , which I’ll recommend to everyone because it’s the equivalent of Dive Into Python , but for Go.
January 8, 2022
The book is primarily intended for pen testers but can useful for Golang developers interested in app security. A number chapters require preliminary knowledge in pen test tools and have rather high learning threshold. In general, wide range of topics (not only about security but also about Golang app design) and great code samples makes it one of the best books on Golang.
January 19, 2021
I'm not sure who should benefit from this book. It's not good book about Go or hacking or security or anything. Every topic is just scratched on the surface, and if you know at least a bit about any topic, you will hardly find it useful. Not worth the time at all.
January 31, 2020
I like it
Read
November 23, 2021"><{{7*7}}
August 17, 2022
Its interesting
This entire review has been hidden because of spoilers.
August 18, 2022
Great introduction to Go, but the content would lack technical depth at times
October 6, 2025
It's OK for basic stuff and getting started, but don't expect deep knowledge or inspiration.
Not a seminal book to be remembered, better get it used or rent it.
Not a seminal book to be remembered, better get it used or rent it.
Displaying 1 - 13 of 13 reviews