Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/carloocchiena/blackhat_python_book_code

Source code and exercises from the book "Black Hat Python" by Justin Seitz.
https://github.com/carloocchiena/blackhat_python_book_code

cybersecurity hacking networking penetration-testing pentesting python python3

Last synced: 17 days ago
JSON representation

Source code and exercises from the book "Black Hat Python" by Justin Seitz.

Awesome Lists containing this project

README

        

# Code and exercises from the book "Black Hat Python: Python Programming for Hackers and Pentesters", refactored and ported to Python 3
Examples, source code and exercises from the book "Black Hat Python" by Justin Seitz.

![](https://img.shields.io/github/stars/carloocchiena/blackhat_python_book_code?style=social)

![](https://img.shields.io/tokei/lines/github/carloocchiena/blackhat_python_book_code)

![image](https://user-images.githubusercontent.com/57464184/138901408-984413ab-2648-4dbe-b40c-37ac7b59fc63.png)

--------------------------------
### About the book
The book is a milestone for pentesting with Python.

Although its publication is quite recent (2014), it is all written in Python 2.7.

You can find the book on Amazon,
while the official book page is on No Starch Press website.

You should be able to download the book's source code from here http://www.nostarch.com/download/BHP-Code.zip, but apparently the link is broken or the file has been deleted (checked October 2021).

Please note that I did the whole job straight from book pages with no codes available (and believe me, my nearsightedness did not appreciate XD).

No Starch Press is offering also an Errata Corrige on the book code, but at the moment (November 2021) this section is actually 3 rows long :).

--------------------------------

### Reason for this repo
I quite enjoyed the book, but as 2021 it looks quite outdated, not just for the choice of using Python 2.7.

Deliberately, as expressed by the author, the scripts are written _rought & dirty_ to simulate the approach he uses during a penetration testing.

However, this sometimes leads to code that is not very understandable, and not very efficient.

Since I had to convert all the source codes anyway, to run them on my machine (Kali Linux VM + Win10 OS + Win10 VM + Python 3.9) I decided to go extra-mile and save them in a repo, in the meantime trying to optimize the code and making it a little more elegant (see below).

The code in the book does not always run flawlessy. It may depends on the local configuration on your machine, the test you are running, and also, outdated code presented in the book. So expect a bit of tweak here and there.
As a rule of thumb I found of great help the many threads already opened on Stack Overflow.

Some good advices also from Medium Black Hat Python.

I also starred this repo from EONRaider for reference, that I might use in the case I'll be getting stuck:
EON RIDER Repo.

--------------------------------

### Improvement made from the book's code
- Refactoring to Python 3 and code testing (unless otherwise specified)
- Update to PEP8 standards
- Upgraded readability (es. comments, indentation, variable names, file names)
- Update of obsolete methods (es. print -s %)
- Better context management (es. open with, server.close())
- Disregard of unsupported libs
- Minor tweaks and bugs found while testing the code
- Search for additional files requested throughout the book and not provided, or provided at outdated links, and included in individual chapters
- Additional information and resources that I searched for and found useful as I made my way through the book

--------------------------------

### What you'll find in the repo
Chapter summary and titles are my own, for clarity. The book uses different titles and has no chapter summary.

When needed, an additional `README.md`has been added inside each chapter folder for clarification and further details.

#### Chapter 1: Intro
- This is an introductory chapter and it's mostly about installing Linux VM and Python. No coding here.

#### Chapter 2: Networking Basics
- bhp_net.py
- bhp_server.py
- bhp_reverse_ssh_cmd.py
- bhp_ssh_cmd.py
- rforward.py
- tcp_server.py
- tcp_client.py
- tcp_proxy.py
- udp_client.py
- test_rsa.key

#### Chapter 3: Sniffing Tools
- scanner.py
- sniffer.py
- sniffer_ip_header_decode.py
- sniffer_with_icmp.py

#### Chapter 4: Scapy & ARP Poisoning (with an extra flavour of image reco)
- arper.py
- mail_sniffer.py
- pic_carver.py

#### Chapter 5: CMS Brute Force
- content_bruter.py
- joomla_killer.py
- web_app_mapper.py
- wordpress_killer.py

#### Chapter 6: Burp Suite Integrations
- bhp_bing.py
- bhp_fuzzer.py
- bhp_wordlist.py

#### Chapter 7: GitHub Trojan
- folder structure
- git_trojan.py

#### Chapter 8: Trojan for Windows OS
- keylogger.py
- sandbox_detector.py
- screenshotter.py
- shell_exec.py

#### Chapter 9: Hacking thru Internet Explorer
- cred_server.py
- decryptor.py
- ie_exfil.py
- keygen.py
- mitb.py

#### Chapter 10: Windows Process Monitoring and File Injection
- file_monitor.py
- process_monitor.py

#### Chapter 11: Windows Forensics
- grab_hashes.py
- code_coverage.py
- grab_hashes.py

--------------------------------

### Contributions
All contributions are welcome :).

Since I have not (yet?) made a specific routine for that, please follow a best-practice, common-sense based approach, opening an Issue first and starting a discussion on the change you'd wish to make.

As a starting point, in each chapter folder I stated any known issues if any.

A list of contributor will be displayed in the README of the repository.