Book Review: "Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers"




This is a review of "Violent Python", written by TJ OConnor, and is an unbiased programmer and security researcher's perspective on why you should read this book:
http://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579

The companion site that comes with the book also offers a variety of code, if any of it intrigues you, you may want to read more about it, in the book. We will go over some of this code below:
http://booksite.elsevier.com/9781597499576/chapters.php

This was an amazing book.  It couples exciting stories with programing education and real code. It is a book about practical programing, using python to accomplish multiple tasks using well known known libraries, proper programming philosophy (objects and functions), and an admirable style (try / catch blocks). Beyond how the code is written, the chapters span a variety of topics, such as scanning over the network (Chapter 2), simple forensics and database connections (Chapter 3), network traffic analysis (Chapter 4), interacting with wifi and bluetooth (Chapter 5) , scraping websites (Chapter 6), and even writing executables (Chapter 7).  Overall, this is a great book to both learn programing with python and computer security techniques.  You can read specific chapters for targeted knowledge or walk though it all to become a much stronger python programmer.

The first chapter is an excellent overview of programming in python, however an experienced python programmer may want to skip this chapter. If your new to programming, the first chapter of this book is a great introduction to programming, going over the basics of strong program development and some "Hello World" programs.  Even if your new to python in general you may want to stick around for the first half of this chapter, as it goes over the strengths and weaknesses of python as a language.  If your an experienced programer in many languages, you can probably skip the second half of this chapter, as it covers many of the philosophies of good programming, such as loops, lists and exceptions.

One of my favorite parts of this book is the unique, historic, and significant stories told throughout the chapters. The classic stories, such as that of the Morris worm, impart important historic lessons, such as multiple vectors of attack and the success of classic vectors, like weak or reused passwords. Other great stories, like Mitnick's TCP sequence prediction attack, show how one technical hack can undermine other security assumptions.  Other epic hacks, such as HD Moore's traceroute innovation, show how using simple techniques in a creative ways can produce reliable and scientific results.  They are all excellent examples of simple programs that  can make a huge difference, not to mention they are well coupled with solid programming exercises.

Above all, the code in this book is paramount. The major theme is practical programming in Python and the book does a great job at highlighting popular libraries and solid techniques. The style of programming shown in this text sets a great example, as it champions objected oriented programming and functional programming, even when the scripts are small enough to write without.  I also like the gratuitous use of try / catch exception blocks throughout the book, it really keeps security in the mind, especially from a development point of view.  Take for example the first code project of chapter 2, portScan.py. It expertly uses a 'try', 'exception', and 'finally' block to elegantly handle ports being open or closed. It also uses a clean option parsing module, which allows for dynamic execution and instructions if you don't know how to use the script.  Finally, an elegant 'for' loop allows this script to handle multiple ports to scan.  This is a great intro to Python scripting, and I suggest recoding it yourself.  Playing with network sockets in Python is one of my favorite things.  One of my biggest criticisms is that there are no inline comments in this code, which I think would help explain the code more clearly than talking about it in paragraph form.  All in all, this book teaches the Python language while applying solid programming theory, while keeping a security focus, which is great for any level student.

If you thought that code earlier was cool, the following is one of my favorite peices of code from the book.  If your familiar with the airmon-ng tool, then you will probably love the following piece too. It allows for capturing the broadcast packets of computers searching for known networks, then strips out the useful information using Scapy. The following snippet of code was taken verbatim from Chapter 5.6: sniffProbe.py

#!/usr/bin/python
# -*- coding: utf-8 -*-
from scapy.all import *

interface = 'mon0'
probeReqs = []

def sniffProbe(p):
    if p.haslayer(Dot11ProbeReq):
        netName = p.getlayer(Dot11ProbeReq).info
        if netName not in probeReqs:
            probeReqs.append(netName)
            print '[+] Detected New Probe Request: ' + netName

sniff(iface=interface, prn=sniffProbe)
To get the above code to run, just put your wireless card in monitor mode using airmon-ng, as such: sudo airmon-ng wlan0 start
Next run the script with sudo: sudo python sniffProbe.py

If this code intrigues you, I invite you to purchase TJ's book! There are tons of exciting projects like this, that could take you deep into a new hobby, all the while learning Python! Overall, I give this book 8 out of 10 stars, as it was one of my favorite Python books.