Repository files navigation

Source code for the book "Black Hat Python" by Justin Seitz. The code has beenfully converted to Python 3, reformatted to comply with PEP8 standards and refactored to eliminate dependency issues involving the implementation of deprecated libraries.

Although many optimizations could have been implemented in the source codepresentedthroughout the book, the code was left unaltered as much as possible so thatsuch modifications can be applied by the reader as he sees fit. The code asit is needs some serious refactoring efforts ranging from docstrings to typehinting and exception handling, not to mention enhancements like contextmanagers, but these issues by themselves may come to benefit the reader ifhe has the intention of implementing them. It also presents many bugsoriginating from indentation that have been corrected if fatal errors wereto be avoided during runtime.

A conversion similar to this one has been made available by myself on thesource code of the book "Violent Python", by TJ O'Connor. Check it outhere if you haven't done ityet.

Simply choose a directory (DIR) in which to clone the project usinggit clone, create a new virtual environment orvenv for it (recommended) and install the requirements usingpip install.

user@host:~/DIR$ git clone https://github.com/EONRaider/blackhat-python3user@host:~/DIR$ python3 -m venv venvuser@host:~/DIR$ source venv/bin/activate(venv) user@host:~/DIR$ pip install -r requirements.txt

• Some listings presented on the book were missing from the author's coderepository available from "no starch press" website and wereadded to their respective chapters. A more accurate naming convention hasbeen applied to the files as necessary in order to relate them to the codepresented in the book.
• Minor bugs that generated warnings by the interpreter have been fixedthroughout the code without altering its characteristics.
• Auxiliary files that were required to make the code work were added to theirrespective chapters.
• As a personal side-note, it could have been possible for the authorto have written cleaner code without jeopardizing the quickness ofimplementation that is required for ethical hacking engagements. Why heopted for not doing so remains of unknown reason.

Critical bug fixes that had to be made in order to properly implement thesource code and avoid fatal errors:

• chapter02/bh_sshserver.py required the RSA key contained in thetest_rsa.key file, now included in the corresponding directory.
• chapter03/sniffer_ip_header_decode.py &sniffer_with_icmp.py &scanner.py all had seriousissues in the definition of IP packet sizes and portability between 32/64-bitarchitectures due to problems in the implementation ofstruct. More about theseissues onthis thread on Stack Overflow.
• chapter03/scanner.py used thenetaddr library, which is notmaintained anymore and presents many incompatibilities with Python 3.For that reason the code has been refactored and now uses theipaddressmodule from Python'sstdlib.
• chapter04/arper.py &mail_sniffer.py used thescapy library, which isnot compatible with Python 3. For that reason the code has been refactored andnow uses thekamene library.
• chapter04/pic_carver.py now uses theopencv-python library instead ofcv2. The "cv2.cv" module was deprecated and has been replaced. The parameter"cv2.cv.CV_HAAR_SCALE_IMAGE" from the original code was replaced by"cv2.CASCADE_SCALE_IMAGE" because ofthis commit.
• chapter05/content_bruter.py required a wordlist to work. It has been addedto the chapter underall.txt
• chapter05/joomla_killer.py required a wordlist to work. It has been addedto the chapter undercain.txt
• chapter06/bhp_bing.py &bhp_fuzzer.py &bhp_wordlist.py have beenreformatted to comply with PEP8, though some warnings will still betriggered due to the necessity to conform class names to camel-casing inthis specific application on Burp Suite.
• chapter06/jython-standalone-2.7.2.jar is available as a more updatedversion of the file relative to the one presented in the book.
• chapter07/git_trojan.py was refactored to replace theimp library (nowdeprecated) fortypes. A subdirectory structure with the necessaryconfiguration files has been implemented as instructed in the book. The"trojan_config" variable was missing the relative path to theconfig subdirectory. A call to "to_tree" method was added to line 60 in order toavoid an AttributeError exception generated by the original code.Instructions on how to generate an access tokeninstead of using one's password in case 2FA is being used were included as comments.
• chapter08/keylogger.py requires thePyHook library to work. A wheel filehas been included with the 1.6.2 version. If necessary, other versions canbe downloaded fromhere.
• chapter09/ie_exfil.py threw errors due to the handling of the plaintextvariable (which can appear as a string or as a binary string) when handed overto the "encrypt_string" function. Additionally, the use of thebase64 library wascorrected.Contribution fromEnraged atthis commit.

Contributions in other languages can be checked here:

• Translated toTurkish byBedirhan Budak

As a matter of common sense, first try to discuss the change you wish to make tothis repository via an issue.

1. Ensure the modifications you wish to introduce actually lead to a pullrequest. The change of one line or two should be requested through an issueinstead.
2. If necessary, update the README.md file with details relative to changes tothe project structure.
3. Make sure the commit messages that include the modifications follow astandard. If you don't know how to proceed,hereis a great reference on how to do it.
4. Your request will be reviewed as soon as possible (usually within 48 hours).