Python hacker, Python programmer. You could use either of those terms to describe us. Justin has spent a great deal of time penetration testing, which requires the ability to rapidly develop Python tools, with a focus on delivering results (not necessarily on prettiness, optimization, or even stability). Tim’s mantra is “make it work, make it understandable, make it fast—in that order.” When your code is readable, it becomes understandable to those you share it with, but also to yourself when you look at it a few months down the road. Throughout this book, you will learn that this is how we code: hacking is our final purpose, and clean, understandable code is the method we use to get there. We hope that this philosophy and style helps you as well.

Since the first edition of this book appeared, much has happened in the Python world. Python 2 reached its end-of-life in January 2020. Python 3 has become the recommended platform for coding and teaching. Therefore, this second edition refactors the code and ports it to Python 3 using the latest packages and libraries. It also takes advantage of the syntax changes provided by Python 3.6 and higher versions of Python 3, such as Unicode strings, context managers, and f-strings. Lastly, we’ve updated this second edition with additional explanations of coding and networking concepts, such as the use of context managers, Berkeley Packet Filter syntax, and a comparison of the ctypes and struct libraries.

As you progress through the book, you will realize that we don’t take deep dives into any single topic. This is by design. We want to give you the basics, with a little flavor, so that you gain foundational knowledge in the world of hacking tool development. With that in mind, we’ve sprinkled explanations, ideas, and homework assignments throughout the book to kickstart you in your own direction. We encourage you to explore these ideas, and we would love to hear about any tooling you’ve completed on your own.

As with any technical book, readers at different skill levels will experience this book differently. Some of you may simply grab it and nab chapters that are pertinent to your latest consulting gig. Others may read it cover to cover. If you are a novice-to-intermediate Python programmer, we recommend that you start at the beginning of the book and read the chapters in order. You will pick up some good building blocks along the way.

To start, we lay down networking fundamentals in Chapter 2. Then we slowly work our way through raw sockets in Chapter 3 and using Scapy in Chapter 4 for some more interesting network tooling. The next section of the book deals with hacking web applications, starting with your own custom tooling in Chapter 5 and then extending the popular Burp Suite in Chapter 6. From there, we will spend a great deal of time talking about trojans, beginning with using GitHub for command and control in Chapter 7, all the way through Chapter 10, where we will cover some Windows privilege escalation tricks. The final chapter is about the Volatility memory forensics library, which helps you understand how the defensive side thinks and shows how you can leverage their tools for offense.

We try to keep the code samples short and to the point, and the same goes for the explanations. If you are relatively new to Python, we encourage you to punch out every line to get that coding muscle memory going. All of the source code examples from this book are available at https://nostarch.com/black-hat-python2E/.

Here we go!