Top critical review
187 people found this helpful
Violent Python Libraries
on December 3, 2012
Violent python is an introductory level book on python with a introductory look at security concepts in general. It is great for those who are new to the language and would like example use cases of simplistic security tools, but not for those who want to understand Python, deeply understand the security concepts covered, or using python for reliable tools.
Problems I had:
1.) This book is about python libraries and interacting with them and other programs. It is not about understanding the attack and implementing them in Python. Sure, some may be required for ease to the beginner when it comes to forensics, communicating with ssh, or integrating with other tools for complex protocols like SMB, but anything else is really not fair to those who may not be able to use the library, who have problems and need to understand why, or those who want to understand what is happening on a lower level. Examples:
1a.) Use ftplib for your ftp bruteforcer.
1b.) Use zipfile to crack zip archives.
1c.) Use os to send metasploit exploit code (your own 'conficker')/os to use msfpayload to bypass a/v.
1d.) Use smtplib to communicate with smtp (regardless of the functions being ironically similiar to the real commands).
The problem with this is it doesn't teach you how these libraries work. For example, one should show the person how to interact with FTP with the sockets library, what to send, what to look for, and then show them the easy libraries. As previosly stated, it also doesn't prepare them for issues (like programs that don't like complying with rfc standards).
2.) More exception handling. The socket code is not helpfully handled on all stages of attempted connection. Debugging why something isn't working for a beginner is going to be a nightmare especially later on for point 3. He talks about exception handling, but integrates it very loosely. This plays into many people's issues on other sites with the author's script quality. Good exception handling or even print statements should be covered if you're going to be teaching a new person and something breaks on them.
3.) Thread safety doesn't seem to be an issue that's handled. Because of the GIL (global interpreter lock) threads can not expand cores when using cython (the default python interpreter). This means that you have a thread limit on the process/core and this causes problems for speed and for thread handling when you start really using it. When doing a portscan or communicating to a server with threads, the host or port may go down, you may get blocked, etc. and the thread can die. It becomes a huge problem especially because it doesn't maintain state and doesn't resend a failed attempt. But violent python libraries strike again and you'll just integrate nmap scans for your portscans anyway.
Well, with the issues out of the way, let's talk about what this book does well. I do believe that the forensics sections of this book are good. The descriptions are more in-depth and I've always seen forensics as "what do I have in my toolbag", which makes sense when bringing in all of the thirdparty libraries for the forensics sections. Then it gets down to using scapy. Once he starts using scapy, everything is much more informative due to the level and quality of information. No longer are you using a library for....logging into an ftp server, but you start crafting and analyzing packets raw packets. This allows a much needed understanding of what is happening in the script and with the packets/network at the same time.