Cybersecurity and penetration testing have been growing in importance for the past couple of decades. And due to some well-publicized hacking cases, such as Sony and Target, the public has become increasingly more aware of these issues. What most people don’t know is that there is a set of publically available tools that can be used to look for security vulnerabilities. When these tools are used by people attempting to circumvent security, it is called hacking. When these tools are used by people attempting to discover security vulnerabilities in order to strengthen security, it is called penetration testing and, sometimes, ethical hacking. The former are often referred to as black hats and the latter are referred to as white hats, a reference to the days of cowboy movies when good guys wore white hats. Of course, these days, nothing is ever black or white, so those in between are called gray hats.

Within this context, this book offers a set of tools written in the Python programming language that can be used to test network vulnerabilities. Individuals will decide what color hat to wear, and it is best to have the tools out in public where they can be used to test vulnerabilities, as well as challenge them.

Someone considering this book should have a basic knowledge of network protocols and of Python programming. The author provides a review chapter on network protocols, but if this is the reader’s first exposure, it will not be enough. The reader should first become familiar with network protocols and then use the chapter in this book for review. Similarly with Python programming: instead of beginning the chapter on Python with the usual print “Hello World,” the author provides this variation:

>>> ska = 42

>>> print “The answer to live, the universe and everything is “ + str(ska)

This snippet is very telling about the book. The Douglas Adams quote is representative of the author’s occasional musings, which make the book more enjoyable. The string concatenation and the casting of an integer to a string in an introductory example is revealing of the author’s expectations that this is not the reader’s first exposure to the topic. And the typographical error (live should be life) is not the only one in the book. The editor should have worked a little harder. In addition, the examples are all done on a GNU/Linux system, which means Windows users might face some additional challenges such as downloading and installing packages.

However, if one has the background to overcome these somewhat minor technical challenges, the book is quite good. It covers sockets, spoofing, sniffers, and port scanning, which are usually mentioned in an introductory networking class with a hand wave and an unenlightening definition. It also covers numerous more arcane network security topics, but the beauty of it is that Python code is provided so readers can explore and understand the mechanics of these ideas on their own. It is one thing to be able to define port scanning. It is another thing entirely to fiddle with a piece of Python code that actually does it.

This book would be of value to those who are interested in network security and penetration testing at the code level. Some background in both network protocols and Python programming is assumed. And if one has the necessary background, the book can be very useful to take this knowledge to a deeper level in the nuts and bolts of how this stuff really works.