Coding for Penetration Testers: Building Better Tools

I bought it used and saved at least $35 or so, rather than buying the same book new from my school's bookstore. Worth the investment for me. Can't speak for every book they sell.

Good but think of the first part of the book as just an introduction to python

There's typos in the example scripts that prevent them from running. These are not excercises for the reader to catch the errors, but errors in the examples that are presented as how to do things.It's a programming textbook. That's unacceptable and should have been caught by editors.

I expected a bit more depth. High level overviews of a few scripting languages with examples that are pen-test/information gathering focused. Touches on exploit code. If you are looking to begin pen-testing and have a solid understanding of tcp/ip this is a great book.

You can't write a book like this and have it be interesting, but it had good examples and easy to follow steps.

Absolute junk, the code and links do not work and the book is poorly written.

great buy

I have to say this has been the biggest disappointment of all security-related books that I ever purchased (there were dozens). It should be named "A quick glance at a few scripting languages".To give an example, Python is mentioned on 33 pages (that includes a few pages for scapy) where you'll be shown how to (hold your breath) send an ICMP packet. (I will not talk about PEP8 here).To drill a bit further, the chapter about Python lists is about (wait for it) - bitwise operations. Lists are only mentioned as a way of storing data for the given example which shows how you can use Python to calculate net & broadcast address from a CIDR notation (why would you want to use lists for that?). There is no meaningful mention of list indexing or slicing.The chapter about Python exceptions is just appaling.There is no explanation of "why" anywhere, just "what" and a little bit of "how". Also, no hint on where to look for further information.Real beginners might find this book interesting for getting a basic idea of how are scripting languages used (bash, Python, Perl, Ruby and PowerShell all get a really quick intro). But then they would get really confused towards the end of the book when they suddenly find authors throwing shellcode at vulnerable FTP server and using some terms that are mentioned very briefly: "EIP is called the Instruction pointer", "ESP points to stack area where you can see the stack", "as you can see, the EIP is now overwritten with 41414141 so the server is vulnerable". Is any beginner expected to understand this?I'm really struggling to see who is the intended audience. It does not give any explanation to beginners and is way too shallow for any penetration tester.