black-hat-rust
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
Science Score: 44.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
✓CITATION.cff file
Found CITATION.cff file -
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
○Committers with academic emails
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (10.8%) to scientific vocabulary
Keywords
Keywords from Contributors
Repository
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
Basic Info
- Host: GitHub
- Owner: skerkour
- License: mit
- Language: Rust
- Default Branch: main
- Homepage: https://kerkour.com/black-hat-rust
- Size: 2.07 MB
Statistics
- Stars: 4,083
- Watchers: 90
- Forks: 412
- Open Issues: 20
- Releases: 0
Topics
Metadata Files
README.md
Black Hat Rust
Applied offensive security with the Rust programming language
Buy the book now!
While the Rust Book does an excellent job teaching What is Rust, a book about Why and How to Rust was missing.
Summary
Whether in movies or mainstream media, hackers are often romanticized: they are painted as black magic wizards, nasty criminals, or, in the worst cases, as thieves with a hood and a crowbar. In reality, the spectrum of the profile of the attackers is extremely large, from the bored teenager exploring the internet to sovereign State's armies as well as the unhappy former employee.
What are the motivations of the attackers? How can they break seemingly so easily into any network? What do they do to their victims? We will put on our black hat and explore the world of offensive security, whether it be cyber attacks, cybercrimes, or cyberwar. Scanners, exploits, phishing toolkit, implants... From theory to practice, we will explore the arcane of offensive security and build our own offensive tools with the Rust programming language, Stack Overflow's most loved language for five years in a row.
Which programming language allows to craft shellcodes, build servers, create phishing pages? Before Rust, none! Rust is the long-awaited one-size-fits-all programming language meeting all those requirements thanks to its unparalleled guarantees and feature set. Here is why.
Free Updates and DRM Free, of course :)
Who this book is for
This is NOT a 1000th tutorial about sqlmap and Metasploit, nor will it teach you the fundamentals of programming.
Instead, it's a from-theory-to-practice guide and you may enjoy it if any of the following:
- You keep screaming "show me the code!" when reading about cyber attacks and malwares
- You are a developer and want to learn security
- You are a security engineer and want to learn Rust programming
- You want to learn real-world and idiomatic rust practices
- You believe that the best defense is thinking like an attacker
- You learn by building and love to look under the hood
- You value simplicity and pragmatism
- You develop your own tools and exploits with Python, Ruby, C, Java...
- You want to learn real-world offensive security, not just pentesting
- You want to start making money with bug bounty programs
- You prefer getting things done over analysis paralysis
But I repeat, this book is NOT a computer science book.
Buy the book now!
Table of contents
Preface
1 - Introduction
Part I: Reconnaissance
2 - Multi-threaded attack surface discovery
How to perform effective reconnaissance? In this chapter, we will build a multi-threaded scanner in order to automate the mapping of the target.
3 - Going full speed with async
Unfortunately, when a program spends most of its time in I/O operations, multi-threading is not a panacea. We will learn how async makes Rust code really, really fast and refactor our scanner to async code.
4 - Adding modules with Trait objects
We will add more heterogeneous modules to our scanner and will learn how Rust's type system helps create properly designed large software projects.
5 - Crawling the web for OSINT
Leveraging all we learned previously, we will build an extremely fast web crawler to help us find the needles in the haystack the web is.
Part II: Exploitation
6 - Finding vulnerabilities
Once the external reconnaissance performed, it's time to find entry points. In this chapter we will learn how automated fuzzing can help us to find vulnerabilities that can be exploited to then gain access to our target's systems.
7 - Exploit development
Rust may not be as fast as python when it comes to iterating on quick scripts such as exploits, but as we will see, its powerful type and modules system make it nonetheless a weapon of choice.
8 - Writing shellcodes in Rust
Shellcode development is an ungrateful task. Writing assembly by hand is definitely not sexy. Fortunately for us, Rust, one more time, got our back! In this chapter we will learn how to write shellcodes in plain Rust with no_std.
9 - Phishing with WebAssembly
When they can't find exploitable hardware or software vulnerability, attackers usually fall back to what is often the weakest link in the chain: Humans. Again, Rust comes handy and will let us create advanced phishing pages by compiling to WebAssembly.
Part III: Implant development
10 - A modern RAT
A RAT (for Remote Access Tool), also known as implant or beacon, is a kind of software used to perform offensive operations on a target's machines. In this chapter we will build our own RAT communicating to a remote server and database.
11 - Securing communications with end-to-end encryption
The consequences of our own infrastructure being compromised or seized can be disastrous. We will add end-to-end encryption to our RAT's communication in order to secure its communications and avoid leaving traces on our servers.
12 - Going multi-platforms
Today's computing landscape is extremely fragmented. From Windows to macOS, we can't target only one Operating System to ensure the success of our operations. In this section we will see how Rust's ecosystem is extremely useful when it comes to cross-compilation.
13 - Turning into a worm to increase reach
Once the initial targets compromised, we will capitalize on Rust's excellent reusability to incorporate some parts of our initial scanner to turn our RAT into a worm and reach more targets only accessible from the target's internal network.
14 Conclusion
Now it's your turn to get things done!
Buy the book now!
FAQ
Can I pay with PayPal, Apple Pay or Google Pay?
Yes! You can now buy Black Hat Rust with PayPal, Apple Pay or Google Pay. Go Here to proceed.
What to do if I don't have a VAT number?
A European VAT number is optional, and you can skip the field or leave it empty if asked.
Community
Hey! Welcome you to the Black Hat Rustaceans gang! If you think something in the book or the code can be improved, please open an issue. Pull requests are also welcome :)
Newsletter
Want to stay updated? I'll write you once a week about avoiding complexity, hacking, and entrepreneurship.
https://kerkour.com/subscribe
I hate spam even more than you do. I'll never share your email, and you can unsubscribe at anytime. Also, there is no tracking or ads.
Changelog
You'll find all the updates in the Changelog: https://github.com/skerkour/black-hat-rust/blob/main/CHANGELOG.md
Owner
- Name: Sylvain Kerkour
- Login: skerkour
- Kind: organization
- Website: https://kerkour.com
- Repositories: 6
- Profile: https://github.com/skerkour
(Ab)using technology for fun & profit: Programming, Hacking & Entrepreneurship - https://kerkour.com
Citation (CITATION.cff)
cff-version: 1.2.0 message: If you use this software, please cite it using these metadata. title: Black Hat Rust abstract: Applied offensive security with the Rust programming language authors: - name: "Sylvain Kerkour" version: v2022.56
GitHub Events
Total
- Issues event: 6
- Watch event: 814
- Issue comment event: 7
- Pull request event: 1
- Fork event: 54
Last Year
- Issues event: 6
- Watch event: 814
- Issue comment event: 7
- Pull request event: 1
- Fork event: 54
Committers
Last synced: 9 months ago
Top Committers
| Name | Commits | |
|---|---|---|
| Sylvain Kerkour | s****n@k****m | 370 |
| Sylvain Kerkour | s****n@k****r | 191 |
| dependabot[bot] | 4****] | 76 |
| Sylvain Kerkour | 6****r | 27 |
| ellis | r****r@g****m | 2 |
| msunet | m****t@s****t | 1 |
| Therdel | 1****l | 1 |
| Ross Todd | r****d | 1 |
| David Kuhta | d****a@g****m | 1 |
| Christoph Dalski | c****g@g****m | 1 |
| Boynn | c****r@g****m | 1 |
| Tatsuya Ohno | t****9@g****m | 1 |
Committer Domains (Top 20 + Academic)
Issues and Pull Requests
Last synced: 6 months ago
All Time
- Total issues: 25
- Total pull requests: 101
- Average time to close issues: 3 months
- Average time to close pull requests: 1 day
- Total issue authors: 21
- Total pull request authors: 9
- Average comments per issue: 1.96
- Average comments per pull request: 0.11
- Merged pull requests: 79
- Bot issues: 0
- Bot pull requests: 91
Past Year
- Issues: 7
- Pull requests: 2
- Average time to close issues: 15 days
- Average time to close pull requests: N/A
- Issue authors: 7
- Pull request authors: 1
- Average comments per issue: 1.0
- Average comments per pull request: 0.0
- Merged pull requests: 0
- Bot issues: 0
- Bot pull requests: 0
Top Authors
Issue Authors
- tylerhjones (4)
- sudo6756 (2)
- nwisemanII (1)
- IllBeWatchingYou (1)
- jsco2t (1)
- skerkour-dev (1)
- balroggg (1)
- kngvn (1)
- tsgoten (1)
- DATADEER (1)
- wiseaidev (1)
- deh00ni (1)
- nicholastmosher (1)
- jrheard (1)
- azusachino (1)
Pull Request Authors
- dependabot[bot] (89)
- ASLegion (4)
- edmondop (2)
- tsgoten (1)
- alper (1)
- chdalski (1)
- BoynChan (1)
- bcpeinhardt (1)
- richardwesthaver (1)
Top Labels
Issue Labels
Pull Request Labels
Packages
- Total packages: 1
-
Total downloads:
- cargo 5,248 total
- Total dependent packages: 0
- Total dependent repositories: 0
- Total versions: 4
- Total maintainers: 1
crates.io: num_cpu
Get the number of CPUs on a machine.
- Documentation: https://docs.rs/num_cpu/
- License: Apache-2.0
-
Latest release: 1.14.0
published over 4 years ago
Rankings
Maintainers (1)
Dependencies
- block-buffer 0.10.2
- cfg-if 1.0.0
- cpufeatures 0.2.2
- crypto-common 0.1.3
- digest 0.10.3
- generic-array 0.14.5
- hex 0.4.3
- libc 0.2.126
- sha-1 0.10.0
- typenum 1.15.0
- version_check 0.9.4
- autocfg 1.1.0
- bitflags 1.3.2
- bytes 1.1.0
- cfg-if 1.0.0
- futures 0.3.21
- futures-channel 0.3.21
- futures-core 0.3.21
- futures-executor 0.3.21
- futures-io 0.3.21
- futures-macro 0.3.21
- futures-sink 0.3.21
- futures-task 0.3.21
- futures-util 0.3.21
- getrandom 0.2.6
- hermit-abi 0.1.19
- libc 0.2.126
- lock_api 0.4.7
- log 0.4.17
- memchr 2.5.0
- mio 0.8.3
- num_cpus 1.13.1
- parking_lot 0.12.1
- parking_lot_core 0.9.3
- pin-project-lite 0.2.9
- pin-utils 0.1.0
- ppv-lite86 0.2.16
- proc-macro2 1.0.39
- quote 1.0.18
- rand 0.8.5
- rand_chacha 0.3.1
- rand_core 0.6.3
- redox_syscall 0.2.13
- scopeguard 1.1.0
- signal-hook-registry 1.4.0
- slab 0.4.6
- smallvec 1.8.0
- socket2 0.4.4
- syn 1.0.96
- tokio 1.20.4
- tokio-macros 1.8.0
- unicode-ident 1.0.0
- wasi 0.10.2+wasi-snapshot-preview1
- wasi 0.11.0+wasi-snapshot-preview1
- winapi 0.3.9
- winapi-i686-pc-windows-gnu 0.4.0
- winapi-x86_64-pc-windows-gnu 0.4.0
- windows-sys 0.36.1
- windows_aarch64_msvc 0.36.1
- windows_i686_gnu 0.36.1
- windows_i686_msvc 0.36.1
- windows_x86_64_gnu 0.36.1
- windows_x86_64_msvc 0.36.1
- 177 dependencies
- arbitrary 1.1.0
- cc 1.0.73
- derive_arbitrary 1.1.0
- libfuzzer-sys 0.4.3
- once_cell 1.12.0
- proc-macro2 1.0.39
- quote 1.0.18
- syn 1.0.96
- unicode-ident 1.0.0
- hermit-abi 0.1.19
- libc 0.2.126
- num_cpus 1.13.1
- threadpool 1.8.1
- 139 dependencies
- autocfg 1.1.0
- bitflags 1.3.2
- bytes 1.1.0
- cfg-if 1.0.0
- hermit-abi 0.1.19
- libc 0.2.126
- lock_api 0.4.7
- log 0.4.17
- memchr 2.5.0
- mio 0.8.3
- num_cpus 1.13.1
- parking_lot 0.12.1
- parking_lot_core 0.9.3
- pin-project-lite 0.2.9
- proc-macro2 1.0.39
- quote 1.0.18
- redox_syscall 0.2.13
- scopeguard 1.1.0
- signal-hook-registry 1.4.0
- smallvec 1.8.0
- socket2 0.4.4
- syn 1.0.96
- tokio 1.20.4
- tokio-macros 1.8.0
- unicode-ident 1.0.0
- wasi 0.11.0+wasi-snapshot-preview1
- winapi 0.3.9
- winapi-i686-pc-windows-gnu 0.4.0
- winapi-x86_64-pc-windows-gnu 0.4.0
- windows-sys 0.36.1
- windows_aarch64_msvc 0.36.1
- windows_i686_gnu 0.36.1
- windows_i686_msvc 0.36.1
- windows_x86_64_gnu 0.36.1
- windows_x86_64_msvc 0.36.1
- 129 dependencies
- cfg-if 1.0.0
- log 0.4.17
- 142 dependencies
- 128 dependencies
- libc 0.2.126
- 186 dependencies
- libc 0.2.126
- libc 0.2.126
- 183 dependencies
- anyhow 1.0.38
- anymap 0.12.1
- arrayvec 0.5.2
- autocfg 1.0.1
- bincode 1.3.1
- bitflags 1.3.2
- boolinator 2.4.0
- bumpalo 3.12.0
- byteorder 1.4.2
- bytes 1.0.0
- cfg-if 0.1.10
- cfg-if 1.0.0
- cfg-match 0.2.1
- console_error_panic_hook 0.1.6
- fnv 1.0.7
- gloo 0.2.1
- gloo-console-timer 0.1.0
- gloo-events 0.1.1
- gloo-file 0.1.0
- gloo-timers 0.2.1
- hashbrown 0.9.1
- http 0.2.3
- indexmap 1.6.1
- itoa 0.4.7
- js-sys 0.3.46
- lazy_static 1.4.0
- lexical-core 0.7.6
- log 0.4.11
- memchr 2.3.4
- nom 5.1.2
- proc-macro2 1.0.24
- quote 1.0.8
- ryu 1.0.5
- serde 1.0.118
- serde_derive 1.0.118
- serde_json 1.0.61
- slab 0.4.2
- static_assertions 1.1.0
- syn 1.0.58
- thiserror 1.0.23
- thiserror-impl 1.0.23
- unicode-xid 0.2.1
- version_check 0.9.4
- wasm-bindgen 0.2.69
- wasm-bindgen-backend 0.2.69
- wasm-bindgen-futures 0.4.19
- wasm-bindgen-macro 0.2.69
- wasm-bindgen-macro-support 0.2.69
- wasm-bindgen-shared 0.2.69
- web-sys 0.3.46
- yew 0.18.0
- yew-macro 0.18.0
- yew-router 0.15.0
- yew-router-macro 0.15.0
- yew-router-route-parser 0.15.0
- 249 dependencies
- adler 1.0.2
- aes 0.7.5
- autocfg 1.1.0
- base64ct 1.0.1
- bitflags 1.3.2
- block-buffer 0.10.2
- byteorder 1.4.3
- bzip2 0.4.4
- bzip2-sys 0.1.11+1.0.8
- cc 1.0.73
- cfg-if 1.0.0
- cipher 0.3.0
- constant_time_eq 0.1.5
- cpufeatures 0.2.2
- crc32fast 1.3.2
- crossbeam-utils 0.8.9
- crypto-common 0.1.3
- digest 0.10.3
- dirs 4.0.0
- dirs-sys 0.3.7
- flate2 1.0.24
- generic-array 0.14.5
- getrandom 0.1.16
- getrandom 0.2.7
- hmac 0.12.1
- instant 0.1.12
- itoa 1.0.2
- jobserver 0.1.24
- libc 0.2.126
- libssh2-sys 0.2.23
- libz-sys 1.1.8
- lock_api 0.4.7
- memoffset 0.6.5
- miniz_oxide 0.5.3
- nix 0.23.1
- num_threads 0.1.6
- once_cell 1.12.0
- opaque-debug 0.3.0
- openssl-src 111.25.0+1.1.1t
- openssl-sys 0.9.74
- parking_lot 0.11.2
- parking_lot_core 0.8.5
- password-hash 0.3.2
- pbkdf2 0.10.1
- pkg-config 0.3.25
- ppv-lite86 0.2.16
- proc-macro2 1.0.40
- quote 1.0.20
- rand 0.7.3
- rand_chacha 0.2.2
- rand_core 0.5.1
- rand_core 0.6.3
- rand_hc 0.2.0
- redox_syscall 0.2.13
- redox_users 0.4.3
- scopeguard 1.1.0
- sha1 0.10.1
- sha2 0.10.2
- single-instance 0.3.3
- smallvec 1.8.0
- ssh2 0.9.3
- subtle 2.4.1
- syn 1.0.98
- thiserror 1.0.31
- thiserror-impl 1.0.31
- time 0.3.10
- time-macros 0.2.4
- typenum 1.15.0
- unicode-ident 1.0.1
- vcpkg 0.2.15
- version_check 0.9.4
- wasi 0.9.0+wasi-snapshot-preview1
- wasi 0.11.0+wasi-snapshot-preview1
- widestring 0.4.3
- winapi 0.3.9
- winapi-i686-pc-windows-gnu 0.4.0
- winapi-x86_64-pc-windows-gnu 0.4.0
- zip 0.6.2
- zstd 0.10.2+zstd.1.5.2
- zstd-safe 4.1.6+zstd.1.5.2
- zstd-sys 1.6.3+zstd.1.5.2
- startup 0.1.1
- debian buster-slim build
- rust latest build
- debian buster-slim build
- rust latest build
- ubuntu latest build
- ubuntu latest build
- 194 dependencies
- 220 dependencies
- autocfg 1.1.0
- base64 0.13.0
- bitflags 1.3.2
- block-buffer 0.9.0
- byteorder 1.4.3
- cc 1.0.73
- cfg-if 1.0.0
- chrono 0.4.19
- cpufeatures 0.2.2
- curve25519-dalek 3.2.1
- digest 0.9.0
- dirs 4.0.0
- dirs-sys 0.3.7
- ed25519 1.5.2
- ed25519-dalek 1.0.1
- generic-array 0.14.5
- getrandom 0.1.16
- getrandom 0.2.7
- itoa 1.0.2
- libc 0.2.126
- log 0.4.17
- memoffset 0.6.5
- nix 0.23.1
- num-integer 0.1.45
- num-traits 0.2.15
- opaque-debug 0.3.0
- ppv-lite86 0.2.16
- proc-macro2 1.0.40
- quote 1.0.20
- rand 0.7.3
- rand_chacha 0.2.2
- rand_core 0.5.1
- rand_hc 0.2.0
- redox_syscall 0.2.13
- redox_users 0.4.3
- ryu 1.0.10
- serde 1.0.137
- serde_derive 1.0.137
- serde_json 1.0.81
- sha2 0.9.9
- signature 1.5.0
- single-instance 0.3.3
- subtle 2.4.1
- syn 1.0.98
- synstructure 0.12.6
- thiserror 1.0.31
- thiserror-impl 1.0.31
- time 0.1.44
- typenum 1.15.0
- unicode-ident 1.0.1
- unicode-xid 0.2.3
- uuid 1.1.2
- version_check 0.9.4
- wasi 0.9.0+wasi-snapshot-preview1
- wasi 0.10.0+wasi-snapshot-preview1
- wasi 0.11.0+wasi-snapshot-preview1
- widestring 0.4.3
- winapi 0.3.9
- winapi-i686-pc-windows-gnu 0.4.0
- winapi-x86_64-pc-windows-gnu 0.4.0
- winreg 0.10.1
- x25519-dalek 1.2.0
- zeroize 1.3.0
- zeroize_derive 1.3.2