Try to scan ports of twitch.tv(or ya.ru/google.com)

Error:

cargo run --release -- twitch.tv
    Finished release [optimized] target(s) in 0.20s
     Running `target/release/tricoder twitch.tv`
thread 'main' panicked at 'port scanner: Creating socket address: Os { code: 16, kind: ResourceBusy, message: "Device or resource busy" }', src/ports.rs:49:10

Maybe this is related to https://github.com/rust-lang/rust/issues/47955 because I have same error(EMFILE). Increase open file limit is not help me.

Any thoughts?

Chapter 5 is about web crawling, right? Well one library I've found to be really helpful for that is thirtyfour, a Selenium/WebDriver library for rust. WebDriver is a great technique to use for scraping websites that are SPAs or other apps that load content with JavaScript. Just thought I'd share.

It seems that some mistakes were made during the md -> pdf conversion :

• listings are overflowing on the right side for every console command
• chapter referencing is off by several chapters, e.g. talking about chapter 5 is actually talking about chapter 7 and so on

I'll update the list while I'm going through the book

The code to retrieve the CSRF token is not quite correct. It does not properly decode the percent encoding, thus the requests will fail. It can easily be fixed by adjusting the import in the Cargo.toml:

cookie = {version = "0.15", features = ["percent-encode"]}

and by adjusting line 216 in main.rs:

.filter_map(|cookie| Cookie::parse_encoded(cookie).ok())

I've received many request to create some kind of community about Rust x Hacking.

To be clear I don't have the bandwidth today to do that.

But as this is a really interesting thing that I could set up in the future, I want to gather some feedback before.

The biggest advantage of a community is peer-to-peer learning, where everyone can share their discoveries.

The biggest disadvantages of a community around security are identities and potential scams.

To be honest, I'm not a fan of chat communities (Discord, Matrix...): The knowledge is quickly lost, and it's very easy to mix a lot of conversations.

I would prefer a forum, which provide a searchable archive.

What do you think about it? What would you prefer, and why?

I was not familiar with yew and wasm, so I'm learning from your post, thank you for your great post. But, the problem is, it seems like there are huge changes between yew-0.18 and yew-0.19, it's almost impossible to follow your instructions. So, I don't know if you have to plan to use the new yew and update the post or something like that... Or maybe, I will follow the docs to get familiar with yew (the slow way). Anyway, a big thanks.

info: The currently active `rustc` version is `rustc 1.63.0-nightly (cd282d7f7 2022-05-18)`

[dependencies]
anyhow = "1.0.57"
rayon = "1.5.3"
serde = "1.0.137"
thiserror = "1.0.31"

My model.rs file is the same as https://github.com/skerkour/black-hat-rust/blob/main/ch_02/tricoder/src/model.rs yet the compiler complains

error: cannot find derive macro `Deserialize` in this scope
  --> src/model.rs:15:17
   |
15 | #[derive(Debug, Deserialize, Clone)]
   |                 ^^^^^^^^^^^
   |
note: `Deserialize` is imported here, but it is only a trait, without a derive macro
  --> src/model.rs:1:5
   |
1  | use serde::Deserialize;
   |     ^^^^^^^^^^^^^^^^^^

Your repo shows this import as a feature inclusion;

serde = { version = "1", features = ["derive"] }

but this is never mentioned in the book afaict.

Hey Sylvain,

I've just started the book and the introduction has been really excited! Looking forward to an awesome read.

I found a typo in the black hat book (section 5.3.2), where do I file the edit?

rust is my first programming language I am still trying to figure out my way in programing I did read few books and each one tackled subject I had no prior experience in and I did not get the most of the books but I tried to get as much as I can from them I was wandering if the "rust black hat" is required to have prior knowledge in some topics and if there are some what are thy

PS: forgive me for my bad English its not my first language

Hi!

Thanks for creating this book. I have just started reading the pdf version and i noticed the letter 'e' is undistinguishable from 'c' letter which makes it a bit hard to read. Would it be possible to change that?

I am facing no difficulties with reading any other text on internet so this must be something with the formatting of this book.

Thanks!

I think the book would benefit from a smaller font size for code blocks. In both the PDF and epub versions (didn’t look at mobi), the code block font looks larger than the body text font. To minimize wrapping of code blocks, I think a smaller monospace font size would look better. It would also look more harmonious with the body font size.

(Same comment applies to your blog posts IMO).

For example, here is a screenshot from the Rust Book, which I think has the right proportion of body font size to code block size:

Hello! This pull request is not meant to merged. I just bought access to your black hat rust course, and I've been using rust for two years now but I know nothing about cybersecurity (but want to!). I figured the best way for me to understand the security part was to go through section by section refactoring code until it made sense to me. Obviously my little refactor incorporates parts of Rust you don't want to bother the reader with yet, but I do have some small suggestions and questions.

Questions:

1. What's the deal with this?

let socket_addrs: Vec<SocketAddr> =
            format!("{}:1024", subdomain).to_socket_addrs()?.collect();

2. If you were trying to avoid detection as mentioned in the text by pinging these over a longer period of time, how long would that be? Say generate a random wait between 60 - 360 seconds, or 2 - 5 hours, etc.

Suggestions:

1. You should probably scan for open ports before constructing a Subdomain struct. Initializing the open_ports field with an empty vec creates a struct which doesn't reflect reality. My version places scanning for open ports in the struct's constructor by implementing the from trait, but you could just wait to instantiate the Subdomain structs until you've found the open ports.
2. Having both a port struct with a field indicating whether the port is open and the field "open_ports" on the subdomain struct is a little strange, and risks representing an invalid state (the subdomain.open_ports vec could contain a port with port.is_open set to false). Whether or not a port is open should be indicated in one place only.
3. Since you've introduced the anyhow and thiserror crates, there's really no reason to be unwrapping anywhere.

hi! i like to read physical copies of programming books so that i can mark them up and keep them on my shelf. will https://academy.kerkour.com/black-hat-rust?coupon=BLOG be available in print form once it's completed? i didn't see an obvious answer on the marketing website or on this github repo, please let me know if i missed something. thanks very much, best of luck with the book, looks really cool!