// Comparison

Black Hat Bash vs Black Hat Go: Which Should You Read?

Two cybersecurity books on Offensive, compared honestly: who each is for, what each does best, and which to read first.

Intermediate

4/52024

Creative Scripting for Hackers and Pentesters

Nick Aleks, Dolev Farhi

Nick Aleks and Dolev Farhi on getting offensive work done with the shell: privilege escalation tooling, lateral movement, and pipelining bash with the rest of the toolkit.

Intermediate

4/52020

Black Hat Go

Go Programming For Hackers and Pentesters

Tom Steele, Chris Patten, Dan Kottmann

Tom Steele, Chris Patten, and Dan Kottmann show how to use Go's networking primitives, concurrency model, and cross-compilation to write offensive tooling that runs almost anywhere.

Read this if

Pentesters and red teamers who land on a Linux box and need to do offensive work with whatever bash is already there. The book covers privilege escalation, lateral movement, log tampering, and the practical recipes that bash actually shines at.

Offensive practitioners who already know Python (or Bash) and want a compiled-language alternative for tools that need to run as a single binary on locked-down endpoints. Go's cross-compilation and tiny runtime make it the right choice for many implant-style tools.

Skip this if

Beginners with no shell-scripting fluency, or readers who only work on Windows. The book assumes you can write a basic for-loop and an if-conditional; the value is in the offensive idioms.

Beginners with no programming background. The book assumes Go familiarity at the syntax level; for the language itself, read The Go Programming Language (Donovan/Kernighan) first.

Key takeaways

Most offensive bash is data plumbing: enumerate, parse, pivot, exfiltrate. The book's framing makes the workflow explicit instead of magic.
Living-off-the-land on Linux is a real strategy; bash + awk + sed + curl is often more reliable than dropping a custom binary on a hardened target.
The chapters on log tampering, persistence via cron / systemd, and privilege escalation chains are the practical core for any operator who finishes a foothold and needs to keep moving.

Go binaries cross-compile to Windows, Linux, macOS, and ARM with no toolchain pain; for offensive tools that need to land on a target, Go saves hours.
Concurrency in Go is simple enough that scanners, brute forcers, and watchdog tools become trivial to write; the book's networking chapters lean on this.
Modern offensive tooling (Cobalt Strike alternatives, Mythic agents, Sliver) is increasingly Go-native; reading this book is reading the language those projects share.

How they compare

Black Hat Bash and Black Hat Go are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Both books target intermediate-level readers, so the choice is about topic, not difficulty.

Black Hat Bash and Black Hat Go both cover Offensive, Tooling, so reading them in sequence reinforces the same material from different angles.

Keep reading

Black Hat Bash

→ Alternatives to Black Hat Bash → What to read after Black Hat Bash