As last year undergraduate students, we are now working on our graduation project, Automating Penetration Testing. Along with Shell scripting, Python was our choice for a programming language to use, although we went through some time investigating other languages like Ruby and Perl.. but at last we found that Python is our best choice.
Ruby and Perl were the top languages to be compared with Python as they are the most used languages in pen testing and hacking. Who wouldn't want to use any of these three languages in a project like ours anyways?
I mean Ruby is one of the remarkable interpreted languages, the giant Metasploit was written in it. It has so many capabilities that would definitely help any pen tester. It can be used for everything like reverse engineering, fuzzing, and many other. Ruby is very similar to Python and usually compared with it, it also combines concepts from other languages like Perl, Ada, and Lisp. It's flexible, and gives you the ability to create complex one-liners. It does well at networking, protocol manipulating, and object-oriented database access.
How about Perl? it's an awesome interpreted language with the motto "There is more than one way to do it". Perl is loose and open structured. It's called "The Swiss army chainsaw of scripting languages" which means it's very powerful, although sometimes it lack elegance and tidiness. CPAN is what makes Perl's greatest strength. Perl is also more mature than Ruby and much older. Perl is good at manipulating data and gluing applications together and many other tasks. It generally does well in quick data processing tasks.
But we found Python the most suitable language for us. A long with it being easy to learn, it's the most common platform for security tools, we found that almost 50% of penetration testing tools on GitHub are written in Python (205 out of 453). It has a large number of modules (more than 1000) and it is included in most Linux systems too. Python helps in doing quick tasks, it's well designed and well documented. Ruby and Python are great for complex tasks as they have comprehensive libraries. Python includes a number of easy ways to reuse pre-written code which increases the productivity very well.
Sure that doesn't mean that Python is the best, it simply means that we think it will help us a lot in our project. For penetration testing or security in general, the language choice usually depends on the task it's needed for. There are dozens of languages out there that can be used, and so many hackers use languages other than Python. What make a language better than another are a few points that you might like to put in considerations if you wish to become a pen tester:
- Time consuming: In pen testing, your own time is the most important, that's why Python and Ruby are the most popular languages in the field over C, C++, Java, and other faster languages (for the machine). What you need is a fast to use language that doesn't need much time to code.
- Cross-platforms compatibility: Remember to choose a language that can run on many platforms.
- Libraries and frameworks: A language with much libraries and frameworks to use in the field is better as it will make your job much easier.
- The type and usage of the language: Languages have many types and are made for specific tasks, they have different abilities. So choose wisely the best language that would suit your task the best.
- Tools built be that language: The number and rating of tools written by a certain language definitely gives it extra score, especially if they are open source tools as you can always find interesting code and support from the open source community.
No comments:
Post a Comment