Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


What is the best scripting language to pick up for work in info security?

Posted on 2010-08-31
Medium Priority
Last Modified: 2012-05-10
I work currently work with mostly windows environments and have some experience with batch scripting, powershell and vbscript.  I have a strong focus on network security and am trying to move more towards the penetration testing career path.  I am looking for a good language to pick up.  I haven't worked with either, but I have heard both pearl and python are good choices.  I did some .net work in college years ago, but most of that knowledge is long gone as I haven't really needed it network administration.  Any advice suggestions are appreciated.

Question by:childersj
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

jtokarchuk earned 668 total points
ID: 33573146
You want Ruby, because it's the native language for Metasploit, which is the de facto standard open source penetration testing framework. Ruby's going to give you:

Metasploit's framework, opcode and shellcode databases
Metasploit's Ruby lorcon bindings for raw 802.11 work
Metasploit's KARMA bindings for 802.11 clientside redirection

Distorm for x86 disassembly

Second place to Python. There are more pentesting libraries available in Python than in Ruby (but not enough to offset Metasploit). Commercial tools support Python as well.


Twisted for network access

PaiMei for program tracing and programmable debugging

CANVAS and Impact support

Dornseif's firewire libraries for remote debugging

Ready integration with WinDbg for remote Windows kernel debugging (there's still no good answer in Ruby for kernel debugging, which is why I still occasionally use Python).

Peach Fuzzer and Sully for fuzzing

SpikeProxy for web penetration testing (also, OWASP Pantera).


Assisted Solution

mhenry20 earned 668 total points
ID: 33573150
A lot of pen testing uses linux variations.  You definitely need Perl.  I would also get fluent on linux shell scripting.  Perl is good because it gives you direct access to network streams.  C might also be a good choice to brush up on.  A little knowledge of a lot of languages such as PHP, Java, Ajax and so on would be usefull so that you understand the actual problems with certain type of coding.

You could look at some packages like metasploit and nessus to see what they use for coding.

Good luck.  That is certainly a career path that will active for a while.

Expert Comment

ID: 33573251
I would say C#/++ and Java but honestly it just depends on what you will be working to secure.
Build and deliver software with DevOps

A digital transformation requires faster time to market, shorter software development lifecycles, and the ability to adapt rapidly to changing customer demands. DevOps provides the solution.

LVL 13

Expert Comment

by:Hugh McCurdy
ID: 33573683
If you are planning to work for a pen testing company, the answer might be "everything" including some assembler.
LVL 13

Assisted Solution

p_nuts earned 664 total points
ID: 33574309
if you are going for penetration testing I would start with learning:

(ofcourse if you don't know it already)

- networking
- linux
- Python or c++

if you want to do network penetration that should be a good start

if you want to do windows .net and c# would both be good too.

if you learn c++ you will automatically get a whole bunch of programming languages that are very similar to it. like php etc..

also have a look at De-ICE they have pentest LiveCD's which can boot a machine and give you a whole set of tools to do pentests.

then there are the certification routes you could follow if you want to get a job in the security area..
CISSP Certified Information Systems Security Professional
CEH  Certified Ethical Hacker
CHFI Computer hacking forensic Investigator

but those don't come cheap.


Author Comment

ID: 33577896
Yeah as I mentioned it has been years since I did any significant programming and for the most part the knowledge is gone.  Conceptual stuff I still understand, but actual ability to do a lot I will have to relearn.  Networking I know very well so that isn't an issue.  As far certs go, I actually have been working on the CISSP for about six months and intend to sit the exam later in the month.  I've used backtrack for testing for a few years now and have a little experience with metasploit from a graduate class I took.

I appreciate all of the input from everyone.  I may look at starting with Perl or Ruby (I don't honestly know all that much about Ruby), then talk about attacking something like python after I build up the other skills.

LVL 13

Expert Comment

ID: 33592789
to be honest most language are close and syntax can be googled..

also think what you'll be pentesting. that help to define the learning curve and path.

a good idea about encryption helps too

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
In a recent question ( here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question