What is the best scripting language to pick up for work in info security?

Posted on 2010-08-31
Last Modified: 2012-05-10
I work currently work with mostly windows environments and have some experience with batch scripting, powershell and vbscript.  I have a strong focus on network security and am trying to move more towards the penetration testing career path.  I am looking for a good language to pick up.  I haven't worked with either, but I have heard both pearl and python are good choices.  I did some .net work in college years ago, but most of that knowledge is long gone as I haven't really needed it network administration.  Any advice suggestions are appreciated.

Question by:childersj
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

jtokarchuk earned 167 total points
ID: 33573146
You want Ruby, because it's the native language for Metasploit, which is the de facto standard open source penetration testing framework. Ruby's going to give you:

Metasploit's framework, opcode and shellcode databases
Metasploit's Ruby lorcon bindings for raw 802.11 work
Metasploit's KARMA bindings for 802.11 clientside redirection

Distorm for x86 disassembly

Second place to Python. There are more pentesting libraries available in Python than in Ruby (but not enough to offset Metasploit). Commercial tools support Python as well.


Twisted for network access

PaiMei for program tracing and programmable debugging

CANVAS and Impact support

Dornseif's firewire libraries for remote debugging

Ready integration with WinDbg for remote Windows kernel debugging (there's still no good answer in Ruby for kernel debugging, which is why I still occasionally use Python).

Peach Fuzzer and Sully for fuzzing

SpikeProxy for web penetration testing (also, OWASP Pantera).


Assisted Solution

mhenry20 earned 167 total points
ID: 33573150
A lot of pen testing uses linux variations.  You definitely need Perl.  I would also get fluent on linux shell scripting.  Perl is good because it gives you direct access to network streams.  C might also be a good choice to brush up on.  A little knowledge of a lot of languages such as PHP, Java, Ajax and so on would be usefull so that you understand the actual problems with certain type of coding.

You could look at some packages like metasploit and nessus to see what they use for coding.

Good luck.  That is certainly a career path that will active for a while.

Expert Comment

ID: 33573251
I would say C#/++ and Java but honestly it just depends on what you will be working to secure.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 13

Expert Comment

by:Hugh McCurdy
ID: 33573683
If you are planning to work for a pen testing company, the answer might be "everything" including some assembler.
LVL 13

Assisted Solution

p_nuts earned 166 total points
ID: 33574309
if you are going for penetration testing I would start with learning:

(ofcourse if you don't know it already)

- networking
- linux
- Python or c++

if you want to do network penetration that should be a good start

if you want to do windows .net and c# would both be good too.

if you learn c++ you will automatically get a whole bunch of programming languages that are very similar to it. like php etc..

also have a look at De-ICE they have pentest LiveCD's which can boot a machine and give you a whole set of tools to do pentests.

then there are the certification routes you could follow if you want to get a job in the security area..
CISSP Certified Information Systems Security Professional
CEH  Certified Ethical Hacker
CHFI Computer hacking forensic Investigator

but those don't come cheap.


Author Comment

ID: 33577896
Yeah as I mentioned it has been years since I did any significant programming and for the most part the knowledge is gone.  Conceptual stuff I still understand, but actual ability to do a lot I will have to relearn.  Networking I know very well so that isn't an issue.  As far certs go, I actually have been working on the CISSP for about six months and intend to sit the exam later in the month.  I've used backtrack for testing for a few years now and have a little experience with metasploit from a graduate class I took.

I appreciate all of the input from everyone.  I may look at starting with Perl or Ruby (I don't honestly know all that much about Ruby), then talk about attacking something like python after I build up the other skills.

LVL 13

Expert Comment

ID: 33592789
to be honest most language are close and syntax can be googled..

also think what you'll be pentesting. that help to define the learning curve and path.

a good idea about encryption helps too

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today -

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Let's recap what we learned from yesterday's Skyport Systems webinar.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question