What is the best scripting language to pick up for work in info security?

Posted on 2010-08-31
Last Modified: 2012-05-10
I work currently work with mostly windows environments and have some experience with batch scripting, powershell and vbscript.  I have a strong focus on network security and am trying to move more towards the penetration testing career path.  I am looking for a good language to pick up.  I haven't worked with either, but I have heard both pearl and python are good choices.  I did some .net work in college years ago, but most of that knowledge is long gone as I haven't really needed it network administration.  Any advice suggestions are appreciated.

Question by:childersj

Accepted Solution

jtokarchuk earned 167 total points
Comment Utility
You want Ruby, because it's the native language for Metasploit, which is the de facto standard open source penetration testing framework. Ruby's going to give you:

Metasploit's framework, opcode and shellcode databases
Metasploit's Ruby lorcon bindings for raw 802.11 work
Metasploit's KARMA bindings for 802.11 clientside redirection

Distorm for x86 disassembly

Second place to Python. There are more pentesting libraries available in Python than in Ruby (but not enough to offset Metasploit). Commercial tools support Python as well.


Twisted for network access

PaiMei for program tracing and programmable debugging

CANVAS and Impact support

Dornseif's firewire libraries for remote debugging

Ready integration with WinDbg for remote Windows kernel debugging (there's still no good answer in Ruby for kernel debugging, which is why I still occasionally use Python).

Peach Fuzzer and Sully for fuzzing

SpikeProxy for web penetration testing (also, OWASP Pantera).


Assisted Solution

mhenry20 earned 167 total points
Comment Utility
A lot of pen testing uses linux variations.  You definitely need Perl.  I would also get fluent on linux shell scripting.  Perl is good because it gives you direct access to network streams.  C might also be a good choice to brush up on.  A little knowledge of a lot of languages such as PHP, Java, Ajax and so on would be usefull so that you understand the actual problems with certain type of coding.

You could look at some packages like metasploit and nessus to see what they use for coding.

Good luck.  That is certainly a career path that will active for a while.

Expert Comment

Comment Utility
I would say C#/++ and Java but honestly it just depends on what you will be working to secure.
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

LVL 13

Expert Comment

by:Hugh McCurdy
Comment Utility
If you are planning to work for a pen testing company, the answer might be "everything" including some assembler.
LVL 13

Assisted Solution

p_nuts earned 166 total points
Comment Utility
if you are going for penetration testing I would start with learning:

(ofcourse if you don't know it already)

- networking
- linux
- Python or c++

if you want to do network penetration that should be a good start

if you want to do windows .net and c# would both be good too.

if you learn c++ you will automatically get a whole bunch of programming languages that are very similar to it. like php etc..

also have a look at De-ICE they have pentest LiveCD's which can boot a machine and give you a whole set of tools to do pentests.

then there are the certification routes you could follow if you want to get a job in the security area..
CISSP Certified Information Systems Security Professional
CEH  Certified Ethical Hacker
CHFI Computer hacking forensic Investigator

but those don't come cheap.


Author Comment

Comment Utility
Yeah as I mentioned it has been years since I did any significant programming and for the most part the knowledge is gone.  Conceptual stuff I still understand, but actual ability to do a lot I will have to relearn.  Networking I know very well so that isn't an issue.  As far certs go, I actually have been working on the CISSP for about six months and intend to sit the exam later in the month.  I've used backtrack for testing for a few years now and have a little experience with metasploit from a graduate class I took.

I appreciate all of the input from everyone.  I may look at starting with Perl or Ruby (I don't honestly know all that much about Ruby), then talk about attacking something like python after I build up the other skills.

LVL 13

Expert Comment

Comment Utility
to be honest most language are close and syntax can be googled..

also think what you'll be pentesting. that help to define the learning curve and path.

a good idea about encryption helps too

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
Learn the basics of strings in Python: declaration, operations, indices, and slicing. Strings are declared with quotations; for example: s = "string": Strings are immutable.: Strings may be concatenated or multiplied using the addition and multiplic…
An introduction to basic programming syntax in Java by creating a simple program. Viewers can follow the tutorial as they create their first class in Java. Definitions and explanations about each element are given to help prepare viewers for future …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now