Programming for Pen Testers
Greetings from a cave on a far away planet. Or at least it seems like that sometimes :) Regardless, welcome back friends. Today I want to cover a very important topic, and again this is something that we must practice to fully take advantage of, which is automation. In this post, I will cover three basic languages which I will be using in future posts for automation and custom testing. Automation and programming is an important skill pen testers should posses, as it can make trivial tasks out of large engagements.
However, bash programs are fairly limited to command line interface control, and perhaps you want to change the way a tool fundamentally works or create a more powerful script that takes advantage of libraries. That's when you will need a more high level scripting language such as Python. Python can be excellent for both automating tools and scrapping output, just like bash, but can also provide more dynamic functionality such as creating tool plugins or modifications. There are several resources out there for learning Python (which is really a super simple language), but I think one of the best and most complete is: http://learnpythonthehardway.org/book/
Further more, if you want to a sneak-peak at the many applications Python has in security programming, then you have come to the right place:
Lastly, I wanted to talk about Lua. Lua is an embedded scripting language, designed for being highly functional and optimized, as well as being small enough to embedded in other tools. It's included as the custom scripting language in both nmap, snort and is soon to be released in an updated version of ettercap. Lua is also a very easy language, and again one of the best resources is: http://www.phailed.me/2011/02/learn-lua-the-hard-way-1/
I am going to be specifically programming plugins with Lua for the aforementioned tools, such as nmap, like in the following video:
So stay tuned guys! We have some fantastic posts based around these tools and languages coming up!!
The first 'language' I will cover is bash scripting. This is infinitely useful for automating tools and fairly simple. There is a great introductory video here, that explains all of the basic commands you will use, such as: wc, cut, sort, awk, grep, sed, print, read, and assigning variables. With these simple commands, suddenly the possibilities become endless. Now, you can write a bash script to call a program with specific command line flags (which you can even prompt the user for options), then dynamically pull and format the output you want, and even automatically pass this into another tool!
However, bash programs are fairly limited to command line interface control, and perhaps you want to change the way a tool fundamentally works or create a more powerful script that takes advantage of libraries. That's when you will need a more high level scripting language such as Python. Python can be excellent for both automating tools and scrapping output, just like bash, but can also provide more dynamic functionality such as creating tool plugins or modifications. There are several resources out there for learning Python (which is really a super simple language), but I think one of the best and most complete is: http://learnpythonthehardway.org/book/
Further more, if you want to a sneak-peak at the many applications Python has in security programming, then you have come to the right place:
Lastly, I wanted to talk about Lua. Lua is an embedded scripting language, designed for being highly functional and optimized, as well as being small enough to embedded in other tools. It's included as the custom scripting language in both nmap, snort and is soon to be released in an updated version of ettercap. Lua is also a very easy language, and again one of the best resources is: http://www.phailed.me/2011/02/learn-lua-the-hard-way-1/
I am going to be specifically programming plugins with Lua for the aforementioned tools, such as nmap, like in the following video:
So stay tuned guys! We have some fantastic posts based around these tools and languages coming up!!