User Controls
Best programming language for infosec?
-
2015-09-14 at 5:50 PM UTCThere seems to be some debate as to which language is the most useful in terms of implementation in information security. Now it seems obvious to me it would be best to have a firm grasp of the following languages.
- Python.
- Ruby.
- Perl.
- C.
- Assembly.
But what, in your opinion, would be the single most useful language, not only out of these five but out of all you can think of, keep in mind it has to be useful for infosec not just general purpose software development. I suppose it depends on what it is you actually want to accomplish. As i understand it a lot of malware is written in the C family or assembly if i'm not mistaken, it's possible to write malware in a number of languages however with C and certainly assembly you really get into the core of what is possible in terms of functionality.
In terms of developing tools i think python takes the cake. There's such a broad array of things you can do with python and it comes with a load of security oriented modules which makes life a lot easier. Furthermore every infosec tool that doesn't come with a GUI(and even some that do) that i find useful are written in python. And i have even seen exploits written in python. All in all i think it's an awesome language.
Ruby would seem like an obvious choice given that the metasploit framework modules are written in ruby. It seems to be well suited for exploit development and from what i understand it's kind of like python in a lot of ways. Having a framework to use your exploits in is sweet of course but since i have PentestBox, i can use that as framework for use with any python script, custom or otherwise.
I don't really know a lot about perl but from what i gather it's good for use in networking, especially prototyping which would probably be useful from a security standpoint.
C seems to me your general all purpose language, useful for software development of every kind and good for malware.
Assembly is bretty cool but a little too abstract for me, it allows you to have the most control over your program at a system level which is it's strenght in terms of malware i'd imagine.
I'm probably biased because i started out with Python, but it was after some due consideration. After i saw how many tools are written in python i decided it was the one to go with. Also, when i see a python script i actually get a sense of what the code says as opposed to assemblty which just looks like a bunch of jibberish to me.
So what are your thoughts? -
2015-09-14 at 6:50 PM UTCI would think C is a pretty good one along with python. I would say python is superior because you don't have to code your shit for a specific os like you would in C. But my question is how does a python program work on a machine without an interpreter?
I honestly don't think asm is that good for infosec but its primo if you have a directed attack against something and want to infect the machine at the lowest level (I.e you want to install a program that works with the bios or processor). I'd also go the assembly route if the target was a centrefuge of some sort similar to that movie Hacker where the bad guy targets nuclear reactors and shit. The problem with asm is that its architecture specific so unless you know that architecture and the version of assemble it uses you will be shit outta luck.
Anyway, this is all pretty much just theory as I have very little working knowledge of C and ASM in practice and am still getting a hold on python. -
2015-09-14 at 8:49 PM UTC
I would think C is a pretty good one along with python. I would say python is superior because you don't have to code your shit for a specific os like you would in C. But my question is how does a python program work on a machine without an interpreter?
When you compile your program to exe you package everything you need within that exe. So from what i understand, every python program comes with it's own interpreter in a sense.I honestly don't think asm is that good for infosec but its primo if you have a directed attack against something and want to infect the machine at the lowest level (I.e you want to install a program that works with the bios or processor). I'd also go the assembly route if the target was a centrefuge of some sort similar to that movie Hacker where the bad guy targets nuclear reactors and shit. The problem with asm is that its architecture specific so unless you know that architecture and the version of assemble it uses you will be shit outta luck.
Yes it's architecture dependent but shellcode can do all kind of wonderful and terrible things. If you remember the downloader from my trojan thread, the piece of code that downloads and executes the main module is shellcode, which you could write in assembly and convert to bytearray to use in python or ruby.Anyway, this is all pretty much just theory as I have very little working knowledge of C and ASM in practice and am still getting a hold on python.
Same here for the most part, i am actively learning more python though, like i said in the other thread the book i'm reading Black Hat Python, is an awesome resource for infosec related python. I'm at the part for networking and i'm going to be coding a replacement tool for netcat, i could post my script when i'm done if you're interested. -
2015-09-14 at 10:56 PM UTCPlease do.
I have this one book I may start working out of when im through with python on code academy that deals with hacking in C and Assembley. When I get around to learning from that one I am sure I will have some interesting shit to post. Till then sit tight muh nigga. -
2015-09-15 at 12:33 AM UTC
Please do.
I'm glad you're interested, i'll be sure to post my script when it's done. What i really like about the book i'm reading is that it focuses on increasing the readers skills in programming tools like this, exploitation and general python based hackery and to get a better understanding of the themes it touches on. Readers are encouraged to write a lot of the modules based on the examples and techniques shown in the book, when i'm through with it, i'm going to have a load of cool and useful scripts. Which you're taught how to put together as a basic pentesting framework during the end of the book.
I've also decided that i'll be adding my tool (I am calling it PyCat) to PentestBox as a custom module. And i just like showing off my work, especially to peope who appreciate it like yourself, it also helps keep me motivated so yeah, good shit bro.I have this one book I may start working out of when im through with python on code academy that deals with hacking in C and Assembley. When I get around to learning from that one I am sure I will have some interesting shit to post. Till then sit tight muh nigga.
Yeah man sounds great, i'd love to see. When we get awesome with python i think it would be fun to collaborate on a cool project together, i have a github and everything so we could collab no problem. Here's my github if you're interested.
https://github.com/NullArray
Don't have a lot on it as of yet but i'm thinking of forking gcat over to a repo of my own when i finish up the rest of my trojan modules. -
2015-09-19 at 4:14 AM UTCHard to say there's an obvious best. If there were no learning curve involved I'd probably say C since on some level it's easier to build high-level programs out of low level ones than it is to go the other way, but then there is a learning curve. If you asked which I'd actually want to write an exploit in the answer is Python unless I know beforehand that it requires deeply magical bit bashing.
Ruby, Python, and Perl occupy basically the exact same space in terms of what they're each good/bad at. I'm a python fan because I like it's language designs the most out of the three, but perl is probably the classically more "hackerish" language (not good per se, just more popular in that circle historically). The largest schism between Ruby and Python is that Python represents a more structured language design, with an emphasis on having "one right solution" in the sense that there should be one obvious way to do a thing while ruby is more permissive in syntax/semantics and the designers are willing to create a pitfall for the benefit of some other system or feature or what-have-you. I've had multiple people describe Ruby as "you can write anything and it just works (but not always the way you expect)" and I'm sympathetic to that, not so much that it's fault tolerant as there are a number of "tricks" or shorthands in the language but they don't always play together well. Perl exists mostly as a confluence of historical forces. Its advocates will make claims about things like "good for prototyping" or "good with string manipulation" but the truth is that it's unnecessarily opaque and it's loved for the fact that you can make fun-but-incomprehensible one-liners with it.
As for assembly, I'm not sure. There is basically never a good reason to write ASM instead of C, but then knowing C is basically a prerequisite for ASM (I don't know if this is a physical law or whatever, but I've never heard of someone learning ASM without knowing at least _some_ C, the famous P&H textbook assumes students have a grasp on C and it seems like everyone takes there cues from there). The idea of assembly is, in an academic setting, almost always as a compile-target. You learn it to understand you compiler and CPU better, not to write it. -
2015-09-19 at 11:27 AM UTCInteresting insights Lan, the reason i mentioned asm is because of shellcode payloads. Maybe i am wrong in thinking shellcode and asm are interchangeable but when i generated the shellcode for use in gcat it came out in assembly which i had to convert to bytearray, and, msfvenom spits out bytearray shellcode as well when you generate a payload.