top of page

What defines a programming language as useful for hacking?

Languages are useful for doing things. What type of things it's suitable for completely depends on the type of language, the frameworks available for it, what OSes have interpreters / compilers for it, etc.

Let's look at the ones you've mentioned:

  • Perl

  • Scripting language

  • General purpose

  • Available on most *nix OSes since the '90s.

  • Great for quick hacks and short scripts.

  • Ruby

  • Scripting language

  • General purpose

  • Cross-platform

  • Object-oriented

  • Reflective (can see its own structure and code)

  • Good for dynamic frameworks

  • Python

  • Scripting language

  • General purpose

  • Cross-platform

  • Designed for clear and readable source code

  • Huge framework of libraries

  • JavaScript

  • Scripting language

  • Web-based

  • Cross-platform (available on every major browser)

So what makes these particularly good for pentesting? Well, most pentesting involves writing up quick throw-away tools to do a specific job for a specific test. Writing such a tool in C or C++ every time you want to do a quick job is cumbersome and time-consuming. Furthermore, they tend to produce platform-specific binaries or source that requires platform-specific compilation, rather than cross-platform scripts that just run. Scripting languages give you the flexibility to produce such tools quickly and easily.

For example, Ruby and Python are popular for more complex tasks because they have comprehensive libraries, whereas Perl is popular for quick data processing hacks. JavaScript is commonly utilised as a simple browser-based language that everyone has access to. Other languages such as C tend to be used for more low-level tasks that interface with the OS.

Now, the other side of the coin is languages used as payloads. This is where the line gets blurred, because requirements are so varied. For attacking Windows boxes, any payload that has no dependencies outside of what the OS provides is useful. This might be C, C++, VBScript, x86 asm, C# / VB.NET (.NET 2.0 is on most machines these days), etc. For attacking Linux boxes you might use C, C++, bash scripts or Perl. Java is also common for cross-platform attacks.

At the end of the day, pick the language that you find best for the job!

Recent Posts 
Serach By Tags
No tags yet.
bottom of page