+ 64
Best language for aspiring Penetration Tester?
I want to be a Penetration tester, but I donāt know which languages are the best for that type of thing, or if they all are.
81 odpowiedzi
+ 83
Penetration testing is huge, so your first step should be establishing the kind of targets you want to test, so you don't burden yourself.
Once you do that, it's essential that you get accustomed with the software on that kind of targets:
- learn about their vulnerabilities;
- find out the recommended security practices for that software, which will give you valuable hints about the kind of testing you can start with;
- learn about the vulnerabilities of the operating systems that your target software rely on;
- learn about network security vulnerabilities;
- be creative.
Basically, you have to learn a lot if you want to be a proficient penetration tester. Because if you only learn a few things about using some tools in Kali Linux, you will only become what is known as a "script kiddie". š
A very good language for penetration testing is Python, because you can do virtually anything with it. No compilation required, no strict types, no memory allocation. Less work, more results for this kind of testing.
+ 56
possible C, Java, PHP and as Jan Markus sayd Python š¤
+ 51
BRO IF YOU WANT A SUCCESSFUL CAREER IN HACKING YOU NEED TO KNOW ALMOST ALL MAJOR LANGUAGES ( trust me ) HACKING IS LIKE REVERSE ENGINEERING AND BEFORE YOU REVERSE ENGINEER SOMETHING YOU MUST KNOW HOW TO "ENGINEER" IT.
for example if you hack a website then fluency with HTML/CSS/JS/PHP etc can prove to be beneficial and will give you an edge over other hackers and a better understanding of the vulnerabilities.
As far as your question is concerned
I will highly recommend learning Python.
learning python will give you an edge over a lot of ethical hackers as Python finds uses in a variety of things in the field of security.
for example you can create a python script to automate a tedious task or set of commands in the terminal.
Most of the hacking tools are also based on python so knowing python will enable you to be better at using them.
But do remember learning Python won't really teach you hacking it will just help you in the hacking process and increasing your efficiency.
Hope it helps
HAVE A NICE DAY !š
+ 37
Also learn bash, power shell, and how to create cron jobs.
+ 23
Bash and/or Powershell, Python, C/C++, various Linux commands and/or maybe Windows commands.
+ 22
HTML
Language used to write web pages.
Web hacking
Login forms and other data entry methods on the web use HTML forms to get data. Been able to write and interpret HTML, makes it easy for you to identify and exploit weaknesses in the code.
2
JavaScript
Client side scripting language
Web Hacking
JavaScript code is executed on the client browse. You can use it to read saved cookies and perform cross site scripting etc.
3
PHP
Server side scripting language
Web Hacking
PHP is one of the most used web programming languages. It is used to process HTML forms and perform other custom tasks. You could write a custom application in PHP that modifies settings on a web server and makes the server vulnerable to attacks.
4
SQL
Language used to communicate with database
Web Hacking
Using SQL injection, to by-pass web application login algorithms that are weak, delete data from the database etc.
5
Python
Ruby
Bash
Perl
High level programming languages
Building tools & scripts
They come in handy when you need to develop automation tools and scripts. The knowledge gained can also be used in understand and customization the already available tools.
6
C & C++
High level programming
Writing exploits, shell codes etc.
They come in handy when you need to write your own shell codes, exploits, root kits or understanding and expanding on existing ones.
7
Java
CSharp
Visual Basic
VBScript
Other languages
Other uses
The usefulness of these languages depends on your scenario.
+ 13
Visit cybrary.it it's a free cyber security training site. It includes different programs from beginner to expert. They have different courses that teach using programming languages to enhance penetration. Python, c, c++ are highlighted in the courses having a firm grasp would help you understand faster. My username is makangamchovu in cybrary.it I'll be happy to guide you from there.
+ 10
- C and Python
- php and network knowledge
- (linux/windows) commands
+ 9
i am suffering for becoming certified tester
+ 8
You need to learn most languages to be an efficient pen tester but I recommend you stay with #python
+ 7
learning cmd and powershell, some reg edit. what u look for? penetrating existing prog or creating one?
+ 7
If I put aside programming languages for a moment, "Kali Linux" is exactly what do you want. If you just wanna take feel of it then create an image in pendrive and run it live, but if you wanna go in deep, I would suggest to install it parallelly with whatever OS you have. To operate it you don't need to be a programmer as long as you are a trickster. But at some level you should know shell programming for Linux and that's enough
+ 7
If you really wanna be the PEN TESTER GUY, then Maximum proficiency in UNIX and Kali Linux is highly mandatory and Python skills is inevitable.
Not forgetting you must know how to build packages that will run along with daemons(services) without having any interaction with the shell, this will prevent your script from been killed using the PS UNIX command.
Also you must have good knowledge of configuring virtual box to run multiple operating systems and test run your scripts on the various O.S using virtual box.
I hope this helps.
+ 7
Ruby (Metasploit and wpscan are written in it) & Python
+ 7
@Ridwan if your fam hasnāt had this conversation with you yet... ... jk... jk, seriously, hacking pretty much š
+ 7
Penetration testing is a rabbit hole and Iām still trying to find the white rabbit šš¤£. Iām not going to beat a dead horse, obviously from the reads pythons and they also explain why. Kudos to everyone who said python šā¤ļøšThough if I could learn one language it would be the language of electrons(this doesnāt exist as thing sadly). Since thatās what any programming language (any computer)is doing pushing around electrons (a whole lot of them). Seeing how these electrons travel through the computer and communicate between each other is essentially what pentester does. āWill these electrons(the security) give up these other ones (the data) if I give them these (my malicious script)ā So itās more a method, an approach, then it is trying to learn everything about one programming language or even multiple programming language. You can invest a lot of time in any of them and itāll be very rewarding but at some point WILL touch/look at/ tear up/ modify/recreate with many of them. Then youāll see this door way of understanding and logic open when I speak of these electrons and their ways. Each system is setup different with different admins different mindsets different hardware different software which will require different tactics and methods. So I think of it like an RPG and the first language is your weapon you need to level up. Then youāll come across monsters that are resistant to your weapon so you have to start a new quest and find different weapons that will kill that monster or youāll never get through that level.
Iāve known some pentesters that knew very little for higher level programming languages but were super powerful in bash, powershell, network communications, and just understood how the system is designed. Since really the end goal is always the same āmake the connectionā. There is always more than one way to skin a cat.
If you interested I have a few python networking scripts loaded on here so you can see how a simple python program can interface with a network socket.
+ 6
At least Python and C/C++ or a similar combo.
+ 6
tl;Dr the path to becoming a pentester isn't about learning a ton of code. first focus on the basics, like get the knowledge you need for comptia a+ and network+
Then I can recommend perl or python as a scripting language. You should learn c, c++, html, js, php, and sql.
along the way learn not only to read assembly but write it, turn it into shellcode, eliminate bad characters, etc.
do that and then you just need to learn a few tools which will be piss easy after.
+ 5
you'd better try python...