My two cents:
Run bash (or other shell) first!!
The quickness of the language doesn't matter when you are in full brainstorm!
One of the most usefull and powerfull language for this kind of operation seem to be forgotten in your question.
I would like to speak about bash as hacking environment. Yes shell take his name from the shell who may hold a lot of other things.
Under Un*x, you're primarily logged in a shell console, to be able to run other tools.
If it is one of the slower language:
$ time for ((i=1000000;i--;));do :;done
real 0m4.755s
user 0m4.628s
sys 0m0.124s
time perl -e 'map{1}(0..1000000)'
real 0m0.199s
user 0m0.112s
sys 0m0.060s
$ time python -c 'for a in range(1000000): 1==1
real 0m0.119s
user 0m0.096s
sys 0m0.020s
Yes! More than 4 seconds for a 1 million step loop is very slow, but once you're logged in a command line console...
Main advantage to be considered:
- history You could save/copy your history in order to be able to consult them later or to build a script
- log By using tools like
script
and scriptreplay
you could keep a very precise trace of all your job
- Cut'n paste By using x-terminal or tools like
screen
, you could play with parallel tasks, on separated console, and share inputs/outputs between all of them.
- fifo By merging simple but powerfull tools like
nc
| sed
| ssh
| python
...
Practical sample
you could start from:
$ mkdir /tmp/hackingGoogle
$ cd $_
than
$ nc google.com 80 <<<$'HEAD /fonts/ HTTP/1.0\r\n\r'
HTTP/1.0 200 OK
Content-Type: text/html; charset=utf-8
...
From there, you may use all tool you want, like ping
, traceroute
, openssl
, nmap
, etc...
$ openssl s_client -connect google.com:443 -ign_eof \
<<< $'HEAD / HTTP/1.0\r\n\r' 2>&1 | \
openssl x509 -in /dev/stdin -out certfile
$ openssl x509 -in certfile -noout -fingerprint
SHA1 Fingerprint=67:1B:98:92:48:86:FF:E1:C5:02:44:C5:9F:F3:96:78:08:F5:0A:45
$ openssl x509 -in certfile -noout -subject
subject= /C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
If you're interested about SSL, some more sample script
or...
$ wget https://www.google.com/fonts/
$ vi index.html
$ wget https://www.google.com/fonts/webfonts.nocache.js
$ smjs < <(sed < webfonts.nocache.js 's/Window....')
...
for playing with javascript...
Usefull environment for storing variables:
$ ip=();ANS=false;while read -a line;do if [[ "$line" = ";;" ]];then [[
"${line[1]}" = "ANSWER" ]] && ANS=true || ANS=false; fi ; $ANS && [[
"${line[2]}" == "IN" ]] && ip+=(${line[4]});done < <(dig www.google.com)
$ printf "%s\n" ${ip[@]}
173.194.116.51
173.194.116.52
173.194.116.48
173.194.116.49
173.194.116.50
Depending on what you're searching for, you could use widely all your tool in all combination.
$ grep ^64 < <(for host in ${ip[@]};do ping -c2 $host&done;wait)|sort -t. -nk4
64 bytes from 173.194.113.112: icmp_req=1 ttl=54 time=45.4 ms
64 bytes from 173.194.113.112: icmp_req=2 ttl=54 time=47.8 ms
64 bytes from 173.194.113.113: icmp_req=1 ttl=54 time=41.4 ms
64 bytes from 173.194.113.113: icmp_req=2 ttl=54 time=40.2 ms
64 bytes from 173.194.113.114: icmp_req=1 ttl=54 time=43.1 ms
64 bytes from 173.194.113.114: icmp_req=2 ttl=54 time=39.0 ms
64 bytes from 173.194.113.115: icmp_req=1 ttl=54 time=47.0 ms
64 bytes from 173.194.113.115: icmp_req=2 ttl=54 time=42.1 ms
64 bytes from 173.194.113.116: icmp_req=1 ttl=54 time=43.9 ms
64 bytes from 173.194.113.116: icmp_req=2 ttl=54 time=39.0 ms
This could by re-written:
Mini script from there:
With this, you will make two ping, parallelized (this will normaly take only 1 seconds) on ~5 hosts:
ip=()
ANS=false
while read -a line;do
if [[ "$line" = ";;" ]] ;then
[[ "${line[1]}" = "ANSWER" ]] && ANS=true || ANS=false
fi
$ANS && [[ "${line[2]}" == "IN" ]] &&
ip+=(${line[4]})
done < <(dig www.google.com)
grep ^64 < <(
for host in ${ip[@]};do
ping -c2 $host &
done
wait
) |
sort -t. -nk4
Other (more efficient) languages
Once the goal is fixed, after a lot of brainf@#@ing, common hacker will run his prefered editor and store his exploit as a script to automate next run.
The choice of the language used will depend mainly on the hacker's preferences. (If not required by his boss.)
And before reinventing wheel...
There is already a lot of tool dedicated to pentesting, scanning, research and analyse. If you use debian you could have a look on Debian Forensics Environment...
Anyway, the best environnment for testing and logging each step from this kind of job is a shell ( like bash ;-)