I hear Python is very good for pentesting. It has got good modules for that. But it's not a good framework, like Metasploit.
As far as I'm concerned, Python and Ruby are much of a muchness. When you really get down to it they basically do the same things, it's all down to your preference. Metasploit was written in Ruby, and many fantastic pen tools were written in Python. Perl is also a good choice, and one I use often. It has many useful modules, not to mention CPAN (I recommend to check it out if you haven't already). It's good for socket scripts, manipulating data and renown for it's excellent regexp handling. The other things I like about Perl and Ruby is you can perform a Linux command and trap the output in a variable.
eg:
#!/usr/bin/perl -w
use strict;
my $user = `whoami`;
chomp($user); # usually there's a newline character at the end of the output.
print "You are " . $user . "\n";
I love this functionality. There is a way to do something similar in Python, but it's far more long winded.
Most programs on milw0rm are coded in C - but this is not really a scripting language, and not as easy to write a quick script on the fly, if needed to.
My conclusion is Ruby and Python are fine for pen testing, and generally do the same things - but Perl will always be my favorite :-)
Any language that has good, easy string handling capabilities is a good match for penetration testing. This is why you see scripting languages as the most used languages in this sort of tasks.
To answer your question, they're just as good.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With