1
00:00:00,000 --> 00:00:01,435
[No audio]

2
00:00:01,460 --> 00:00:03,558
You've already learned a little bit about scripting,

3
00:00:03,662 --> 00:00:06,110
and little bit about how to write

4
00:00:06,240 --> 00:00:08,940
Python programs, which are often called scripts.

5
00:00:09,300 --> 00:00:11,340
But there are other languages out there as well.

6
00:00:11,730 --> 00:00:14,520
It's important to at least have an awareness of

7
00:00:14,520 --> 00:00:18,300
Perl and JavaScript. Knowing a little bit about

8
00:00:18,300 --> 00:00:21,240
those languages will allow you to write more

9
00:00:21,240 --> 00:00:25,140
scripts that will fill more needs, and most

10
00:00:25,140 --> 00:00:28,200
importantly, you'll be able to read scripts that

11
00:00:28,200 --> 00:00:31,050
other developers wrote. So let's take a quick look

12
00:00:31,350 --> 00:00:35,580
at Perl and JavaScript. First is Perl. Now Perl

13
00:00:35,605 --> 00:00:38,095
is a flexible general purpose scripting language.

14
00:00:38,400 --> 00:00:41,790
Actually, it's a family of two languages. The

15
00:00:41,790 --> 00:00:46,110
original Perl which matured at Perl version 5

16
00:00:46,205 --> 00:00:50,255
is still just called Perl. The newer version, Perl

17
00:00:50,280 --> 00:00:53,910
version 6 is now called Raku. So they're really

18
00:00:53,910 --> 00:00:56,490
two separate languages, and they've taken a

19
00:00:56,490 --> 00:01:00,090
divergent path. So they're becoming less and less

20
00:01:00,240 --> 00:01:03,780
a clone of one another, but they still have a

21
00:01:03,780 --> 00:01:07,860
common heritage, and they also share a lot of new

22
00:01:07,885 --> 00:01:11,065
ideas. So if a new feature is rolled out in Perl,

23
00:01:11,280 --> 00:01:14,520
you may see it in Raku as well. Perl was

24
00:01:14,520 --> 00:01:17,280
originally developed as a UNIX scripting language

25
00:01:17,310 --> 00:01:21,480
for report processing. But now both Perl and Raku

26
00:01:21,480 --> 00:01:25,170
run on most operating systems, and do a lot more

27
00:01:25,200 --> 00:01:28,110
than just report processing. Another important

28
00:01:28,110 --> 00:01:31,620
scripting language is JavaScript. It's a high

29
00:01:31,620 --> 00:01:35,280
level, just in time compiled language. Now not

30
00:01:35,310 --> 00:01:38,280
every version of JavaScript you'll run into is

31
00:01:38,280 --> 00:01:40,830
compiled just in time, which basically means that

32
00:01:40,920 --> 00:01:44,130
it is compiled right at the moment that you need

33
00:01:44,130 --> 00:01:46,770
to execute the code. But most of today's

34
00:01:46,770 --> 00:01:50,130
implementations are the JIT or just in time

35
00:01:50,250 --> 00:01:53,730
compilation model. They're very popular in web

36
00:01:53,730 --> 00:01:58,470
applications. In fact, it stated that 97% of all

37
00:01:58,470 --> 00:02:01,290
websites out there have some JavaScript in them.

38
00:02:01,620 --> 00:02:05,310
It's so popular that almost every web browser has

39
00:02:05,310 --> 00:02:08,820
a built in JavaScript engine. So most people think

40
00:02:08,970 --> 00:02:12,270
that JavaScript is for web applications only. But

41
00:02:12,270 --> 00:02:15,420
that's really not true. It's just very popular in web

42
00:02:15,420 --> 00:02:18,180
applications. But it's a flexible and powerful

43
00:02:18,180 --> 00:02:21,270
standalone language as well. If you want to run

44
00:02:21,270 --> 00:02:23,910
JavaScript code without being in the context of a

45
00:02:23,910 --> 00:02:26,940
web application, the most popular approach or the

46
00:02:26,940 --> 00:02:31,740
most popular runtime environment is Node.js. It's

47
00:02:31,740 --> 00:02:34,470
an open source JavaScript runtime environment

48
00:02:34,470 --> 00:02:37,530
that runs on many different operating systems. So

49
00:02:37,530 --> 00:02:39,750
if you're going to use JavaScript in a pen

50
00:02:39,750 --> 00:02:42,030
testing environment, there's a good chance you're

51
00:02:42,030 --> 00:02:45,780
probably going to fire up the Node.js environment,

52
00:02:45,905 --> 00:02:48,485
and then run your JavaScript code from with a

53
00:02:48,510 --> 00:02:52,770
node, again as opposed to a web browser. If you

54
00:02:52,770 --> 00:02:55,290
want to learn more about Perl and JavaScript,

55
00:02:55,320 --> 00:02:57,600
there are lots of additional resources, here are

56
00:02:57,600 --> 00:03:00,870
just a few links that will take you directly to

57
00:03:00,870 --> 00:03:04,560
the Perl home website and the JavaScript website,

58
00:03:04,740 --> 00:03:07,800
as well as some other resources here that talk

59
00:03:07,800 --> 00:03:11,310
about how to invoke pen testing, or how to write

60
00:03:11,310 --> 00:03:14,550
pen testing scripts in both languages. So dig

61
00:03:14,550 --> 00:03:16,680
through these resources, and you probably learn

62
00:03:16,680 --> 00:03:19,890
a lot about both languages. If you're wondering

63
00:03:19,890 --> 00:03:22,530
what Perl or JavaScript code looks like, let's

64
00:03:22,530 --> 00:03:25,590
take a look at a program in each one of the

65
00:03:25,590 --> 00:03:29,400
languages. Now I tend to use the term program and

66
00:03:29,400 --> 00:03:32,250
script interchangeably. Technically, these are

67
00:03:32,250 --> 00:03:35,550
scripts. So a Perl script looks something like

68
00:03:35,550 --> 00:03:38,550
this. Now, if you read through, you'll notice that

69
00:03:38,550 --> 00:03:41,820
what the script is doing is it's asking the user

70
00:03:41,820 --> 00:03:45,450
to input an IP address, a starting value and an

71
00:03:45,450 --> 00:03:48,630
ending value. Well, what it's really doing is, it

72
00:03:48,630 --> 00:03:52,110
is going to take the IP address and scan for the

73
00:03:52,110 --> 00:03:55,470
ports from the starting value to the ending value.

74
00:03:55,500 --> 00:03:58,080
So basically, this is a port scanner. You seen

75
00:03:58,080 --> 00:04:00,150
it in other languages, and this is what it would

76
00:04:00,150 --> 00:04:03,930
look like in Perl. Now you notice, there are

77
00:04:03,930 --> 00:04:07,740
libraries in Perl, specifically, we use the IO,

78
00:04:07,770 --> 00:04:10,710
Socket library to do all of the dirty work, and

79
00:04:10,710 --> 00:04:14,310
all that we're doing is we're basically scanning through

80
00:04:14,340 --> 00:04:16,740
from the beginning start or beginning port to

81
00:04:16,740 --> 00:04:19,829
the end port, and asking is the port open. If it

82
00:04:19,829 --> 00:04:23,550
is, say it's open, otherwise, do nothing and move

83
00:04:23,550 --> 00:04:26,339
on. We can also create a port scanner in

84
00:04:26,339 --> 00:04:29,970
JavaScript. Now when I say create, it's a little

85
00:04:29,970 --> 00:04:32,640
bit of a misnomer because I'm really not creating

86
00:04:32,640 --> 00:04:36,600
a port scanner at all. All I'm doing is I am using

87
00:04:36,750 --> 00:04:40,770
a pre written library called portscanner. So once

88
00:04:40,770 --> 00:04:44,010
I access that library, all I have to do is call

89
00:04:44,010 --> 00:04:47,190
'portscanner.' some method. So in this case,

90
00:04:47,310 --> 00:04:50,100
findAPortNotInUse, and I'm going to scan from

91
00:04:50,430 --> 00:04:54,120
port 3000 to 3010, and what will happen is the

92
00:04:54,120 --> 00:04:57,180
first port that is not in use in that range will

93
00:04:57,180 --> 00:05:00,000
come back and send a message to the log or the

94
00:05:00,000 --> 00:05:01,920
console rather, which basically just means print

95
00:05:01,920 --> 00:05:04,410
it out at the bottom of the screen, this port is

96
00:05:04,410 --> 00:05:07,140
available, and it tells me what port it found. Now

97
00:05:07,140 --> 00:05:09,600
when I ran this on my computer port 3000 was

98
00:05:09,600 --> 00:05:11,970
available so it immediately returned. But that

99
00:05:11,970 --> 00:05:15,720
gives you an idea of what Perl script code looks

100
00:05:15,720 --> 00:05:18,240
like in the previous slide and what JavaScript

101
00:05:18,270 --> 00:05:21,120
code looks like in this slide. If you're

102
00:05:21,120 --> 00:05:23,040
interested in either of these languages, follow

103
00:05:23,040 --> 00:05:25,590
the resources. There's a lot of tutorials online

104
00:05:25,590 --> 00:05:28,530
that'll teach you how to code in Perl, JavaScript.

105
00:05:28,554 --> 00:05:41,953
[No audio]