Please help me to create penetesting tool

[expoit100]

I am new to programming language. I want to create or make pentesting tool. I do not which language i have to learn for make such a tool.

I know simple basic of C.

Some one can help me please?

[alienkinetics]

Depends. A different language can be "selected" based on a persons selection criteria.

I would use Delphi with Indy since its a network library that I total trust to get the job done.

But, if I didn't have Delphi, I'd use C/C++ with the Win32 WinINet library.

My 3rd choice would be C# which has its own network library that are very competent.

My 4th choice would be Java. Especially if I wanted to port the code, but im not a fan of Java even though lots of people do great work in it.

But, if you are looking for a portable native code solution, then you need to look into Linux sockets or one of the many socket libraries out there. I would pick one that has great documentation and isn't about to disappear. eg:

Apache Portable Runtime - Wikipedia, the free encyclopedia

Berkeley sockets - Wikipedia, the free encyclopedia

[expoit100]

Thank you for help full information. I want to create a brute force tool.

Can you help me?

[alienkinetics]

brute force? which protocol? you cant just connect to a tcp server and send random data hoping somehow you will achieve something.

All network connections use some kinda protocol. there are lots of standard protocols.

which were you thinking of?

[expoit100]

Yes brute force. Because just i want to learn.

the protocol will be http,https. (how to start and what i need to know for it)

Can you give me your mail adresse pls?

[alienkinetics]

HTTP is relative simple, but extra "add on" systems make it very complex.

ie: Cookies, javascript running on the client, ajax, posted data and browser specific values like "referer" and "useragent".

Your easiest path into HTTP/HTTPS/FTP is the function URLDownloadToCacheFile()

URLDownloadToCacheFile Function ()

For C# (.NET Languages) you can look into the WebClient class:

Download And Upload A File Using C#

I use Indy which IMHO is still the most powerful network library. It covers a large number of protocols, some Ive never even heard of. But you need Delphi for that.

Indy

And lastly, WebBrowser automation is the best way to test a protected site since, to the site it will just look like a user is attacking it.

But, then, a decent site will use cookies to record HTTP request times and block any user trying to brute force their way in. Or, at best, they will delay responces to make brute force duration lengths long enough that you will have gray hair before anything is achieved.

Hence why most attacks have a trojan horse to get inside information. ie: passwords.

There you go. Good luck with ya hacking.