TABLE OF CONTENTS In this chapter, we look at writing open source security tools, which is much easier than you might think. You won't become a coder overnight (many things you will learn in this chapter might horrify professional programmers), but you might be surprised at the functionality that can be "hacked" together with relatively little code. This chapter attempts to remain "language agnostic," providing a "quick start" mini guide for a few languages and environments.
With so many open source tools out there, why would you want to learn to code? Why spend the time learning seemingly complex coding techniques? Today, more than ever, security practitioners are measured by the size of their toolbox rather than the size of their brains. When participating in the SensePost Combat courses, or events like Defcon's annual "capture the flag" contest, participants arrive with CDs full of security/hacking tools, many different UNIX distributions, and other general-use tool kits. In many cases, they find that these tools are worthless and custom tools (and custom mindsets) are needed. Because of this, many people prefer a flexible UNIX environment to a Windows environment. The UNIX environment provides a large number of small, flexible tools (like awk, grep, sed, and cut) that can be put together in any order the user sees fit. This is very different from the traditional Windows approach, which is primarily a black-box point-and-click affair.
For the same reason, a person who can write only a small...
