At C1b3rWall Academy 2021, Module 9 “Pentesting” has begun today. This course will be divided in two parts so that students can learn how to build scripts and tools for pentesting exercises through practical examples.
Pentesting is a type of cybersecurity audit that consists of performing a set of simulated attacks on a computer system to detect weaknesses or vulnerabilities so that they can be fixedç.
Carlos Azúa, Cybersecurity Consultant at Dreamlab Technologies specialized in pentesting and software development, explains why to use “GO” for pentesting.
Why use GO
GO is a multipurpose program with easy syntax and efficiency comparable to C. It has a large standard library and strong concurrency and multiprocessing from its conception, as well as cross-compilation.
When we are pentesting, at times we need to think big and have high. We are looking for a balance between scripting and larger applications, as well as cross-compiling. In addition, its standard library supports databases, network protocols, cryptography and data encoding (JSON, XML, hex, Base64…).
Reverse shell
The key points to analyze in this code are cross-compilation and expressive syntax. When compiling, the only thing to do is to add the target operating system.
In general terms, what we do is to establish a connection with a maximum timeout under the TCP protocol to a specific IP and port. You can get the code of this tool here.
Carlos gives us the following conclusions about his talk:
- Go is easy to code and provides us with scalable solutions.
- It is fast in its execution.
- Many pentesting tools are being built in this language.
However, I invite you to watch his talk, in which he explains all the tools in detail. You can also read the full article on News-365. You can register at this link.
Juan M. Corchado 