Monday, October 10, 2005

Perl Programming on Windows

Let's see a show of hands for everyone out there who uses programs Perl on Windows systems. Okay, thank you...please put your hands down. Now, how many of you use Perl to manage Windows systems? Okay, thank you very much.

Now...how many of you want to use Perl to manage your systems?

Whether you're an experienced Perl programmer and not familiar with Windows, or you're a Windows admin and don't know much about Perl, let me the first to tell you...Perl is a very powerful tool that you can learn to use, and use to harness your infrastructure.

Books like Learning Perl and Learning Perl on Win32 Systems will get you started. Even Advanced Perl Programming and Perl for System Administration can help. Dave Roth's books and web site can help. But to really get into the guts of what you can do, you need to (in the words of Nike), just do it.

At it's simplest, Perl can be used to automate tasks. Using Perl, you can create a Scheduled Task that reports certain information and has it waiting and available when the sysadmin comes in in the morning. Throw in a little error checking, and you will have reports on why some things may not have completed successfully...like systems being turned off, services not being available, etc. What would you like to do? Run nmap? Not a problem. Run it against your systems first thing in the morning, or over lunch, and have the output written to a file on your system. Once that's done, use Nmap::Parser to sort through the data and create reports. Great for sysadmins, pen testers, and security analysts running vulnerability assessments.

Perl can be used to implement WMI, and collect information from managed systems. Many of the tools I have available on my web site implement WMI. Using WMI, you can scan remote systems for processes, services, and even perform software inventory scanning from a continent away. Or how about reaching out across the country to locate rogue WAPs via managed Windows XP systems?

Perl is a very powerful tool that can harnessed to automate a wide variety of tasks performed by sysadmins, as well as security analysts. Data collection and parsing, as well as some modicum of analysis, can all be easily automated. Some of the things I use Perl for include:
  • Retrieve data from deep within the local system, or from remote systems
  • Parse binary files, based on structure documentation, knowing what each DWORD means, etc. (ie, PE header analysis, Event Log and Registry parsing, etc.)
  • Retrieve metadata from files (ie, Word/Excel docs, JPGs, PDF files, Prefetch files, etc.)
  • Querying service information
  • Data correlation across multiple sources (ie, Registry, files, etc.)
  • Automation of information discovery in ProDiscover IR
A side effect of all this is that you end up learning how Windows systems function by themselves, as well as within a domain. If you're automating a task, you end up learning a great deal about the task and the issue that the task addresses, as well.

If this is something you're interested in, drop me a line, post a comment, etc.

2 comments:

Anonymous said...

Thanks for mentioning "Learning Perl". The "Learning Perl for Win32" book is now mostly unneeded, because we removed the obvious Unix bias in the third edition of Learning Perl. Also check out "Learning Perl Objects, References, and Modules", the sequel in spirit and form.

-- Randal Schwartz, merlyn@stonehenge.com

H. Carvey said...

Randall,

Thanks for the comment, and the update about the book(s). I will sometimes wander around the office to see who has which books on their shelves, so I know where to go in case I have something very specific I'm looking for.

With regards specifically to programming Perl on Windows, the good news is that there are a lot of resources out there. Of course, the bad news is...there are a lot of resources out there. Searching for something specific may be difficult if you don't know the right keywords, or locations to search.