Metasploit is Ruby. In 10 years of consulting with a progressively larger and larger team, I'm not sure I ever saw someone use scapy. It's not that scapy is bad, so much as that direct targeted low-level packet manipulation is kind of a 90s problem statement.
Gotcha, thanks for the clarification. So then, I suppose my recommendation of learning Metasploit and looking into Perl/CGI/PHP/javascript site security features are certainly separate/more than one thing. My aim was to suggest some broad "security programming" fields/projects that are easy to get started in or get quick results with and contain enough documentation and specialty uses that allow them to be drilled down into specifically if that part of the landscape interests OP. Also, doing cool things with scapy is fast and easy and learning to write your own scapy code seemed to teach me a lot about packet security very quickly. I was assuming that if one is an autodidact, the things I listed will keep you busy reading/learning related subject matter and introduce you to some cool things and familiarize yourself with what's out there while getting visible/fast results with a tool chain rather than just learning for learning's sake. There's a certain balance between thinking and doing; with excess of either it's easy to lose touch with reality/scope. This is why, when people want to "learn Linux" for example, I find out what they're interested in and point them toward some projects/packages... rather than pointing them to general Linux documentation which often has new users feeling like they're reading Greek without examples, or leads to eyeglaze.
