Tips for an Information Security Analyst/Pentester career - Ep. 50: Bash for defensive/offensive security
When it comes down both to defensive and offensive security, you mostly hear about popular languages such as Python or Ruby, which makes sense, because they're very powerful.
However, people often forget about another important one: Bash.
Bash is readily available in UNIX/Linux systems and also for Windows 10 (natively, if you install the Windows Subsystem for Linux, or through something like Cygwin) and for previous Windows versions (through Cygwin and other third-party tools).
Bash leverages native UNIX/Linux system commands, so, if you're comfortable with them, you don't need to learn a specific language to write a script.
Nonetheless it's very powerful, too.
Here I'm not going to teach a basic Bash class, nor I'm covering its basics.
If you started reading this post and you have zero knowledge of this topic, I recommend you to check out this very exhaustive and clear beginner level guide first and then go back here.
Practical examples
As a first example, I'm going to analyze a script I wrote a while ago to perform reconnaissance on people.
The script prompts the user for the first name and last name of the person we want to investigate about, stores them to two variables and then returns a series of results by automatically populating a list of specialized search engines.
You'll notice how fast we get the results back and how much time the script saves us.
Instead of having to manually open a series of webpages, one by one, enter a search string and wait for results to be returned, the script performs all these operations automatically for us.
b) iprecon.bash
This time we're going to create a script together.
This script will grab an IP address from the user, will validate it and perform a series a commands storing their outputs to an output file.
I had already solved the problem related to the IP validation within another script I had created a while ago, called ipchecker.bash, so I used it as a skeleton for this new script.
There's no need for reinventing the wheel in information security.
The script grabs an IP address from the user and performs nslookup, dig, whois and host commands, redirecting their output to a file (for more details, check out the embedded video).
The user indicates a name for this file, which is stored in a variable called output.
I introduced a 2-second pause between each individual command, so that each one will exit nicely.
At the end of the day, though, I realized that having the output from four commands stored in a single file wasn't a very good idea.
It was too bulky and poorly readable.
Therefore, I decided to create four individual output files, one for each command, and four different output variables, accordingly.
The final result is much more readable, but is open to more improvements, so feel free to provide me with any feedback about it.
You can check the source code on Github and we might say you guys helped me create a Bash script, how about that?
Comments
Post a Comment