Scripting Basics: Difference between revisions

From HackOps
Jump to navigation Jump to search
Newer edit →
VisualWikitext
Created page with "== Scripting Basics == Scripting automates repetitive tasks, accelerates testing, and glues tools together. A single script can gather data, transform output, launch exploits, and log results in seconds. The three core environments are Bash, Python, and PowerShell; each dominates a different operating system family yet follows the same logic: read input → process → act. === Common Techniques === Parsing tool output and extracting key fields with regular expression..."
 
Line 30: Line 30:
* [[tmux]] / [[screen]] (terminal multiplexers that keep long-running scripts alive)
* [[tmux]] / [[screen]] (terminal multiplexers that keep long-running scripts alive)
=== Quick Examples ===
=== Quick Examples ===
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
# Bash: Scan a subnet (10.10.10.1–254) and log live hosts to a CSV file
# Loop over all IPs in the subnet
for ip in 10.10.10.{1..254}; do


Bash one-liner: scan subnet and log live hosts
  # Ping each IP once (-c1), wait max 1 second for reply (-W1)
  # Suppress all output (&>/dev/null)
  # If host responds, log to "live.csv"
  ping -c1 -W1 $ip &>/dev/null && echo "$ip,up" >> live.csv &


for ip in 10.10.10.{1..254}; do
done
ping -c1 -W1 $ip &>/dev/null && echo "$ip,up" >> live.csv &
 
done; wait
# Wait for all background pings to finish
wait
</syntaxhighlight>
</syntaxhighlight>


<syntaxhighlight lang="python">
<syntaxhighlight lang="python">
# Python: parse nmap XML and list open ports per host
# Python: Parse Nmap XML output and print open ports per host
import xml.etree.ElementTree as ET
import sys


import xml.etree.ElementTree as ET  # XML parser from standard library
import sys  # (Not used here but often for reading filenames)
# Load and parse the Nmap scan file
tree = ET.parse('scan.xml')
tree = ET.parse('scan.xml')
# Loop through all <host> elements in the XML
for host in tree.findall('.//host'):
for host in tree.findall('.//host'):
    # Extract the IP address
     addr = host.find('address').attrib['addr']
     addr = host.find('address').attrib['addr']
     ports = [p.attrib['portid'] for p in host.findall('.//port[state/@state="open"]')]
 
    # Collect all open port numbers for this host
     ports = [
        p.attrib['portid']
        for p in host.findall('.//port[state/@state="open"]')
    ]
 
    # Print IP and comma-separated list of open ports
     print(addr, ','.join(ports))
     print(addr, ','.join(ports))
</syntaxhighlight>
</syntaxhighlight>


<syntaxhighlight lang="powershell">
<syntaxhighlight lang="powershell">
# PowerShell: pull AD computer names and ping each
# PowerShell: Get all Active Directory computer names and test if reachable
 
# Get all computer objects from AD
Get-ADComputer -Filter * |
Get-ADComputer -Filter * |
    # Extract just the Name field (hostname)
     Select-Object -Expand Name |
     Select-Object -Expand Name |
    # For each hostname, test network connectivity
     ForEach-Object {
     ForEach-Object {
         if (Test-Connection -Quiet $_) {
         if (Test-Connection -Quiet $_) {
            # If reachable, print confirmation
             "$_ reachable"
             "$_ reachable"
         }
         }
     }
     }
# Notes:
# Test-Connection is like 'ping'
# -Quiet returns $true/$false instead of full output
</syntaxhighlight>
</syntaxhighlight>

Revision as of 21:29, 17 May 2025

Scripting Basics

Scripting automates repetitive tasks, accelerates testing, and glues tools together. A single script can gather data, transform output, launch exploits, and log results in seconds. The three core environments are Bash, Python, and PowerShell; each dominates a different operating system family yet follows the same logic: read input → process → act.

Common Techniques

Parsing tool output and extracting key fields with regular expressions or JSON‐filters Looping through wordlists, IP ranges, or file paths to launch bulk scans Wrapping exploits in functions for re-use across targets Chaining commands with pipes to form one-liner workflows Reading STDIN / STDOUT for live data transformation Generating payloads dynamically (reverse shells, encoded scripts, shellcode) Logging actions and timestamps to CSV or SQLite for later reporting Using environment variables and arguments to create portable modules Invoking REST APIs to pull scope lists, asset inventories, or vulnerability feeds Scheduling scripts via cron, Task Scheduler, or at jobs for continuous monitoring

Tools

  • Bash (POSIX shell with extensive native command set)
  • Python (multiplatform language with libraries such as subprocess, requests, and pwntools)
  • PowerShell (object-centric shell for Windows and cross-platform automation)
  • jq (lightweight JSON processor ideal for API or tool output)
  • awk & sed (stream editors for quick text manipulation)
  • Expect (automates interactive CLI sessions)
  • Impacket scripts (Python collection for network exploitation)
  • pwntools (CTF-oriented Python framework for exploit development)
  • psutil (Python library for process and system information)
  • Invoke-Obfuscation (PowerShell module for payload transformation)
  • Cron / Task Scheduler (native schedulers for timed script execution)
  • tmux / screen (terminal multiplexers that keep long-running scripts alive)

Quick Examples

# Bash: Scan a subnet (10.10.10.1–254) and log live hosts to a CSV file

# Loop over all IPs in the subnet
for ip in 10.10.10.{1..254}; do

  # Ping each IP once (-c1), wait max 1 second for reply (-W1)
  # Suppress all output (&>/dev/null)
  # If host responds, log to "live.csv"
  ping -c1 -W1 $ip &>/dev/null && echo "$ip,up" >> live.csv &

done

# Wait for all background pings to finish
wait
# Python: Parse Nmap XML output and print open ports per host

import xml.etree.ElementTree as ET  # XML parser from standard library
import sys  # (Not used here but often for reading filenames)

# Load and parse the Nmap scan file
tree = ET.parse('scan.xml')

# Loop through all <host> elements in the XML
for host in tree.findall('.//host'):

    # Extract the IP address
    addr = host.find('address').attrib['addr']

    # Collect all open port numbers for this host
    ports = [
        p.attrib['portid']
        for p in host.findall('.//port[state/@state="open"]')
    ]

    # Print IP and comma-separated list of open ports
    print(addr, ','.join(ports))
# PowerShell: Get all Active Directory computer names and test if reachable

# Get all computer objects from AD
Get-ADComputer -Filter * |

    # Extract just the Name field (hostname)
    Select-Object -Expand Name |

    # For each hostname, test network connectivity
    ForEach-Object {
        if (Test-Connection -Quiet $_) {
            # If reachable, print confirmation
            "$_ reachable"
        }
    }

# Notes:
# Test-Connection is like 'ping'
# -Quiet returns $true/$false instead of full output
Retrieved from "https://hackops.wiki/index.php?title=Scripting_Basics&oldid=90"