Scripting Basics

From HackOps
Jump to navigation Jump to search

Scripting Basics

Scripting automates repetitive tasks, accelerates testing, and glues tools together. A single script can gather data, transform output, launch exploits, and log results in seconds. The three core environments are Bash, Python, and PowerShell; each dominates a different operating system family yet follows the same logic: read input → process → act.

Common Techniques

Parsing tool output and extracting key fields with regular expressions or JSON‐filters Looping through wordlists, IP ranges, or file paths to launch bulk scans Wrapping exploits in functions for re-use across targets Chaining commands with pipes to form one-liner workflows Reading STDIN / STDOUT for live data transformation Generating payloads dynamically (reverse shells, encoded scripts, shellcode) Logging actions and timestamps to CSV or SQLite for later reporting Using environment variables and arguments to create portable modules Invoking REST APIs to pull scope lists, asset inventories, or vulnerability feeds Scheduling scripts via cron, Task Scheduler, or at jobs for continuous monitoring

Tools

  • Bash (POSIX shell with extensive native command set)
  • Python (multiplatform language with libraries such as subprocess, requests, and pwntools)
  • PowerShell (object-centric shell for Windows and cross-platform automation)
  • jq (lightweight JSON processor ideal for API or tool output)
  • awk & sed (stream editors for quick text manipulation)
  • Expect (automates interactive CLI sessions)
  • Impacket scripts (Python collection for network exploitation)
  • pwntools (CTF-oriented Python framework for exploit development)
  • psutil (Python library for process and system information)
  • Invoke-Obfuscation (PowerShell module for payload transformation)
  • Cron / Task Scheduler (native schedulers for timed script execution)
  • tmux / screen (terminal multiplexers that keep long-running scripts alive)

Quick Examples

Bash

This script scans a given subnet for live hosts by sending ICMP echo requests (ping) and prints responding IP addresses. 

#!/bin/bash

# Loop through IP addresses 1 to 254 in a subnet
for ip in $(seq 1 254); do

    # Send 1 ping (-c 1) to each IP in the given subnet (passed as $1)
    # Example: if $1 = 192.168.1, it pings 192.168.1.1 to 192.168.1.254
    ping -c 1 $1.$ip |

    # Look for lines in the ping output that contain "64 bytes"
    grep "64 bytes" |

    # Extract the 4th field (which contains the IP with a colon at the end)
    cut -d " " -f 4 |

    # Remove the trailing colon from the IP
    tr -d ":" &

done

# Notes:
# - $(...) is used instead of backticks \`...\` (modern syntax)
# - '&' runs each ping in the background for speed
# - This script prints a list of live hosts in the subnet
# - Usage: ./script.sh 192.168.1

This script performs a fast parallel ping sweep across a /24 subnet and logs all responsive IPs to a CSV file. 

# Scan a subnet (10.10.10.1–254) and log live hosts to a CSV file

# Loop over all IPs in the subnet
for ip in 10.10.10.{1..254}; do

  # Ping each IP once (-c1), wait max 1 second for reply (-W1)
  # Suppress output (&>/dev/null), and if host responds, log to file
  ping -c1 -W1 $ip &>/dev/null && echo "$ip,up" >> live.csv &

done

# Wait for all background pings to finish
wait

Python

This script extracts and displays open ports for each host from a parsed Nmap XML scan report. 

# Parse Nmap XML output and print open ports per host

import xml.etree.ElementTree as ET  # XML parser from standard library
import sys  # (commonly used for CLI arguments, not used here)

# Load and parse the Nmap scan file
tree = ET.parse('scan.xml')

# Loop through each host in the scan
for host in tree.findall('.//host'):

    # Extract the IP address of the host
    addr = host.find('address').attrib['addr']

    # Collect all open port numbers for this host
    ports = [
        p.attrib['portid']
        for p in host.findall('.//port[state/@state="open"]')
    ]

    # Print IP address and a comma-separated list of open ports
    print(addr, ','.join(ports))

PowerShell

This script queries all computer objects in Active Directory and checks which ones respond to ping. 

# Get all Active Directory computer names and test if they are reachable

# Query all computer objects in Active Directory
Get-ADComputer -Filter * |

    # Extract only the 'Name' field (hostnames)
    Select-Object -Expand Name |

    # For each hostname, test network connectivity
    ForEach-Object {
        if (Test-Connection -Quiet $_) {
            # If reachable, print confirmation message
            "$_ reachable"
        }
    }

# Notes:
# Test-Connection is equivalent to 'ping'
# -Quiet returns only $true or $false (no output text)
Retrieved from "https://hackops.wiki/index.php?title=Scripting_Basics&oldid=92"