Using scripting in pen testing
SCRIPTING FOR PENETRATION TESTING
- Why bother with scripts?
- Automate mundane/repetitive tasks
- Faster
- Less error prone
- Repeatable
- What is a script?
- Interpreted sequence of commands
- Written in a specific language with its own sytax
- Easy to code
- Not compiled or assembled
COMMON SCRIPTING LANGUAGES
- Bash - Bourne Again Shell
- Command shell for most Linux/MAC OS systems
- Freely available version of the UNIX Bourne shell(sh)
- PowerShell - Windows-based admin and automation shell
- Available in Windows since 2006
- Powerful scripting language
- Ruby - object-oriented high-level interpreted general purpose programming language
- Influenced by Perl, Smalltalk, Ada, Lisp
- Python - object-oriented high-level interpreted general purpose programming language
- Extensive available libraries
ADDITIONAL RESCOURCES
- Bash
- PowerShell
- Ruby
- Python
- https://learnpythonthehardway.org/
- https://www.oreilly.com/search/?query=python&extended_publisher_data=true&highlight=true&include_assessments=false&include_case_studies=true&include_courses=true&include_playlists=true&include_collections=true&include_notebooks=true&is_academic_institution_account=false&source=user&sort=relevance&facet_json=true&page=0&include_facets=false&include_scenarios=true&include_sandboxes=true&json_facets=true
SCRIPTING
- Variables
- Temporary data storage
- Substitutions
- Input parameters and environment variables
- Common operations
- Strings and comparisons
- Logic
- Looping and flow control
- Basic I/O
- Read input and write output(file, terminal, and network)
- Error handling
- When things don't work
- Arrays
- Simple data structure
- Encoding/decoding
- Handling special characters
QUICK REVIEW
- Scripts help automate repetitive actions
- Scripts are good for standardizing testing activities
- Scripts also reduce typing errors and make tests repeatable, as well as help in documenting test activities