Penetration Testing with BASH Scripts

One of the great features of Linux is writing scripts. Compared to writing Windows batch files, BASH scripting is much more flexible and comes with advanced features you won’t find in a batch script. To understand how the BASH shell works, you must understand the logic of how Linux is built.

Simply put, BASH (Bourne-Again Shell) is the default shell provided within Linux distributions. It is the command line interpreter (CLI) for GNU (GNU’s Not Unix) operating system. When we open a terminal session in Kali or Ubuntu, we are using the BASH shell. Though GNU operating system provides different shells, BASH is the default out-of-the-box shell for Linux.

A shell is a program that provides the command line (i.e., the all-text display user interface) on Linux and other Unix-like operating systems. It also executes (i.e., runs) commands typed into the terminal and displays the results. BASH is the default shell on Linux.

When we type any syntax into a terminal window, it is the job of the BASH shell to interpret and execute the command. The BASH shell is located in the bin folder which is located at the root of the operating system.

Table of Contents

Getting Started

  • Launch your Kali virtual machine.
  • From the desktop, click Places and then open the link for Computer. You are now at the root for Kali or Ubuntu or any other GNU operating system.

Kali Desktop Computer

  • The first directory we see at the root of our system is the bin folder.

bin folder

  • If we open the bin folder, we see the BASH interpreter.

bash interpreter

  • So, if you want to access the BASH interpreter, from the CLI, you will have to type, ./bin/bash.

Hire A Top Tier Software Testing Company

Creating and Running Scripts

  • Open a new terminal window inside Kali.
  • A command is an instruction telling a computer to do something. An argument is input data for a command. Standard output is the display screen by default, but it can be redirected to a file, printer, etc.
  • echo - a built-in command in the bash shell that writes its arguments to standard output.
    • At the prompt, type echo "hello World" hit enter.

echo command

Understanding Commands

  • Let’s break it down… echo is the command, “hello world” is the argument, and standard input is the "hello world" returned when you hit enter.
  • sleep - pauses the command for a specific amount of time. If I wanted to pause the output for 5 seconds, we use the sleep command followed by the number 5. 5 represents 5 seconds, 5m represents 5 minutes, and 5h represents 5 hours.

Creating a Script

  • Let’s put what we have so far into a script using nano. Nano is a text editor for Unix-like computing systems or operating environments using a command line interface.
    • At the terminal prompt type, nano test.sh.

nano command

  • Hit enter and the nano editor opens up in the BASH shell.

nano editor

  • Every script begins with the #! syntax used in scripts to indicate an interpreter for execution under UNIX / Linux operating systems.
    • At the nano prompt, type the following….

Script Begins Syntax

Saving and Running the Script

  • To save the script, press the CTRL+X keys on your keyboard at the same time.
  • Type in Y to save the changes.

save modification

  • Accept the default file named previously created by hitting the enter key.

default filename

  • This brings you back to the terminal prompt.

terminal prompt

  • We now have script file saved as test.sh.
  • We now need to make the test.sh file executable.
    • At the prompt type chmod +x test.sh.

making executable

Adding Interactivity

  • The read command - Accepts user’s responses. Used for user-created variables storing information a user enters in response to a prompt.
  • By adding a variable to the read command, we can store and read back a user’s response.
  • We first must create the variable. Let’s use “response” as our variable.

read command

  • Save the file by pressing the CTRL+X, keys at the same time. Press Y for yes and hit enter to accept the current name of the file.
  • Run the script again.

Save Script Again

Run Script Again

10 Easy Steps To Conduct Your First Web App Penetration Testing

Output to Files

  • We can also send the output to a text file.
  • If we follow up the echo "hello cliff" with the > and we name the file, we will have the file saved with the output of the echo command.

Echo Hello Cliff

  • To open the text file, we open the temp.txt file using nano.

open temp txt

temp txt editor

  • If we repeat the output to the text file but change the hello cliff to goodbye cliff the first entry is overwritten.

echo goodbye cliff

Temp Txt Goodbye Editor

  • To not overwrite our first entry and save the next output to the file on a new line, add one additional > to the echo command.

Temp Txt Goodbye Save

Again Hello Cliff

Viewing File Contents

  • If I want to see what is inside a file without using an editor, I can use the cat command. Here I use the cat command to see what is inside or test.sh script file.

Cat Command View File

  • Open the test.sh file using nano.
  • On a new line, add an echo command that saves the $response to a file called temp.txt. Make sure that the response is saved to a new line and does not overwrite any saved data.

Save Response Temp Txt

  • Save the file and run the script.
  • Check the contents of the temp.txt file using cat command.

Check Temp Using Cat

Conclusion

BASH scripting provides a robust framework for automating tasks and facilitating user interaction within the Linux environment. With a grasp of fundamental commands, script creation techniques, and file manipulation capabilities, you can unlock the extensive potential of BASH scripting to support and enhance your penetration testing endeavors. By leveraging BASH, you gain the ability to streamline processes, execute complex tasks efficiently, and customize tools tailored to your specific security testing requirements. Mastering these skills empowers you to wield BASH scripting as an asset in your toolkit for conducting thorough and effective penetration tests in diverse environments.

Incorporating BASH scripting into your penetration testing toolkit is just one step towards optimizing your cybersecurity strategy. For reliable software testing services that ensure the robustness and security of your applications, consider partnering with a reputable service provider that can provide invaluable insights and solutions to enhance your software's resilience against potential threats.

About Author

Nikul GhevariyaNikul Ghevariya is a dedicated QA Executive at PixelQA, evolving from a trainee to a valuable contributor across diverse projects. With ambitious goals, he aspires to master new QA tools, and delve into Automation and API testing, showcasing an unwavering commitment to continuous learning.