Open in app

Sign in

Write

Sign in

[End]Kali Linux Basics: Learn Scripting with Bash

Koay Yong Cett
7 min readMay 2, 2020

--

This topic continue back from Part 7 Kali Linux Basics and this is the last lesson for Kali Linux Basics. In this lesson, we are going to be scripting with bash. I know that this may seem a little bit of overwhelming at first. Don’t worry about it and just be open to learn something new.

Commands that we will be learning:

  1. grep (narrow down results)
  2. cut (narrow down results)
  3. tr (narrow down results)
  4. script writing (bash script)
  5. for loops (scripts related to nmap)

First, we are going to be doing is building out a ping sweeper script and it’s going to be pretty basic and simple. This may be a bit difficult when you all first approach it so just try to follow along and take notes, etc. Understand the concepts and get hands-on with it. Then, I just want to say that don’t let this intimidate you. Hopefully you will have a pretty good understanding on basic scripting and how scripting can really be beneficial which improve our timing in term of automation etc.

Photo by Photos by Lanty on Unsplash

Before we get into writing our first scripts, we will learn about how to narrow down the results. For instance, we are given a block of text and we want to extract some information from that block of text. How are we going to do that? This is actually what we are going to cover in this lesson. Let’s go ahead and start the lesson.

Narrow down a ping result:

Now, we need to ping an IP address within our system.

In the figure above, we can see that there is a response from that address and Hit CTRL + C to cancel the unlimited responses.

There is another way that we can do if we only want to send one packet and see whether it’s alive or not. We can do this by adding a -c 1 behind the ping command. This is a count of 1 and it allows the terminal to send one packet. For instance, if we set 10 then 10 packets will appear in the terminal and this make sense.

We are going to put the command into a text file with the command shown in figure above. Besides, when we cat the text file , it will show the same result in the previous figure.

Next, we want to narrow down the results and what we want to extract from here. In this example, I interested in the return IP address that has a valid response. If we ping a non valid IP address (192.168.33.128), there is no response from the address and the difference is shown in the figure above. What the difference? When we get a response back, we will see 64 bytes from the valid IP address and vice versa. Later, if we are doing an sweep to a network, then we will be able to narrow down the results.

Command: grep

Then, we are going to narrow down on specifically on the 64 bytes. We will be adding the pipe line(|) behind the cat ip.txt and the pipe symbol allows us to add additional command. Then, we will be using a command called grep which is going to grab any line based on the specific word that you specify in the command. In figure above, you will be able to notice that with grep the terminal only shows the line that only contain 64 bytes. This prove that we have archived a response in the ping.

Command: cut

We want to extract the IP address from the line then obtained. How do we narrow down some more?There is a tool call cut that can be used to do so.

In the figure above, we have cut which is a tool combined with -d which is a delimiter. The delimiter is what we are going to be cutting on. We are giving the delimiter of a space (“ ”) means that the space in between line will be remove/cut. Then, we give a field that we want to retrieve back from this cut and field 4 is chosen (192.168.32.128:) which is our IP address. Thus, this command will cut/remove the space in between line and retrieve back the field of 4.

Command: tr

If we try use the IP address that we obtained in last command, then we have the colon(:) in back of the IP address attached to it. We can ping with this IP address due to the colon(:) is still attached to the IP address. Therefore, we actually need to remove it before performing a ping sweep.

Now, we are going to use a command called tr which mean translate and add another delimiter (-d) to remove that colon(:). Thus, the result is in a valid form of IP address that can be used for IP sweep.

Script writing

We are going to start with basic script and add on in the process.

Basic bash script
  1. The first line will used for declaration according to any scripting language and the .sh also indicate that we are running bash script.
  2. The second line is for loop in the sequence of 1 until 254 and it will do the third line.
  3. The third line will be used for ping for the count of 1. The $1 will be user input in order to ping it and the $ip will be the sequence of 1 until 254. In addition, the rest will be same and the & symbol will allow us to do threading. Then, the IP address will not be running one line at a time but all the IP address will be split into two or more running tasks. (If we doesn’t put the & symbol then we need to put colon(:) symbol)
  4. The fourth line will be the finish line.

The command chmod+x is used to change the permission of the script. We will be running the script with command: ./ipsweep.sh 192.168.32 (user input). This pull out few information from the script we just run.

Then, we can add the IP address obtained into the file and use this information later on.

Before we continue, I just want to improve the script a little bit.

If we don’t enter an input, then it will produces a list of error.

If we don’t have $1 (user input) then it will echo the error messages. However, if we have an input then it will run the second part of coding.

Now, if we don’t enter any user input and this will produce and error messages.

Looping in one line:

In this section, we can write a for loop in a line. In the for loop, it going to run through all IP address in the iplist.txt. Then continue with semicolon(;) and do nmap script with the declaration of IP address ($ip). Lastly, finish with the done. However, the script require a root privilege.

Nmap script:

  1. -p mean port
  2. -sS for Stealth scan
  3. -T4 for speed scan and the T4 speed template ranges from 0 for slow and stealthy to 5 for fast.

To solve the issue, we can switch to the root with command: sudo su root and run the command. In the figure above, we just did all the 3 process at once.

In the nmap, the port for the IP address list will be filtered. Thus, we just run 3 nmap scans at once instead of copy and paste one by one.

Photo by Andrew Neel on Unsplash

The Scripting is really important if you have the chance to get into the penetration testing. There are more advanced scripting which you can learn by yourself by exploring the internet and watching youtube video where I learn most of the valuable information from.

Thanks for reading and this is the last part of Kali Linux Basics.

Kali Linux
Operating Systems
Command Line
Nmap
Education

--

--

Koay Yong Cett
Koay Yong Cett

Written by Koay Yong Cett

112 Followers
4 Following

Every stories I shared is based on my personal opinion. Interest in ethical hacking and penetration testing. Thank you.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams