Black Hat Bash - Bash Scripting for Hackers and Pentesters (Early Access) (Dolev Farhi, Nick Aleks)

VULNERABILIT Y SC A NN IN G A N D

FU ZZIN G

In Chapter 4, we identified hosts on a network and a

couple of running services, like HTTP, FTP, and SSH.

Each of these protocols has its own set of tests we could

perform. In this chapter, we’ll use specialized tools on the

discovered services to find out as much as we can about

them.

In the process, you’ll use bash to run security testing tools, parse

their output, and write custom scripts to scale security testing across

many URLs. You’ll fuzz with tools such as ffuf and wfuzz, write

custom security checks using the Nuclei templating system, extract

personally identifiable information from the output of tools, and

write your own quick and dirty vulnerability scanners.