Black Hat Bash - Bash Scripting for Hackers and Pentesters (Early Access) (Dolev Farhi, Nick Aleks)

Now we should be able to parse this information with bash.

Listing 5-5 shows a script to run Nuclei, filter for a specific severity

of interest, parse the interesting parts, and email us the results.

#!/bin/bash

for ip_address in "$@"; do

echo "Testing ${ip_address} with Nuclei..."

1 result=$(nuclei -u "${ip_address}" -silent -severity medium,high,critical)

if [[ -n "${result}" ]]; then

2 while read -r line; do

template=$(echo "${line}" | awk '{print $1}' | tr -d '[]')

url=$(echo "${line}" | awk '{print $4}')

echo "Sending an email with the findings ${template} ${url}"

sendemail -f "${EMAIL_FROM}" \

3 -t "${EMAIL_TO}" \

-u "[Nuclei] Vulnerability Found!" \

-m "${template} - ${url}"

4 done <<< "${result}"

fi

done

Listing 5-5

Scanning with Nuclei and sending ourselves the results

Let’s dissect the code to better understand what it’s doing. We

use a for loop to iterate through values in the $@ variable, which is

a special value you learned about in Chapter 2 that contains the

arguments passed to the script on the command line. We assign each

argument to the ip_address variable.

Next, we run a Nuclei scan, passing it the -severity

argument to scan for vulnerabilities categorized as either medium,

high, or critical, and save the output to the result variable 1. At 2,

we read the output passed to the while loop at 4 line by line. From

each line, we extract the first field, using the tr -d '[]'

command to remove the [] characters for a cleaner output. We also

extract the fourth field from each line, which is where Nuclei stores

the vulnerable URL. At 3 we send an email containing all the

relevant information.

To run this script, save it to a file and pass the IP addresses to

scan on the command line:

$ nuclei-notifier.sh 172.16.10.10:8081 172.16.10.11 172.16.10.12 172.16.10.13