Black Hat Bash - Bash Scripting for Hackers and Pentesters (Early Access) (Dolev Farhi, Nick Aleks)

Perform all hacking activities in your Kali environment against

the vulnerable network you set up in Chapter 3.

Creating Reusable Target Lists

The scope is the list of systems or resources you’re allowed to

target. In penetration testing or bug-hunting engagements, the target

company might provide you with various types of scopes:

•^{Individual IP addresses, such as 172.16.10.1 and 172.16.10.2}

•^{Networks, such as 172.16.10.0/24 and 172.16.10.1-}

172.16.10.254

•^{Individual domain names, such as}^{lab.example.com}

•^{A parent domain name and all of its subdomains, such as}^*.exam-

ple.com

When working with tools such as port and vulnerability scanners,

you’ll often need to run the same type of scan against all hosts in

your scope. This can be hard to do efficiently, however, as each tool

uses its own syntax. For instance, one tool might allow you to

specify an input file containing a list of targets, while other tools

may require you to run the tool against individual addresses.

When working with tools that don’t let you provide a wide range

of targets, you can use bash to automate this process. In this section,

we’ll use bash to create IP- and DNS-based target lists that you

could feed to scanners.

Generating a List of Consecutive IP Addresses

Imagine that you need to create a file containing a list of IP

addresses from 172.16.10.1 to 172.16.10.254. While you could write

all 254 addresses by hand, this would be time-consuming. Let’s use

bash to automate the job! We’ll consider three strategies: using the

seq command in a for loop, using brace expansion with echo,

and using brace expansion with printf.

The seq and for Loop Approach

In the for loop shown in Listing 4-1, we use the seq command

to iterate through numbers ranging from 1 to 254 and assign each