Black Hat Bash - Bash Scripting for Hackers and Pentesters (Early Access) (Dolev Farhi, Nick Aleks)

HTTP/1.1 200 OK

Server: Werkzeug/2.2.3 Python/3.11.1

--snip–

Content-Length: 7176

Connection: close

As you can see, the server returns a bunch of headers in the

response, one of which is the Server header. This header reveals

that the remote server is running a Python-based web framework

named Werkzeug version 2.2.3, powered by Python version 3.11.1.

Listing 4-15 incorporates this cURL command into a larger script

that prompts the user for information with the bash read command,

then presents the user with a banner.

#!/bin/bash

DEFAULT_PORT="80"

read -r -p "Type a target IP address: " ip_address 1

read -r -p "Type a target port (default: 80): " port 2

if [[ -z "${ip_address}" ]]; then 3

echo "You must provide an IP address."

exit 1

fi

if [[ -z "${port}" ]]; then 4

echo "You did not provide a specific port, defaulting to ${DEFAULT_PORT}"

port="${DEFAULT_PORT}" 5

fi

echo "Attempting to grab the Server header of ${ip_address}"..."

result=$(curl -s --head "${ip_address}:${port}" | grep Server | awk -F':' '{print $2}') 6

echo "Server header for ${ip_address} on port ${port} is: ${result}"

Listing 4-15

Extracting the server response header from web servers

This interactive script asks the user to provide details about the

target on the command line. First, we use the read command to

prompt the user to enter an IP address and assign this value to the

ip_address variable 1. We then ask the user for the desired port

number and save that to the port variable 2.

At, 3 we check whether the ip_address variable length is zero

using the -z test and exit if this condition is true. Next, we do the

same check on the port variable 4. This time, if the user didn’t

provide a port, we use the default HTTP port, 80 5. At 6, we store the