请点击文末#Bug Bounty Bootcamp标签查看合集或关注公众号点击底部【漏洞书籍】子菜单,如果对您有帮助还请点赞、在看、评论、转发、关注、打赏哦,您的互动就是我更新最大的动力!
我假设您对编程语言的工作原理有基本的知识,包括变量、条件语句、循环和函数,所以如果您不熟悉这些概念,请在Codecademy(https://www.codecademy.com/)学习编程入门课或阅读一本编程书。
了解Bash脚本编写的基础知识
nmap scanme.nmap.org
/PATH/TO/dirsearch.py -u scanme.nmap.org -e php
nmap $1
/PATH/TO/dirsearch.py -u $1 -e php
export PATH="PATH_TO_DIRSEARCH:$PATH"
执行此命令后,您应该能够直接使用Dirsearch搜索:
nmap $1
dirsearch.py -u $1 -e php
./recon.sh
你可能会看到这样的信息:
permission denied: ./recon.sh
chmod +x recon.sh
chmod 700 recon.sh
将工具输出保存到一个文件中
下面是一些最有用的重定向操作符:
PROGRAM > FILENAME 将程序的输出写入与FILENAME同名的文件中。
(它将首先清除文件中的所有内容。如果该文件还不存在,那么它将创建该文件。)
PROGRAM >> FILENAME 将程序的输出附加到文件的结尾,而不清除文件的原始内容。
PROGRAM < FILENAME 从文件中读取,并使用其内容作为程序输入。
PROGRAM1 | PROGRAM2 使用PROGRAM1的输出作为PROGRAM2的输入。
例如,我们可以将Nmap和Dirsearch扫描的结果写入不同的文件中:
echo "Creating directory $1_recon." 【1】
mkdir $1_recon 【2】
nmap $1 > $1_recon/nmap 【3】
echo "The results of nmap scan are stored in $1_recon/nmap."
/PATH/TO/dirsearch.py -u $1 -e php 【4】 --simple-report=$1_recon/dirsearch
echo "The results of dirsearch scan are stored in $1_recon/dirsearch."
bash中的变量可以使用以下语法进行指定:
PATH_TO_DIRSEARCH="/Users/vickieli/tools/dirsearch"
DOMAIN=$1
DIRECTORY=${DOMAIN}_recon 【1】
echo "Creating directory $DIRECTORY."
mkdir $DIRECTORY
nmap $DOMAIN > $DIRECTORY/nmap
echo "The results of nmap scan are stored in $DIRECTORY/nmap."
$PATH_TO_DIRSEARCH/dirsearch.py -u $DOMAIN -e php –simple-report=$DIRECTORY/dirsearch 【2】
echo "The results of dirsearch scan are stored in $DIRECTORY/dirsearch."
【1】我们使用${DOMAIN}_recon而不是$DOMAIN_recon,否则,bash将把整个DOMAIN_recon识别为变量名
花括号告诉bash DOMAIN是变量名,而_recon是我们要附加到它上面的文本。
将扫描的日期添加到输出中
PATH_TO_DIRSEARCH="/Users/vickieli/tools/dirsearch"
TODAY=$(date) 【1】
echo "This scan was created on $TODAY" 【2】
DOMAIN=$1
DIRECTORY=${DOMAIN}_recon
echo "Creating directory $DIRECTORY."
mkdir $DIRECTORY
nmap $DOMAIN > $DIRECTORY/nmap
echo "The results of nmap scan are stored in $DIRECTORY/nmap."
$PATH_TO_DIRSEARCH/dirsearch.py -u $DOMAIN -e php --simple-report=$DIRECTORY/dirsearch
echo "The results of dirsearch scan are stored in $DIRECTORY/dirsearch."
正在添加选项以选择要运行的工具
if语句
if [ condition 1 ]
then
# 如果条件1被满足则运行
elif [ condition 2 ]
then
# 如果条件2满足且条件1不满足则运行
else
# 如果条件1和条件2都不满足则运行
fi
假设我们希望用户能够指定扫描模式,例如:
./recon.sh scanmme.nmap.org MODE
我们可以像这样实现以下功能:
PATH_TO_DIRSEARCH="/Users/vickieli/tools/dirsearch"
TODAY=$(date)
echo "This scan was created on $TODAY"
DOMAIN=$1
DIRECTORY=${DOMAIN}_recon #作者写的脚本有问题,此处的domain应该是从$1接收的,但是作者忘了写这行,本文已修改此错误
echo "Creating directory $DIRECTORY."
mkdir $DIRECTORY
if [ $2 == "nmap-only" ] 【1】
then
nmap $DOMAIN > $DIRECTORY/nmap 【2】
echo "The results of nmap scan are stored in $DIRECTORY/nmap."
elif [ $2 == "dirsearch-only" ] 【3】
then
$PATH_TO_DIRSEARCH/dirsearch.py -u $DOMAIN -e php –simple-report=$DIRECTORY/dirsearch 【4】
echo "The results of dirsearch scan are stored in $DIRECTORY/dirsearch."
else 【5】
nmap $DOMAIN > $DIRECTORY/nmap 【6】
echo "The results of nmap scan are stored in $DIRECTORY/nmap."
$PATH_TO_DIRSEARCH/dirsearch.py -u $DOMAIN -e php --simple-report=$DIRECTORY/dirsearch
echo "The results of dirsearch scan are stored in $DIRECTORY/dirsearch."
fi
./recon.sh scanme.nmap.org nmap-only
./recon.sh scanme.nmap.org dirsearch-only
运行其他工具
./recon.sh scanme.nmap.org nmap-only
./recon.sh scanme.nmap.org dirsearch-only
./recon.sh scanme.nmap.org crt-only
case语句
case $VARIABLE_NAME in
case1)
Do something
;;
case2)
Do something
;;
caseN)
Do something
;;
*)
#默认情况下,如果没有其他情况相匹配,则执行此情况。
;;
esac
PATH_TO_DIRSEARCH="/Users/vickieli/tools/dirsearch"
TODAY=$(date)
echo "This scan was created on $TODAY"
DOMAIN=$1
DIRECTORY=${DOMAIN}_recon
echo "Creating directory $DIRECTORY."
mkdir $DIRECTORY
case $2 in
nmap-only)
nmap $DOMAIN > $DIRECTORY/nmap
echo "The results of nmap scan are stored in $DIRECTORY/nmap."
;;
dirsearch-only)
$PATH_TO_DIRSEARCH/dirsearch.py -u $DOMAIN -e php --simple-report=$DIRECTORY/dirsearch
echo "The results of dirsearch scan are stored in $DIRECTORY/dirsearch."
;;
crt-only)
curl "https://crt.sh/?q=$DOMAIN&output=json" -o $DIRECTORY/crt 【1】
echo "The results of cert parsing is stored in $DIRECTORY/crt."
;;
*)
nmap $DOMAIN > $DIRECTORY/nmap
echo "The results of nmap scan are stored in $DIRECTORY/nmap."
$PATH_TO_DIRSEARCH/dirsearch.py -u $DOMAIN -e php --simple-report=$DIRECTORY/dirsearch
echo "The results of dirsearch scan are stored in $DIRECTORY/dirsearch."
curl "https://crt.sh/?q=$DOMAIN&output=json" -o $DIRECTORY/crt
echo "The results of cert parsing is stored in $DIRECTORY/crt."
;;
esac
FUNCTION_NAME()
{
DO_SOMETHING
}
在声明了一个函数之后,您可以像调用脚本中其他shell命令一样调用它。让我们在脚本中添加函数:
PATH_TO_DIRSEARCH="/Users/vickieli/tools/dirsearch"
TODAY=$(date)
echo "This scan was created on $TODAY"
DOMAIN=$1
DIRECTORY=${DOMAIN}_recon
echo "Creating directory $DIRECTORY."
mkdir $DIRECTORY
nmap_scan() 【1】
{
nmap $DOMAIN > $DIRECTORY/nmap
echo "The results of nmap scan are stored in $DIRECTORY/nmap."
}
dirsearch_scan() 【2】
{
$PATH_TO_DIRSEARCH/dirsearch.py -u $DOMAIN -e php --simple-report=$DIRECTORY/dirsearch
echo "The results of dirsearch scan are stored in $DIRECTORY/dirsearch."
}
crt_scan() 【3】
{
curl "https://crt.sh/?q=$DOMAIN&output=json" -o $DIRECTORY/crt
echo "The results of cert parsing is stored in $DIRECTORY/crt."
}
case $2 in 【4】
nmap-only)
nmap_scan
;;
dirsearch-only)
dirsearch_scan
;;
crt-only)
crt_scan
;;
*)
nmap_scan
dirsearch_scan
crt_scan
;;
esac
nmap_scan()
{
nmap $1 > $DIRECTORY/nmap
echo "The results of nmap scan are stored in $DIRECTORY/nmap."
}
nmap_scan
原文始发于微信公众号(SecurityBug):编写你自己的信息收集脚本1
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论