Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/maximilianfeldthusen/pentestwithgrep

script to perform simple pentest
https://github.com/maximilianfeldthusen/pentestwithgrep

Last synced: 6 months ago
JSON representation

script to perform simple pentest

Awesome Lists containing this project

README 

          

## Documentation



This script is a Bash shell script designed to perform penetration testing (PenTesting) on a specified directory by searching for potentially vulnerable code patterns using the `grep` command. Here's a breakdown of how the script works:



### Shebang and Comments

- `#!/bin/bash`: Indicates that the script should be run in the Bash shell.

- The comments provide information about the purpose of the script ("Pentest with UNIX grep tool...") and serve as a header.



### Argument Check

```bash

if [ $# -ne 1 ]; then

    echo "Usage: $(basename "$0") directory-to-grep-through"

    exit 1

fi

```

- This section checks if the script receives exactly one argument (the directory to search).

- If not, it prints a usage message and exits with a non-zero status.



### Configuration Variables

```bash

ADDITIONAL_GREP_ARGUMENTS="-A 1 -B 3 --color=always"

TARGET="./grep-output"

mkdir -p "$TARGET"

```

- `ADDITIONAL_GREP_ARGUMENTS`: Additional options for `grep` to show context and enable color output.

- `TARGET`: Directory where the output files will be saved. It creates this directory if it doesn't already exist.



### Feature Flags

```bash

DO_JAVA=true

DO_SPRING=true

DO_JSP=true

DO_ANDROID=true

DO_IOS=true

DO_PHP=true

DO_GENERAL=true

```

- These boolean flags determine whether the script should execute searches related to specific technologies (e.g., Java, Spring, JSP, etc.).



### Standard `grep` Arguments

```bash

GREP_ARGUMENTS="-nrP"

STANDARD_GREP_ARGUMENTS="$ADDITIONAL_GREP_ARGUMENTS $GREP_ARGUMENTS"

SEARCH_FOLDER="$1"

```

- `GREP_ARGUMENTS`: Contains options for `grep`:

  - `-n`: Show line numbers.

  - `-r`: Recursively search through directories.

  - `-P`: Use Perl-compatible regular expressions.

- `STANDARD_GREP_ARGUMENTS` combines additional options with standard options.

- `SEARCH_FOLDER` is set to the directory provided as an argument to the script.



### Output Information

```bash

echo "Your standard grep arguments: $STANDARD_GREP_ARGUMENTS"

echo "Output will be put into this folder: $TARGET"

echo "You are currently grepping through folder: $SEARCH_FOLDER"

sleep 2

```

- Displays the grep arguments, target output directory, and the directory being searched. It pauses for 2 seconds for user visibility.



### Function Definition

```bash

function search_grep {

    local search_string="$1"

    local outfile="$2"

    echo "Searching for $search_string --> writing to $outfile"

    grep -i $STANDARD_GREP_ARGUMENTS "$search_string" "$SEARCH_FOLDER" > "$TARGET/$outfile"

}

```

- This function performs the actual `grep` search. It takes two parameters: a search string and an output filename.

- It uses `grep` to search for the specified pattern in the provided directory and writes the results to the specified output file.



### Java-Specific Searches

```bash

if [ "$DO_JAVA" = true ]; then

    search_grep 'javax.crypto|bouncy.*?castle|new\sSecretKeySpec$$|messagedigest' "java_general_crypto.txt"

    ...

fi

```

- If the `DO_JAVA` flag is true, it performs several searches related to Java code patterns, which may indicate vulnerabilities or bad practices (e.g., searching for cryptographic classes, improper string comparisons, etc.).



### Conclusion

```bash

echo "Done grep. Results in $TARGET."

```

- After completing the searches, it indicates that the process is finished and specifies where the results can be found.



### Summary

This script is a useful tool for security professionals and developers to identify potential vulnerabilities in code by automating the searching process across multiple files and directories for specific patterns that could indicate security issues. The structure allows for easy expansion to add additional searches for other technologies by utilizing the defined flags.