Book Review: Penetration Testing with the Bash Shell

Penetration Testing with the Bash shellA few weeks ago, I reviewed Georgia’s book about penetration testing. In the same topic (pentesting), I was asked to review another one which focus on shell scripting using the bash shell. Keith Makan is the author of “Penetration Testing with the Bash Shell“. Bash is the default shell on many UNIX distributions and is also the primary interface between the operating system and the user when no graphical interface is available. Why talk about a shell in the scope of a penetration test? Simply because good pentesters write code! It’s almost impossible to complete a penetration test without write some lines of code. Because we need to gain time, we need more visibility and we need to parse thousands of lines or files. Usually, the UNIX shell is the first tool that we have to achieve such tasks. That’s the goal of the book. Throughout the chapters, Keith demonstrates how to take advantage of the many bash features to make your life easier.

In my opinion, the first chapter is completely optional: as a pentester, you already know Bash and how to find your way with the UNIX command line. Except the section about using grep and regular expression which is always a good reminder, you can jump immediately to the next chapter which will help you to customize your environment. Like a desktop, a shell can be customized to meet your requirements in terms of look and feel but also in terms of information displayed (as an example with the prompt). Formating the terminal output can also be useful to highlight some important information in your scripts. Most of the escape sequences are reviewed (like printing in red with ‘\033[31M”). A mention for the section covering the risk of information leak via the .bash_history and how to prevent this.

The remaining chapters talk about the different aspects of a penetration test project but always peformed with the help of our Bash shell. The chapter three focuses on the network reconnaissance with tools like whois, dig, dnsmap and target enumeration with arping, nmap. Each tool is briefly described with only the basic options (nmap has a book fully dedicated to it – a must have!). The next chapter covers the exploitation and reverse-engineering. The tool used is Metasploit and more precisely msfcli. Nice examples of Bash/msfcli integrations are provided like this one:

for range in `whois –i mnt-by [maintainer]|awk –F '/inetnum/ { print $2"-"$4 }'
do
  msfcli auxiliary/scanner/portscan/syn RHOSTS=$range E
done

The other tools used are msfpayload, objdump and gdb (the GNU debugger). Then, exploitation and network monitoring are covered in the fifth chapter. How to abuse MAC addresses and the ARP protocol, DNS spoofing, SNMP probing, SMTP, brute-force password (using Medusa) and tcpdump. SSL auditing using SSLize and another interesting Bash script are also part of this chapter. And finally some tools for websites assessment are reviewed.

Across the 130 pages of the book, many (too much?) tools are presented and all the exercices remain inline with the title: everything is performed from a Bash shell. But major programs like nmap or metasploit cannot be covered in a few pages. I think that the book is missing more Bash scripts examples like writing a port scanner or extracting juicy information from downloaded HTML pages, etc (those are just examples). This can be useful when you don’t have your toolbox with you. The book is interesting if you’re a newcomer in the infomation security (not only pentesting) field and you’re looking for nice command line exercices.. If you want to increase your “script-fu“, have look at the blog Command Line Kung Fu. My conclusion is that this book is an entry-level and definitively not for experienced pentesters.

The book is published by PacktPub and is available here.

2 comments

  1. I bought this book a couple months ago and largely share your opinion. I was a bit dissapointed that there are only 60 pages that can be called ‘penetration testing’ (p64-122).
    Entry level indeed, a more appropriate title would’ve been “A short introduction to bash and penetration testing.”

    PS The book also has a lot of typos (for example page 62 eht0 and a missing \ in the top screenshot).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.