Bash

grep command

The grep command can search for a something in a file or group os files.

For example:

ping 192.168.4.29 -c 1 > ip.txt

cat ip.tx | grep "64 bytes"

Here we ping an IP address and create a .txt whit that information, then we grep to read the information we are interested in.

-c (channel) Ex:ping "IP Address" -c 1 (ping once)

cut command

For example:

cat ip.tx | grep "64 bytes" | cut -d " " -f 4

"|" this is the symbol for pipe and we use it to pipe the output of a command.

-d stands for delimiter

-f stands for field

In this example after cat ip.txt | grep "64 bytes" then we | cut -d " "(we are delimiting the space character) -f 4(selecting field 4 after delimiting spaces) this is very common for finding IP Addresses.

Then to eliminate ":" we are using the tr (translate) command:

cat ip.tx | grep "64 bytes" | cut -d " " -f 4 | tr -d ":"

Arguments and operators

First of all creating a .sh file with our favourite text editor.

Ex: nano ipsweep.sh

#!/bin/bash
for ip in 'seq 1 254'; do
cat ip.tx | grep "64 bytes" | cut -d " " -f 4 | tr -d ":" &
done

seq (sequence)

$ (argument)

& means that the preceding commands—to the immediate left of the &—should simply be run in the background

&& means “and”

We can improve this calling the first part of the IP Address $1

|| means or

if, then, else

#!/bin/bash
	
if[ "$1"==""]
then
echo"You forgot an IP address!"
echo"Syntax: ./ipsweep.sh 192.168.1"

else
  foripin`seq 1 254`;do
    ping -c 1 $1.$ip|grep "64 bytes"|cut -d ""-f 4 |tr -d ":"&
  done
fi # close if command

One-liners

for ip in $(cat ips.txt); do nmap $ip; done

Basic Script Examples and explanations

- File compressed multiple times:

#!/bin/bash

name_decompressed-$(7z l content.gzip | grep "Name" -A 2 | tail -n 1 | awk 'NF{print $NF}')
7z x content.gzip > /dev/null 2>&1

while true; do
	7z l $name_decompressed > /dev/null 2>&1
	
	if ["$echo $?* == "0" ]; then
		decompressed_next=$(7z l $name_decompressed | grep "Name" -A 2 | tail -n 1 | awk 'NF{print $NF}')
		7z x $name_decompressed > /dev/null 2>&1 && name_decompressed=$decompressed_next
	else
		cat $name_decompressed; rm data* 2> /dev/null
		exit 1
	fi
done

  • grep "Name" -A 2 --> 2 lines after the match

  • tail -n 1 --> last line, lists from the end

  • head -n 1 --> first line, lists from the beggining

  • awk 'NF{print$NF}' --> last argument

  • awk '{print $1}' --> first argument

  • > /dev/null 2>&1 --> send errors and non errors to dev/null

  • echo $? --> status code (0 non error)

  • wc --> counts lines (-l), characters(-c),etc

  • tar and sed --> sustitute or delete

  • diff {file1} {file2} --> differences beteween 2 files

- Processes Monitoring

#!/bin/bash

old_process=$(ps -eo command)

while true; do
	new_process=$(ps -eo command)
	diff <(echo "$old_process") <(echo "$new_process") | grep -v -E "procmon|command"
	olf_process=$new_process
done

  • grep -E "{first_thing|second_thing}" or greep "{first_thing\|second_thing}" (in the second option to greep for 2 things, we are escapong the pipe(|)

  • greep -v "example" --> deletes the line where example exists

  • for i in $(seq 1 100); do echo $1; done --> 1 to 100

  • for i in $(001..100); do echo $1; done --> 001 to 100

Colours

#Colours
greenColour="\e[0;32m\033[1m"
endColour="\033[0m\e[0m"
redColour="\e[0;31m\033[1m"
blueColour="\e[0;34m\033[1m"
yellowColour="\e[0;33m\033[1m"
purpleColour="\e[0;35m\033[1m"
turquoiseColour="\e[0;36m\033[1m"
grayColour="\e[0;37m\033[1m"
	
#How to use
functionctrl_c(){
	echo-e "\n${redColour}[!] Saliendo...\n${endColour}"

	rm ut.t*money*total_entrada_salida.tmp entradas.tmp salidas.tmp bitcoin_to_dollars 2>/dev/null
	tput cnorm;exit1
}

- Exiting

In the previous example we used colours to define the script exiting.

  • tput cnorm --> recover mouse (tput civis hides mouse)

  • exit 1 --> code status unsuccessfull

Options or Menu for a script using getopts

parameter_counter=0
whilegetopts"e:n:i:a:h:"arg;do
	case$arg in
		e) exploration_mode=$OPTARG;letparameter_counter+=1;;
		n) number_output=$OPTARG;letparameter_counter+=1;;
		i) inspect_transaction=$OPTARG;letparameter_counter+=1;;
		a) inspect_address=$OPTARG;letparameter_counter+=1;;
		h) helpPanel;;
	esac
done

#Then we must set up the functions for each mode, ex:
functionhelpPanel(){
	echo-e "\n${redColour}[!] Uso: ./btcAnalyzer${endColour}"
	foriin$(seq 1 80);doecho-ne "${redColour}-";done;echo-ne "${endColour}"
	echo-e "\n\n\t${grayColour}[-e]${endColour}${yellowColour}Modo exploración${endColour}"
	echo-e "\t\t${purpleColour}unconfirmed_transactions${endColour}${yellowColour}:\t Listar transacciones no confirmadas${endColour}"
	echo-e "\t\t${purpleColour}inspect${endColour}${yellowColour}:\t\t\t Inspeccionar un hash${endColour}"
	echo-e "\t\t${purpleColour}address${endColour}${yellowColour}:\t\t\t Inspeccionar una dirección${endColour}"
	echo-e "\n\t${grayColour}[-n]${endColour}${yellowColour}Limitar el número de resultados${endColour}${blueColour}(Ejemplo: -n 10)${endColour}"
	echo-e "\n\t${grayColour}[-i]${endColour}${yellowColour}Proporcionar el hash de transacción${endColour}${blueColour}(Ejemplo: -i 000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f)${endColour}"
	echo-e "\n\t${grayColour}[-a]${endColour}${yellowColour}Proporcionar la dirección de transacción${endColour}${blueColour}(Ejemplo: -a 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa)${endColour}"
	echo-e "\n\t${grayColour}[-h]${endColour}${yellowColour}Mostrar este panel de ayuda${endColour}\n"
	
#Then to show the help panel when using an incorrect parameter:
if[ $parameter_counter-eq0 ];then
	helpPanel
else
	if[ "$(echo $exploration_mode)"=="unconfirmed_transactions"];then
		if[ !"$number_output"];then
			number_output=100
			unconfirmedTransactions $number_output
		else
			unconfirmedTransactions $number_output
		fi
	elif[ "$(echo $exploration_mode)"=="inspect"];then
		inspectTransaction $inspect_transaction
	elif[ "$(echo $exploration_mode)"=="address"];then
		inspectAddress $inspect_address
	fi
fi
PreviousCoding BasicsNextPython

Last updated