Quartz 4

15 - Automation

4 min read

Automation

Objectives: By the end of this topic, you will be able to…

  • Create scripts in Bash or Python to automate security tasks
  • Integrate Kali tools into functional scripts
  • Read, process, and filter results from other tools
  • Use scripting to support reconnaissance, analysis, and defense

Introduction to Bash and Python scripting for security

Scripting is an essential skill in cybersecurity for automating repetitive tasks, creating custom tools, and responding quickly to incidents.

  • Bash is ideal for system automation, interaction with command-line tools, file manipulation, and command execution
  • Python offers more flexibility and readability for data processing, API interaction, log analysis, and complex scripting

Both languages are extensively used in offensive and defensive security.

Automating repetitive tasks

In Bash

  • Network scanning with nmap across multiple IP ranges
  • Log filtering with grep, awk, sed
  • Bulk URL downloading with curl or wget
  • Real-time file or process monitoring

In Python

  • Parsing .log or .pcap files
  • Automating API calls (e.g., VirusTotal, Shodan)
  • Processing data from scanners like nmap or nikto
  • Generating custom reports or alerts
  • Automated vulnerability exploitation wrappers

Best practices in security scripting

  • Documentation: include clear comments and explanations
  • Input validation: never trust parameters without sanitizing
  • Logging: record actions, errors, and results in a readable format
  • No hardcoded credentials: use configuration files or environment variables
  • Error handling: do not allow the script to fail silently
  • Portability: avoid unnecessary dependencies or absolute paths
  • Permissions: understand and limit privileges required by the script

Examples of tool integration

Bash: extract IPs with port 22 open

nmap -p 22 --open -oG - 192.168.1.0/24 | grep '/open/' | awk '{print $2}'

Python: send URLs to an API

import requests
 
urls = ['http://example.com', 'http://test.com']
for url in urls:
    response = requests.get(f'https://urlscan.io/api/v1/scan/', params={'url': url})
    print(response.json())

Bash: extract domains from a file

cat file.txt | grep -Eo 'https?://[^/"]+' | sort -u

Python: run nmap via subprocess

import subprocess
 
result = subprocess.run(['nmap', '-sS', '192.168.0.1'], capture_output=True, text=True)
print(result.stdout)

Hands-on lab

Requirements: Kali Linux, Python 3, command-line tools

Part 1: Basic network scripting

A. Local network scanning in Bash:

#!/bin/bash
echo "Scanning local network 192.168.1.0/24..."
for ip in $(seq 1 254); do
    (ping -c 1 -W 1 192.168.1.$ip | grep "64 bytes" && echo "192.168.1.$ip is active") &
done
wait

Tasks: save output to file, add response time and timestamp.

B. Python script for nmap scanning:

import subprocess
import sys
 
target = sys.argv[1] if len(sys.argv) > 1 else "192.168.1.1"
print(f"Scanning all ports on {target}...")
 
result = subprocess.run(["nmap", "-p-", target], capture_output=True, text=True)
with open(f"nmap_{target}.txt", "w") as f:
    f.write(result.stdout)

Tasks: use argparse for target IP and output file, detect and list open ports separately.

Part 2: Information gathering automation

Create a script that:

  1. Receives a domain as argument
  2. Executes whois, dig, nslookup, host, curl -I
  3. Extracts A and MX records with dig and saves them

Part 3: Mini-project (choose one)

Option A: Network scan with latency

  • Record active IPs and response time, save in CSV format

Option B: Apache log analysis

  • Read access.log, search for SQL commands, 403/500 status codes, IPs with multiple failed attempts
  • Save suspicious IPs and hourly summary

Option C: Automated web profiling

  • Receive a domain, run nmap, whois, whatweb
  • Generate report with open ports, detected technologies, domain owner

Submission

Compressed folder with:

  • Functional and commented scripts
  • Generated results (txt/csv)
  • README.md with: explanation of each script, what it automates, execution instructions

Key concepts

TermDefinition
BashDefault command interpreter and scripting language on Linux
PythonVersatile programming language used for security automation
subprocessPython module for executing system commands
argparsePython module for parsing command-line arguments
ScriptingWriting short programs to automate repetitive tasks

Test yourself

  1. Bash: Write a script that receives a file with a list of IPs (one per line) and runs nmap -sV against each one, saving the results in separate files.

  2. Python: What advantages does Python offer over Bash for processing JSON output files from tools like bandit or trivy?

  3. Automation: On a security team, which repetitive tasks would benefit most from automation? Give three specific examples and briefly describe how you would automate them.

Navigation:Previous | Home | Next

Graph View

Backlinks