Merge branch 'main' of https://github.com/PacktPublishing/Bash-Shell-…

…Scripting-for-Pentesters

Chapter13/ch13_parse_httpx.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # Function to parse a single JSON object
 parse_json() {

Chapter13/nmap_results.csv → Chapter13/scan_results.csv

@@ -2,4 +2,4 @@ IP,Hostname,Port,Service,Version
 192.168.1.1,gateway,80,http,Apache 2.4.41
 192.168.1.10,webserver,443,https,nginx 1.18.0
 192.168.1.20,database,3306,mysql,MySQL 5.7.32
-192.168.1.30,fileserver,22,ssh,OpenSSH 8.2p1
+192.168.1.30,fileserver,22,ssh,OpenSSH 8.2p1

Chapter14/ch14_auto_obfuscate_1.sh

@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+
+# Function to encode a string using base64
+encode_base64() {
+    echo "$1" | base64
+}
+# Function to obfuscate variable names
+obfuscate_var_name() {
+    echo "var_$(openssl rand -hex 4)"
+}
+
+# Function to obfuscate a command using command substitution
+obfuscate_command() {
+    local cmd="$1"
+    echo "$(echo "$cmd" | od -A n -t x1 | tr -d ' \n')"
+}
+# Main function to generate an obfuscated script
+generate_obfuscated_script() {
+    local original_script="$1"
+    local obfuscated_script=""
+    while IFS= read -r line; do
+# Obfuscate variable assignments
+        if [[ "$line" =~ ^[[:space:]]*([a-zA-Z_][a-zA-Z0-9_]*)[[:space:]]*= ]]; then
+            var_name="${BASH_REMATCH[1]}"
+            new_var_name=$(obfuscate_var_name)
+            line="${line//$var_name/$new_var_name}"
+        fi
+# Obfuscate commands
+        if [[ "$line" =~ ^[[:space:]]*([-a-zA-Z0-9_]+) ]]; then
+            cmd="${BASH_REMATCH[1]}"
+            obfuscated_cmd=$(obfuscate_command "$cmd")
+            line="${line//$cmd/\$(echo -e \"\x$(echo "$obfuscated_cmd" | sed 's/../\\x&/g')\")}"
+        fi
+obfuscated_script+="$line"$'\n'
+    done < "$original_script"
+
+    echo "$obfuscated_script"
+}
+
+original_script="original_script.sh"
+obfuscated_script=$(generate_obfuscated_script "$original_script")
+echo "$obfuscated_script" > obfuscated_script.sh

Chapter14/ch14_gather_basic_info.sh

@@ -1,23 +1,23 @@
 #!/usr/bin/env bash
-echo "System Information:"
-echo "==================="
-echo "Hostname: $(hostname)"
-echo "Kernel version: $(uname -r)"
-echo "OS: $(cat /etc/os-release | grep PRETTY_NAME | cut -d'"' -f2)"
-echo "CPU: $(lscpu | grep 'Model name' | cut -d':' -f2 | xargs)"
-echo "Memory: $(free -h | awk '/^Mem:/ {print $2}')"
-echo -e "\nNetwork Information:"
-echo "==================="
-ip addr | awk '/inet / {print $2}'
-echo -e "\nInstalled Security Software:"
-echo "==========================="
-if command -v systemctl &> /dev/null; then
-    systemctl list-units --type=service | grep -iE '(antivirus|security|protect|defend|guard)'
-else
-    service --status-all | grep -iE '(antivirus|security|protect|defend|guard)'
-fi
+echo "Checking for AV/EDR presence..."
+# Process check
+echo "Processes:"
+ps aux | grep -E "(av|edr|protect|defend|guard)"
 
-echo -e "\nOpen Ports:"
-echo "==========="
-ss -tuln | grep LISTEN
+# File system check
+echo "Suspicious directories:"
+ls -l /opt /etc | grep -E "(av|antivirus|edr|protect)"
 
+# Network connections
+echo "Network connections:"
+ss -tuln | grep -E "(8080|443|22)"
+
+# Service check
+echo "Services:"
+systemctl list-units --type=service | grep -E "(av|antivirus|edr)"
+
+# Kernel modules
+echo "Kernel modules:"
+lsmod | grep -E "(av|edr|protect)"
+
+echo "Enumeration complete."