You sit there in front of your desk after getting hired in to a security position, and quickly realize that it is no point-and-click job. Security on both sides of the house leverage the power of programming to automate tasks. This can be anything from alerting on specific key words on logs, to making a quick script to gather information for the environment you just caught a shell from. Even more so it will truly help in research such as, exploit development, digital forensics, and data collection and analysis.
So let’s drop into an example of a simple coding challenge you could have in SecureState’s CTF event.
All security personnel need to automate a task for data collection. Create a script that collects the HTTP banners from a list of URLs
First, the user must be able to supply a list of IP addresses and a port. Without a specific language tasked for this challenge, I’ll use Python as it is extremely flexible and does not require compilation.
So lets break down what we need to know based on the description of the task:
- We need to parse user input to pull out user supplied information
- We need to make a successful connection to a web server based off a valid URL.
- We need to be able to pull back and save the header/banner information from the webserver.
- We need to display the output and save the output to a file if requested.
Since we know what the functionality is required lets break it down a little more. Of how we can do this, please note there are always multiple methods to complete the same task in programming. Think outside of the box sometimes, but remember always try to be as simplistic as possible, as it will require less time to create the script or program to complete the task at hand.
For parsing user input we will utilize Python’s base library of argparse. This library provides command line argument parsing. Furthermore it gives the capability of defining what the user input should be.
Next, we need to be able to make web requests to the server. To do this we could go with Python’s socket module and build a raw request from the ground up, but to keep it simplistic we are going to utilize the requests library. This library will take all the effort down to single line of code and do all the raw requests in the back end for us. Why make it harder right? Remember researching is your friend, look for libraries that will provide the functionality that need.
Python itself can natively open files for read and write with out importing extra libraries, and we will utilize argparse to define the variable type for user input. Save the script out as get-http-headers.py
Lets run the script see what the output looks like.
python3 get-http-headers.py urls-to-test.txt
A sample output of this script is: