LabEx
Log InJoin Free

Kali Automation with Bash and Python

Kali LinuxBeginner
Practice Now

Introduction

In this lab, you will learn how to automate tasks in Kali Linux using Bash and Python scripts. The focus is on streamlining repetitive security auditing tasks such as network scanning with Nmap and log parsing. You will create scripts, set permissions, schedule automated tasks with Cron jobs, and test their execution. This lab provides detailed, step-by-step guidance to build foundational automation skills in a Kali Linux container. When you open the terminal, you will be automatically connected to the Kali Linux container's shell, ready to begin.

Setting Up the Environment and Installing Tools

In this first step, you will prepare your working environment inside the Kali Linux container by installing the necessary tools. This is a foundational step to ensure you have all the required software for the automation tasks ahead.

When you open the terminal, you are automatically connected to the Kali Linux container's shell. You can begin working immediately.

First, update the package list to ensure you can fetch the latest versions of software.

apt update

Next, install nmap for network scanning and python3 for scripting. These tools are critical for the tasks in this lab.

apt install -y nmap python3 nano

The installation may take a few moments. Once it completes, verify that nmap is installed by checking its version.

nmap --version

The output should be similar to the following, confirming that nmap is ready for use.

Nmap version 7.x ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.4.6 openssl-3.0.11 libpcre-8.39 libpcap-1.10.1 nmap-libdnet-1.12 ipv6
Compiled without:
Available NSE scripts: 655

Next, verify the python3 installation.

python3 --version

The output will show the installed Python version, similar to this:

Python 3.x.x

With these tools installed, your Kali Linux environment is prepared for the automation tasks in the upcoming steps.

Creating a Bash Script for Nmap Scans

Now that your environment is set up, you will create a Bash script to automate Nmap scans. Bash scripting is a powerful way to automate command-line tasks in Linux. In this step, you will write a simple script to run an Nmap scan on localhost.

First, use the nano text editor to create a new file named nmap_scan.sh in the /root directory.

nano /root/nmap_scan.sh

This command opens a blank file in the nano editor. Type or paste the following content into the editor:

#!/bin/bash
echo "Starting Nmap scan on localhost..."
nmap localhost
echo "Scan completed."

This script contains three main parts:

  • #!/bin/bash: This line, known as a shebang, specifies that the script should be executed with the Bash interpreter.
  • echo "...": These commands print status messages to the terminal.
  • nmap localhost: This command runs a basic Nmap scan on your local machine, which is a safe target for practice.

To save the file in nano, press Ctrl+O, then press Enter to confirm the filename. To exit the editor, press Ctrl+X.

After returning to the terminal, verify that the file was created successfully by listing the contents of the /root directory.

ls -l /root

You should see your new script in the output, similar to this:

-rw-r--r-- 1 root root 85 Oct 20 10:15 nmap_scan.sh

This confirms that the file nmap_scan.sh exists. In the next steps, you will make this script executable and test it.

Creating a Python Script for Log Parsing

Next, you will write a Python script to automate log parsing. Log parsing is a common task in security analysis, where you extract specific information from log files. Python is well-suited for this due to its powerful text-processing capabilities.

First, create a sample log file for your script to parse. Run the following command to create a file named sample.log in the /root directory with some example log entries.

echo -e "2023-10-20 10:00:00 INFO System started\n2023-10-20 10:01:00 ERROR Connection failed\n2023-10-20 10:02:00 INFO User logged in" > /root/sample.log

Now, create the Python script. Use nano to create a new file named log_parser.py.

nano /root/log_parser.py

In the nano editor, type or paste the following Python code:

#!/usr/bin/env python3
print("Starting log parsing...")
with open('/root/sample.log', 'r') as file:
    for line in file:
        if 'ERROR' in line:
            print(line.strip())
print("Log parsing completed.")

This script opens /root/sample.log, reads it line by line, and prints only the lines that contain the word ERROR. The strip() method removes any leading or trailing whitespace from the line.

Save the file by pressing Ctrl+O and Enter, then exit nano by pressing Ctrl+X.

Verify that both the log file and the Python script exist in the /root directory.

ls -l /root

The output should now list both files:

-rw-r--r-- 1 root root 150 Oct 20 10:22 log_parser.py
-rw-r--r-- 1 root root  85 Oct 20 10:15 nmap_scan.sh
-rw-r--r-- 1 root root 112 Oct 20 10:20 sample.log

You have successfully created a Python script for log parsing. The next step is to set the correct permissions for both scripts.

Setting Permissions and Testing Scripts

With both scripts created, the next step is to make them executable and test them. In Linux, a script needs execute permissions to be run directly from the terminal.

First, check the current permissions of the files.

ls -l /root

The output shows the permissions in the first column. The -rw-r--r-- indicates that the files are readable and writable but not executable.

-rw-r--r-- 1 root root 150 Oct 20 10:22 log_parser.py
-rw-r--r-- 1 root root  85 Oct 20 10:15 nmap_scan.sh
-rw-r--r-- 1 root root 112 Oct 20 10:20 sample.log

Use the chmod command with the +x flag to add execute permissions to both scripts.

chmod +x /root/nmap_scan.sh
chmod +x /root/log_parser.py

Now, check the permissions again.

ls -l /root

The x in the permissions string (-rwxr-xr-x) confirms that the files are now executable.

-rwxr-xr-x 1 root root 150 Oct 20 10:22 log_parser.py
-rwxr-xr-x 1 root root  85 Oct 20 10:15 nmap_scan.sh
-rw-r--r-- 1 root root 112 Oct 20 10:20 sample.log

With permissions set, test the Bash script by running it.

/root/nmap_scan.sh

The script will execute the Nmap scan and print the results, which should look similar to this:

Starting Nmap scan on localhost...
Starting Nmap 7.94 ( https://nmap.org ) at 2023-10-20 10:30 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up, received user-set (0.00010s latency).
Other addresses for localhost (not scanned): ::1
rDNS record for 127.0.0.1: localhost
Not shown: 999 closed tcp ports (conn-refused)
PORT   STATE SERVICE
...
Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds
Scan completed.

Next, test the Python script.

/root/log_parser.py

The script will parse the log file and print only the line containing "ERROR".

Starting log parsing...
2023-10-20 10:01:00 ERROR Connection failed
Log parsing completed.

Both scripts are now working correctly. The final step is to schedule them to run automatically.

Scheduling Scripts with Cron Jobs

In this final step, you will automate the execution of your scripts using Cron. Cron is a time-based job scheduler in Linux that allows you to run commands or scripts at specified intervals.

To schedule a job, you need to edit the crontab file. Open the crontab editor by running the following command.

crontab -e

If prompted to choose an editor, select nano by entering its corresponding number and pressing Enter.

Scroll to the bottom of the file and add the following lines. These lines schedule both scripts to run every minute.

* * * * * /root/nmap_scan.sh >> /root/nmap_scan.log 2>&1
* * * * * /root/log_parser.py >> /root/log_parser.log 2>&1

Let's break down this configuration:

  • * * * * *: This is the schedule. The five asterisks represent minute, hour, day of the month, month, and day of the week. All asterisks mean the job will run every minute of every hour of every day.
  • /root/nmap_scan.sh: This is the command to be executed.
  • >> /root/nmap_scan.log: This redirects the standard output of the script and appends it to a log file.
  • 2>&1: This redirects the standard error stream to the standard output, ensuring that error messages are also captured in the log file.

Save the changes in nano by pressing Ctrl+O and Enter, then exit with Ctrl+X. You should see a confirmation message.

crontab: installing new crontab

To verify that the jobs are scheduled, list the current crontab entries.

crontab -l

The output should display the lines you just added.

* * * * * /root/nmap_scan.sh >> /root/nmap_scan.log 2>&1
* * * * * /root/log_parser.py >> /root/log_parser.log 2>&1

The cron jobs are now set up. After a minute, you can check the log files to see the output of the automated script executions.

cat /root/nmap_scan.log
cat /root/log_parser.log

This confirms that your scripts are running automatically as scheduled.

Summary

In this lab, you have learned the fundamentals of automation in Kali Linux using Bash and Python. You began by preparing your environment and installing essential tools like Nmap and Python. You then created a Bash script to automate network scans and a Python script for log parsing. You also learned how to set execute permissions, test your scripts, and schedule them for automatic execution using Cron jobs. These skills provide a solid foundation for automating repetitive tasks in cybersecurity and system administration.

Related Kali Linux Courses
Kali Linux for Beginners

Kali Linux for Beginners

cybersecuritykalilinux
Kali Server Exploitation in Action

Kali Server Exploitation in Action

cybersecuritykalilinux