Skip navigation
Menu
Security

A Tool Harness

Automate your command-line tools with this simple shell script

I've written a homegrown tool that automates other command-line tools by using input data from a text file. My tool is a simple, one-line shell script that works on Windows, Linux, and Mac OS X with just a few modifications.

How It Works
Let's say you run a firewall report of the top outgoing activity destinations by users of your network. Unfortunately, the firewall doesn't perform the IP address-to-name lookup function and instead simply gives you a list of IP addresses and the number of connections initiated for each address, similar to the information in Table 1.

This report would become much more interesting (and useful) if the IP addresses were resolved to domain names. Then it would reveal at a glance which users were visiting a portal, streaming music, accessing Web mail, or conducting other types of Internet-based activities.

Several common command-line tools such as Whois, dig, and Microsoft's NBTStat help you resolve IP addresses to their owners, DNS names, and Windows NetBIOS names, respectively. It's easy to run Whois for a single address. For example, typing 

whois 66.102.7.99

shows you who owns that IP address. The tool takes a few seconds to run and you need to scroll through the output to find the data you want.

To automate the process of reading a list of objects, such as our firewall-report IP addresses, from a text file and processing each object through the Whois command, you can write a wrapper. The first step is to copy the IP addresses into a text editor, one per line, 

66.102.7.99 

216.239.63.83 
66.94.230.34 
207.68.183.35 
17.112.152.32 
66.102.7.104
66.102.7.147

and save the entries as a text file, with a name like data.txt.

The next step is to create a short script that reads the file, loops through each item in the file, executes a command targeting each item, and manipulates the output to improve the presentation. Many systems administrators use Linux and Mac OS X as well as Windows, so fortunately, it's easy to port this useful script between platforms. We'll look at the Bourne-Again Shell (BASH) version of the script first and then the same script as a Windows shell script.

The Linux and Mac OS X Version
BASH is the standard command-line shell in Linux and Mac OS X. The script below loops through the contents of the data.txt file and performs a Whois lookup on each IP address contained in the file: 

for ip in $(cat data.txt); do
  whois $ip | echo "$ip $(grep
 'OrgName')"; done

This script is a simple loop consisting of three steps separated by semicolons. The first step sets up a for ... in loop, defines the ip variable to represent the IP address, and defines a variable to represent the source of the data. The variable representing the objects to be used is populated by using the cat command. Specifically, $(cat data.txt) means use the output of the cat data .txt command—in this case, the list of IP addresses—as a variable. Cat simply sends the contents of a text file to output. In summary, for ip in $(cat data.txt) means, "Loop through every item in the data.txt file and store each one in the variable ip for immediate processing by the core of the script."

The second part of the loop, which contains the do statement, provides the core functionality of the script— this is where the magic happens. Generally this is the section you'll customize when running the script with different tools. The Bash statement do executes the whois command against the $ip variable.

Our sample script goes a bit further by using the pipe (|) character to send the output of the whois command to the echo command, which lets us customize the formatting of the output. In our example, we print out the IP address followed by the line of the whois output that contains the string OrgName. You can leave out the echo command and the script will still run, but it will display the entire whois output for every IP address, which would be lengthy.

The grep command is encapsulated with the variable notation $(grep ... ), which lets us nest commands within other commands. Otherwise, the echo command would simply print the word grep to the screen instead of executing the grep command. The last portion of the script, the keyword done, concludes the loop.

Running this script against the data.txt file generates the output you see in Figure 1.

Customizing for a Different Tool
Whois is great for finding the owner of an IP address, but what if we want to do a reverse DNS lookup? We need a different tool—dig—but the script needs only very minor modifications: 

for ip in $(cat data.txt); do
  dig -x $ip | grep -v ';' ;
  done

The main change to the script is the command that we want to execute. In this case, we run the dig command in reverse-lookup mode with the parameter -x, feed it the IP address $ip, and then send the results to grep and instruct it to print only the lines that don't include a semicolon (-v ';'), which makes the output more readable.

Customizing for Windows
Windows supports a variety of scripting languages such as JScript and VBScript, but for simply processing a command against a list of items, the scripting capabilities of the Windows command shell do just fine. The Windows script resembles the previous BASH scripts in structure but has a different syntax. The following Windows version of the script uses the NBTStat tool to look up the NetBIOS names of computers given their IP address: 

echo off & (for /F %i in
  (data.txt) do echo %i
  & nbtstat -a %i | find 
  " UNIQUE") & echo on

To reduce output clutter, we first disable the output of the commands from the batch file by using the echo off command. Whereas BASH requires a semicolon to separate commands, the Windows command shell uses an ampersand (&) to chain several instructions together.

The Windows shell for ... in loop uses a syntax different from the BASH loop. The /F parameter instructs the statement to look for a file. The variables are defined and referenced by using a percent sign and a single character (e.g., %i).

The do statement tells the script to print out the IP address by echoing the %i variable and then displaying only the nbtstat command output that includes lines containing UNIQUE. Figure 2 shows the output of this script running on a Windows system, displaying NetBIOS names for a short list of IP addresses.

You've Got the Power
The simple tool that I've demonstrated here lets you harness any of your favorite command-line tools and feed them multiple inputs, customize the output, and otherwise automate your manual processes. Using the command line and shell scripting can make life easier for you and help you keep tabs on user activities.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
DevSecOps concept
90% of Java Services in Production Have Vulnerability Risk, DevSecOps Report Finds
Apr 20, 2024
Businesswoman challenges concept and gender obstacles
Women in Cybersecurity Face Barriers to Hiring, Advancement
Apr 15, 2024
person typing on keyboard with icons for certificates
Top IT Certifications for a Career in Finance
Apr 12, 2024
employee working on a laptop with AI
Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
Mar 26, 2024