I have been testing with an excellent set of publicly-available scripts to automate tasks in BackTrack 5R3. I first heard about them when I saw Lee Baird’s presentation at the Appalachian Institute of Digital Evidence (AIDE 2012). You can see the slides courtesy of irongeek.com at this link. Lee Baird had help from Jason Arnold with crack-wifi.sh, and Jason Arnold was the main developer of sslcheck. There was a lot of time and effort put into this package, and I feel that anybody using Backtrack will benefit from using these scripts for automating many important parts of penetration tests. The package is on Google Code and it includes a set of aliases which enable you to update the subversion for the scripts and all of the scripts by simply typing update. Your first step is to download the package from google code from a backtrack shell:
svn co https://backtrack-scripts.googlecode.com/svn/ /opt/scripts
You can watch the video for a full demonstration here…
Or, if you don’t have the time to watch the video, just keep reading…
Ok after you download the scripts into the opt directory the next step is to change the permissions to make the scripts executable.
chmod 755 /opt/scripts/ -R
Next we will change into the scripts directory and then run the setup script.
cd /opt/scripts/ ./setup.sh
Now exit the terminal and open a new terminal and type update
Next we will run the main discover script...
(Discover is a script that allows you to choose to perform some open source intelligence gathering for the recon portion of your pentest, use Nmap to port scan an external or internal network, start a Metasploit listener, or even run other scripts such as my favorite, crack-wifi.sh.)
Crack-wifi makes the whole process of using airmon-ng, airodump-ng, aireplay-ng, and aircrack-ng to crack a wireless network's key very simple and automated. When you run crack-wifi.sh, a wireless interface is automatically searched for and tested to validate injection. You are then able to scan all your local wireless networks and choose a network to attack. If you have ever used Backtrack to crack a wireless network you know that it takes a few steps and commands to get it going successfully. Well, this script makes it very easy by automating everything. You can begin scanning the local networks for a WEP or WPA key to crack by pressing 1. When you find a network that you want to crack press Ctrl-C, and a window will pop up asking you to enter the Channel, ESSID, BSSID, and Station of the network which you want to attack. If your attack does not generate any data, or enough to crack the key, you can just close all the windows and start again, until the key is cracked. The code is updated on a regular basis, here is the additions that were made recently:
Aug 20 - Added jigsaw to setup.sh.
Aug 19 - Added goofile to the passive option for scrape.
July 29 - Added crack-wifi.sh to framework.
July 27 - Niko now takes a list of nmap greppable output.
July 25 - Added color to update alias and framework.
July 5 - Updated alias and setup.sh to reflect the new hosted location of sqlmap.
June 28 - Fixed passive recon problems with Whois-IP and LinkedIn returning job titles.
June 20 - After testing Metasploitable 2 by doing a full port scan, I noticed there were some ports missing from my default scan. The following TCP ports have been added: 1524, 6697, 8787, 41364, 48992, 49663, 59034.
June 11 - Scrape now contains passive and active options.
June 5 - Check 'notes' for a To-Do list
June 4 - Added new option - niktos
There are also some python scripts included by Saviour Emmanuel. For more information check out the googlecode wiki by going to the svn location:
They are available for download at http://code.google.com/p/backtrack-scripts/