5.1 Tools & code analysis: Scripting Basics Flashcards
Scripting Tools: what is a script for? why do you need scripting in pentesting?
A list of commands that are executed by a certain program or scripting engine
Issuing commands individually can be useful for one-time analysis, but scripting allows recurring searches to be repeated easily and automated
Scripting Tools: list the basic scripting languages used in pentesting (6)
● Bash
● PowerShell
● Python
● Ruby
● Perl
● JavaScript
Scripting Tools: explain bash and what elements it support
o A scripting language and command shell for Unix-like systems that is the default shell for Linux and macOS
o Bash supports elements such as variables, loops, conditional statements, functions, and more
Scripting Tools: explain PowerShell and what elements it support
o A scripting language and command shell for Windows systems
o PowerShell supports elements such as variables, loops, conditional statements, functions, and cmdlets that use a Verb-Noun syntax
Scripting Tools: explain Python and Ruby
Interpreted, high-level, general-purpose programming languages used heavily by cybersecurity analysts and penetration testers
Scripting Tools: explain Perl
A general-purpose Unix scripting language used for text manipulation
Scripting Tools: explain JavaScript
A scripting language that allows developers to do fancy and complex things on a webpage
Variables: explain what is a variable and list what type of data it can contains (6)
A variable is used to store values and data for different data types:
o Boolean: A form of data with only two possible values (True or False)
o Integer: A variable that stores an integer or a whole number that may be positive or negative
o Float/Decimal/Real Number: A variable that stores a decimal number
o Character: A variable that can only store one ASCII character
o String: A variable that can store multiple characters. In pseudocode, no need to define the data type for each variable
o Constant: Like a variable, but cannot be changed within the program once defined
Loops: explain loops and their different types (3)
A type of flow control that controls which order the code will be executed in a given program
▪ For loop: Used when the number of times to repeat a block of code is known
▪ While loop: Used when the number of times to repeat a block of code is not known and will only stop until something happens
▪ Do loop: Used when there’s an indefinite iteration that needs to happen and will only stop until some condition is met at the end of the loop
Logic Control: explain Logic Control
Used to provide conditions based on different logical tests
▪ Boolean operator
▪ Arithmetic operator
▪ String operator
Data Structures: list (7) and explain how data are structured
o JavaScript Object Notation (JSON): An open data file format and data exchange standard that uses human-readable text to store and transmit data objects. JSON is a data format that is language-independent
o Key Value Pair: Assigns some value to some type of title or key that might be used as a variable
o Array: A type of data structure that is used to hold multiple values of the same type
o Dictionary: An array of key value pairs
o List: A type of data structure that can hold multiple values of different data types in a sequential manner. Every element on a list is called an index
o Tree: A non-linear data structure that is used to create a hierarchy
Object-Oriented Programming: explain Object-Oriented Programming
▪ A programming paradigm based on the concept of “objects”, which can contain data (fields) and code (procedures)
▪ Most of the programming languages are object-oriented
Object-Oriented Programming: explain a Function
A block of code that is given a special name which can be called to perform the code within in
Object-Oriented Programming: explain a Procedure
Can be anything such as a function, method, routine, or subroutines that takes input, generates output, and manipulates data
Object-Oriented Programming: explain a Class
The definition for the data format and the available procedures for a given type or class of object
