Pen Test Poster: “White Board” – Bash – Make Output Easier to Read

Board Elements_clean_Make Output Easier to Read

By Matthew Toussain, Geoff Pamerleau

Data! DATA!! DATA!!! So much data… an endlessly grueling component of every information security practitioner’s job description is data analysis. Often, digging through an environment for vulnerabilities or configuration flaws involves scrounging through reams of log data. It is not uncommon to find your eyes glazing over while staring at giant walls of text on plain backgrounds and contemplating how exactly your life choices have landed you… here. What could make your gray text on black background daydreams better? Rainbows of course!

makeoutput_easier01

Getting pygmentize…

Wait, what? That’s right, pygmentize is not a part of the standard build for most Linux operating systems you need to install it first. Kali Linux is an exception to this rule and is generally packaged with pygmentize included out of the box. On Linux distributions in the Debian family (Ubuntu, Kali, Raspbian, TAILS) pygmentize can be installed like this:

sudo apt-get install python-pygments

 

Methods Covered in this Section

pygmentize specifying theming:

pygmentize -O bg=dark,style=colorful /path/to/file

pygmentize files without a specified file extension (and optional piping to less)

pygmentize -g /path/to/file | less -R

 

Pygments is a generic syntax highlighter suitable for use in code hosting, forums, wikis or other applications that need to prettify source code. Highlights are:

  • a wide range of over 300 languages and other text formats is supported
  • special attention is paid to details that increase highlighting quality
  • support for new languages and formats are added easily; most languages use a simple regex-based lexing mechanism
  • a number of output formats is available, among them HTML, RTF, LaTeX and ANSI sequences
  • it is usable as a command-line tool and as a library
  • … and it highlights even Perl 6!

From the pygments home page: http://pygments.org

Using pygmentize is very straightforward:

 

makeoutput_easier02Normal. Drab. Bash.

makeoutput_easier03PYGMENTIZE!

 

Pygmentize adds a splash of color with a single command!

 

To make pygmentize even less cumbersome we can add the following alias for “color cat” to our .bashrc:

 

alias ccat='pygmentize -O bg=dark,style=colorful'

NOTE: If you use a light colored terminal background try bg=light for easier readability

 

Now for colorful cat output we just need to run ccat.

makeoutput_easier04

 

As you can see in the above output chain ccat is quite handsome! Until it is not… Sometimes when running pygmentize you might see the following error:

makeoutput_easier05#fail

 

To solve this error we just need to add the -g (guess) flag. The guess flag will attempt to use the contents of the file to guess how syntax highlighting should be performed.

makeoutput_easier06Not perfect but at least it’s colorful

 

The last pygmentize tidbit is how to colorize files that are too large to see the contents all at once (the previous /etc/passwd file for example). Normally, this can be handled by piping the command output into less:

ccat -g /etc/passwd | less

makeoutput_easier07Well that’s… interesting

 

The ANSI color escape sequences used by pygmentize are lost when less tries to print them out. In order to work around this we can use the -R flag to preserve raw control characters.

ccat -g /etc/passwd | less -R

makeoutput_easier08Much better

 

Conclusion

While pygmentize doesn’t functionally add much to our pentesting tool belt it is a simple way to make working with text files a bit less drab and perhaps somewhat more fabulous!

Matthew Toussain
https://twitter.com/0sm0s1z

 

Upcoming SANS Special Event – 2018 Holiday Hack Challenge

KringleCon

SANS Holiday Hack Challenge – KringleCon 2018

  • Free SANS Online Capture-the-Flag Challenge
  • Our annual gift to the entire Information Security Industry
  • Designed for novice to advanced InfoSec professionals
  • Fun for the whole family!!
  • Build and hone your skills in a fun and festive roleplaying like video game, by the makers of SANS NetWars
  • Learn more: www.kringlecon.com
  • Play previous versions from free 24/7/365: www.holidayhackchallenge.com

Player Feedback!

  • “On to level 4 of the #holidayhackchallenge. Thanks again @edskoudis / @SANSPenTest team.” – @mikehodges
  • “#SANSHolidayHack Confession – I have never used python or scapy before. I got started with both today because of this game! Yay!” – @tww2b
  • “Happiness is watching my 12 yo meet @edskoudis at the end of #SANSHolidayHack quest. Now the gnomes #ProudHackerPapa” – @dnlongen
kringle_02

Leave a Reply

Your email address will not be published. Required fields are marked *