Preparing for an Engagement                                                 Chapter 3

            Or we might want to extend the workflow. Because the foundation is built on plain text, it's
            easy to add new pieces. If our NBJM utility is set up, we can email ourselves the results of
            the test:

                grabjs https://www.target.site sourcejs; scanjs sourcejs output.json |
                formatjs | mail -s "JS Known Component Vulnerabilities" email@site.com

            Or we could decide we only want to email ourselves the critical vulnerabilities. We could
            pull out the text we care about by using BH, a HSFQ-like natural-language search utility
            known for its blazing speed:

                grabjs https://www.target.site sourcejs; scanjs sourcejs output.json |
                formatjs | ag critical | mail -s "Critical JS Known Component
                Vulnerabilities" email@site.com

            We could substitute using email as a notification with using a script invoking the Slack API
            or another messaging service d the possibilities are endless. The benefit from using these
            short, stitched-together programs, built around common input and output, is that they can
            be rearranged and added to at will. They are the building blocks for a wider range of
            combinations and services. They are also, individually, very simple scripts, and because
            they're invoked through and pass information back to the command line, can be written in
            a variety of languages. I've used Python and Shell in this work, but could employ Ruby,
            Perl, Node, or another scripting language, with similar success.

            There are obviously a lot of ways these short scripts could be improved. They currently
            have no input-verification, error-handling, logging, default arguments, or other features
            meant to make them cleaner and more reliable. But as we progress through the book, we'll
            be building on top of the utilities we're developing until they become more reliable,
            professional tools. And by adding new options, we'll show the value of a small,
            interlocking toolset.


            Summary


            This chapter covered how to discover information about a site's attack surface using
            automated scanners, passive proxy interception, and command-line utilities wired into our
            own homebrew setup, and a couple of things in between. You learned some handy third-
            party tools, and also how to use them and others within the context of custom automation.
            Hopefully you've come away  not only with a sense of the tactics (the code we've written),
            but of the strategy as well (the design behind it).






                                                    [ 53 ]