Zenity

ZenityI don’t know about you, but I use a lot of programs and scripts that require using the command line. Mostly this is for security applications.

However I have recently discovered “zenity” and wow! from wikipedia:
Zenity is free software and a cross-platform program that allows the execution of GTK+ dialog boxes in command-line and shell scripts.”
These “GUI’s” look like the image in this blog post, fairly sparse… but get the job done! Adding zenity dialogs to scripts is simple and makes repetitive tasks a lot easier. just create a script that utilizes zenity and add it to your start menu.

So… without further ado. Heres some I have added to my menu:

Harvester.sh

The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.

#!/bin/sh

COMPANY=$(zenity --entry --title="New Harvester (1 of 4)" --text="Enter the company's name or domain:" --entry-text "company.com")
LIMIT=$(zenity --entry --title="New Harvester (2 of 4)" --text="How many results should we fetch?:" --entry-text "500")

xterm -e "echo \"please wait... fingerprinting $COMPANY\"; python /opt/theHarvester-2.2a/theHarvester.py -d $COMPANY -b all -l $LIMIT -v -h > /opt/theHarvester-2.2a/logs/$COMPANY.txt"
gedit /opt/theHarvester-2.2a/logs/$COMPANY.txt

wpscan.sh

WPScan is a black box WordPress vulnerability scanner.

#!/bin/sh
if zenity --question --title="WPscan" --text="Update WPscan?"; then
	ruby /opt/wpscan/wpscan.rb --update; bash
else
	COMPANY=$(zenity --entry --title="New WPscan (1 of 2)" --text="Enter the company's domain:" --entry-text "www.company.com")
	if zenity --question --title="New WPscan (2 of 2)" --text="Use TOR proxy?"; then
		ruby /opt/wpscan/wpscan.rb --url $COMPANY --proxy socks5://127.0.0.1:9050 --enumerate; bash
	else
		ruby /opt/wpscan/wpscan.rb --url $COMPANY --enumerate; bash
	fi
fi

LES.sh

just a simple script to keep track of vulnerabilities and suggest possible exploits to use to gain ‘root‘ on a legitimate penetration test, or governing examining body

#!/bin/sh
if zenity --question --title="Linux Exploit Suggester" --text="Update LES?"; then
	wget -O /opt/LES/Linux_Exploit_Suggester.pl https://github.com/PenturaLabs/Linux_Exploit_Suggester/raw/master/Linux_Exploit_Suggester.pl
	zenity --title "Linux Exploit Suggester"  --info --text="Linux Exploit suggester successfully updated"
else
	KERNAL=$(zenity --entry --title="Linux Exploit Suggester" --text="Enter the kernal version (uname -r) :" --entry-text "2.6.32")
	gnome-terminal -x bash -c "perl /opt/Linux_Exploit_Suggester.pl -k $KERNAL; cat"
fi

golismero.sh

GoLismero is an open source framework for security testing. It’s currently geared towards web security, but it can easily be expanded to other kinds of scans. https://github.com/cr0hn/golismero

#!/bin/sh
COMPANY=$(zenity --entry --title="Golismero" --text="Enter the company's name or domain:" --entry-text "www.company.com")
xterm -e "echo \"please wait... scanning $COMPANY\"; python /opt/golismero/golismero.py -d dns_subdomains_bruteforcer -d brute* -d default_error_pages $COMPANY"

I hope this post has helped you and you decide that you like zenity, I sure do! if you make any cool scripts I would love to see them, post them in a comment or email them to me.
As always likes & shares are much appreciated

Leave a Reply