Custom Scripts
You can add your own scripts to the checks we have included to further extend the functionality of the penetration test. You store the scripts directly on the Linux server on which the Hacktor is installed.
To add custom scripts you need administration rights on the server/VM where the Hacktor software component is installed.
Add Custom Script
To add a custom script, follow these steps.
1. Navigate to the scripts folder.
2. **** Create a file for the custom script. The file name must conform to the following pattern: <runtime>_<severity>_name.extension,
e.g. python2_critical_CVE1234.py
or ruby_ok_my custom script.rb
.
Supported Runtimes:
bash
python2
python3
ruby
Supported Severities:
ok
low
medium
high
critical
3. Paste your script that you created according to the guidelines.
4. Save and close the file.
5. Make your created file executable for Hacktor.
6. Restart Hacktor.
Guidelines for Custom Scripts
To enable Hacktor to read the result of the custom script, the following exit code convention must be followed.
passed
exit code 0
The check is passed.
error
exit code 1
The check did not work.
skipped
exit code 5
The check is irrelevant for the target system.
failed
exit code 9
The target system is vulnerable.
Any other exit code is treated as error
.
Regardless of the check status, stdout
and stderr
are output in the audit. Above 1024 characters the output is cropped.
The first argument is always the hostname
, the second to n (2-n) are always the open ports.
Sample
python2, python3
ruby
bash
Add your own title and recommendation text
Optionally, you can store your own title, which will replace your title stored in the file name in the audit. You can also store a recommendation on how to deal with the vulnerability.
1. Open the descriptions.json
file.
Insert the information according to the following pattern:
2. Save and close the file.
3. Restart Hacktor.
Run Custom Script
To use a custom script for a penetration test, simply add the script to the appropriate Hacktor according to the instructions. Also, be sure to allow custom scripts to run in the advanced settings of the Audit Defintion.
Last updated