Scripts are used to automate and extend the functionality of the workflow. Scripts can be written in [Python] or [Bash] and can be used to perform a wide range of tasks, from simple to complex.

Scripts in Trickest platform are used for plethora of functionalities. They are used to:

  • Parse different tools outputs to make it compatible with the other tools input
  • Extract relevant information from the tool to make it more clear what is important
  • Create custom reports, images or files from the other tools outputs
  • And much more.

In this section, we are going to cover how we can parse ffuf output and extract relevant information from it which we covered in Tools section.

Tools Output

In the previous section, we’ve created ffuf node with certain inputs. Let’s execute it locally first, to check how it’s output looks like.

ffuf -u https://trickest.com/FUZZ -w common.txt -timeout 10 -o output.txt
"commandline":"ffuf -u https://trickest.com/FUZZ -w /hive/in/http-input-1/common.txt -timeout 10 -o /hive/out/output.txt",
   "time":"2024-09-02T12:44:03Z",
   "results":[
      {
         "input":{
            "FFUFHASH":"7d4bae3",
            "FUZZ":"about-us"
         },
         "position":227,
         "status":301,
         "length":58216,
         "words":187,
         "lines":198,
         "content-type":"text/html; charset=UTF-8",
         "redirectlocation":"/about-us/",
         "scraper":{
            
         },
         "duration":290119000,
         "resultfile":"",
         "url":"https://trickest.com/about-us",
         "host":"trickest.com"
      },
      ...
   ],
   "config":{
      ...
   }
}

This JSON output is very big and we don’t need all of this data. We are interested in what URLs are found with additional data around them. These are url, status, content-type, length, words, redirectlocation.

Let’s create a simple python script which will extract this data, and learn how to use this script in Trickest Platform to parse it whenever we want to brute-force different web server.

import json

# Define input and output file paths
input_file = 'ffuf-output.txt'
output_directory = 'out'
output_file = f'{output_directory}/output.txt'

# Load JSON data from the input file
with open(input_file, 'r') as file:
    data = json.load(file)

# Write the extracted details directly to the output file
with open(output_file, 'w') as file:
    for result in data.get("results", []):
        file.write(f"URL: {result.get('url', 'N/A')}, Status: {result.get('status', 'N/A')}, Content-Type: {result.get('content-type', 'N/A')}, Length: {result.get('length', 'N/A')}, Words: {result.get('words', 'N/A')}, Redirect Location: {result.get('redirectlocation', 'N/A')}\n")

Let’s execute and see the output

URL: https://trickest.com/, Status: 200, Content-Type: text/html; charset=UTF-8, Length: 223844, Words: 4748, Redirect Location: 
URL: https://trickest.com/404, Status: 200, Content-Type: text/html; charset=UTF-8, Length: 85465, Words: 1592, Redirect Location: 
URL: https://trickest.com/about-us, Status: 301, Content-Type: text/html; charset=UTF-8, Length: 58216, Words: 187, Redirect Location: /about-us/

Using Scripts in Trickest Platform

Now, let’s take a look how Trickest is handling scripts nodes. If you remember from Tools section, they have their inputs parameters, configurations and file and folder outputs. Scripts are slightly different.

Think about Scripts as a little virtual machines that are spinning up and executing the code you provided. They have their own inputs and outputs, and they can be connected to the other nodes as well.

In the Left Sidebar, we can search for python-script and drag & drop it to the canvas.

Python Script Node example

If you want to use the file output from python scripts outputs and connect it to other nodes, that file must be in out/output.txt path

The difference between the tools and scripts is that scripts don’t have input parameters. They have file and folder inputs and file and folder outputs.

Using Scripts to parse ffuf output

Now, let’s get back to our ffuf workflow and add python script. We are also going to connect ffuf output to the python-script input.

Connecting Python Script to `ffuf`

Now, let’s copy the script we created above and paste it in the python-script node.

Pasting the script

Now, the paths in the script we’ve created are not right. In Trickest, paths inside of scripts nodes are generated based on the nodes that are connected to them.

They go in a pattern similar to this

  • For File inputs

    in/<NODE-ID>/output.txt
    
    
  • For Folder inputs

    in/<NODE-ID>/
    

Generated Paths

If we take a look at our particular example, the generated input from ffuf is in/ffuf-1/output.txt

These paths are generated automatically based on the node-id every node has.

In our example ffuf node has ffuf-1 as node-id, and python-script node has python-script-1 as node-id.

Changing the script

In our example we need to change path we used to test out the script, to the generated path in Trickest.


input_file = '/mnt/data/ffuf-output.txt' -> input_file = 'in/ffuf-1/output.txt'

Now, everything should be ready for execution.

In the next section, we are going to cover how the same task can be achieved with bash script.