Hacking ToolsPentesting Tools

Grep Command Tutorial For Beginners | Source Code Text Searching

The Grep Command Tutorial With Examples For Beginners | Search for a File in Linux and Unix with Recursive Find

Grep Command is a good tool. Hello guys, today in this tutorial we will discuss about (SAST) static application security testing along with its methodologies, types, methods, tools etc. Through this article we will give you a brief overview of SAST and then show you how it can find vulnerabilities in source code any PHP based web applications using Kali linux tool called “grep“. Huh. Good !! So without wasting much time, let’s dive into static application security testing.

The grep filter searches a file for a specific pattern of characters and displays all lines that contain that pattern. The pattern that is searched for in the file is called a regular expression (grep is short for global regular expression search and print).

 

What is Grep Utility?

Grep is a command-line tool for searching datasets in plain text format for lines that match a regular expression. Its name comes from the command ed g/re/p (search for regular expression globally and print matching lines), which has the same effect.

Hmmm !! We think you should know some basic grep utility commands before moving on to source code inspection, so below are some basic commands to make grep easier to use during SAST auditing.

 

Now we will start auditing the source code using the Grep command. Excited 😁!! Let’s go.

Options Description :

grep [options] pattern [files]

 

Options Description
-c : This prints only a count of the lines that match a pattern
-h : Display the matched lines, but do not display the filenames.
-i : Ignores, case for matching
-l : Displays list of a filenames only.
-n : Display the matched lines and their line numbers.
-v : This prints out all the lines that do not matches the pattern
-e exp : Specifies expression with this option. Can use multiple times.
-f file : Takes patterns from file, one per line.
-E : Treats pattern as an extended regular expression (ERE)
-w : Match whole word
-o : Print only the matched parts of a matching line, with each such part on a separate output line.

-A n : Prints searched line and nlines after the result.
-B n : Prints searched line and n line before the result.
-C n : Prints searched line and n lines after before the result.

 

 

Beginners Command

Grep Command examples :

I have a file file.txt with some random words. Let’s take a look at the .txt file:

┌──(root💀OnlineHacking)-[~]
└─# cat file.txt                                                    
Advanced Ethical Hacking Tutorial
Termux & linux Tutorial
Ethical Hacking Courses For Free
Helpful Articles
Password:374
Gmail:[email protected]
unix is great os. unix is free os.
learn operating system.
Unix linux which one you choose.
                                                                                                                                
┌──(root💀OnlineHacking)-[~]
└─# 

 

1. Case insensitive search :

The -i option enables a case-insensitive search in a given file. Matches words like “UNIX”, “Unix”, and “UNIX”. However, if you want to ignore the case, you can use the “-i” flag as shown below.

grep -i "UNix" file.txt
┌──(root💀OnlineHacking)-[~]
└─# grep -i "UNix" file.txt
unix is great os. unix is free os.
Unix linux which one you choose.
                                             

 

 

2. Displaying the count the number of matches :

We can find the number of rows that match a given string/pattern

grep -c "Tutorial" file.txt
┌──(root💀OnlineHacking)-[~]
└─# grep -c "Tutorial" file.txt
2
                                             

 

3. Display the file list names only :

We can only display files that contain a given list of file names only

grep -l "unix" *
┌──(root💀OnlineHacking)-[~]
└─# grep -l "unix" *
file-1.txt
file.txt
                                             

 

 

4. Checking for the whole words in a file :

By default, grep matches a given string/pattern, even if it is found as a substring in the file. The -w option for grep causes it to match only whole words.

┌──(root💀OnlineHacking)-[~]
└─# grep -w "unix" file.txt    
unix is great os. unix is free os.
                                                                                                                                 
┌──(root💀OnlineHacking)-[~]
└─# grep -w "Tutorial" file.txt
Advanced Ethical HacKing Tutorial
Termux & linux Tutorial
         

 

5. Displaying only the matched pattern :

By default, grep displays the entire line that has a matching string. Using the -o option, we can set grep to display only the matching string.

┌──(root💀OnlineHacking)-[~]
└─# grep -o "unix" file.txt    
unix 
unix
                                                                                                                                 
┌──(root💀OnlineHacking)-[~]
└─# grep -o "Tutorial" file.txt
Tutorial
Tutorial
                                             

 

 

6. show line numbers in the text :

To display the line number of the file with the corresponding line. You can also use the -n parameter to display line numbers in the output:

grep -n "linux" file.txt
┌──(root💀OnlineHacking)-[~]
└─# grep -n "linux" file.txt
2:Termux & linux Tutorial
9:Unix linux which one you choose.
                                             

 

7. Inverting the pattern match :

You can display lines that do not match the specified search string pattern using the -v option.

grep -v "linux" file.txt
┌──(root💀OnlineHacking)-[~]
└─# grep -v "linux" file.txt
Advanced Ethical HacKing Tutorial
Ethical Hacking Courses For Free
Helpful Articles
Password:374
Gmail:[email protected]
unix is great os. unix is free os.
learn operating system.
                                             

 

 

8. Matching the lines that start with a string :

The regular expression pattern ^ specifies the beginning of a line. This can be used in grep to match lines that start with a given string or pattern.

grep "^unix" file.txt
┌──(root💀OnlineHacking)-[~]
└─# grep "^unix" file.txt
unix is great os. unix is free os.
                                             

 

9. Matching the lines that start with a string :

The regular expression pattern ^ specifies the beginning of a line. This can be used in grep to match lines that start with a given string or pattern.

┌──(root💀OnlineHacking)-[~]
└─# grep -A1 Termux file.txt
Termux & linux Tutorial
Ethical Hacking Courses For Free
                                                                                                                                
┌──(root💀OnlineHacking)-[~]
└─# grep -B1 Termux file.txt
Advanced Ethical HacKing Tutorial
Termux & linux Tutorial

                                             

 

 

10. Search recursively for a pattern in the directory :

The regular expression pattern ^ specifies the beginning of a line. This can be used in grep to match lines that start with a given string or pattern.

  • -i to search for a string case insensitively
  • -r to recursively check all the files in the directory.
grep -R [Search] [directory]
grep -ir Suman /root/Desktop
┌──(root💀OnlineHacking)-[~]
└─# grep -ir Suman /root/Desktop 
/root/Desktop/admin.xml:Suman is ....
/root/Desktop/bio.txt:Hello, I'm Suman from India. I’m currently working on Cyber Ethical Hacking Penetration Testing & Bug Bounty. I’m currently learning more about Web Design, Android ROM
/root/Desktop/termux.txt:Suman
                                             

 

 

Advanced Command

 

Download bWAAP For Testing :

bWAPP, or buggy web application, is a free and open source intentionally insecure web application. bWAPP is a PHP application that uses a MySQL database. Configuring this vulnerable application on any operating system is quite simple as all we have to do is download this application using the link below, unzip it and move all the files to the apache directory and that’s it.

wget https://
unzip -d /var/www/html/bwaap/ bWAAPv2.2.zip

 

 

1 – Find EXEC() System Call :

First, we took a basic example as you can see in the image below. The “exec” system call is used to execute a file that is in the active process and “-ir” is used to find the “exec” system call to all php files of the web project. So we will use the following command which will fetch all the “exec()” system calls from the php files and print them to the terminal. Why did we do this? Because there are many developers who don’t sanitize the user input and use it directly and it can allow an attacker to do such RCE attacks.

There is a simple way to print colored output to the terminal with a given command. By using the “–color” pattern in the command, we can highlight our output.

Usage 😁!! grep <syntax> <string to find> <path to file>

grep -ir --color "exec(" /var/www/html/bwaap/

 

2 – Find Exec() Function in Specific Files :

To find the “exec(” syscall function in specific extension files like .php, .xml, .txt, etc. we can use grep’s include pattern. As you can see in the image below which PHP files are in which the “exec(” function is used.

grep -ir --color "exec(" /var/www/html/bwaap/ --include=*.php

Find sensitive credentials :

Sometimes developers forgot to remove the credentials from the web application source code, which makes the web application vulnerable. We can try to find the sensitive credentials available in the source code files using the command given below. The following command searches for a password string in files with the extension “.xml” and prints it to the terminal if it finds anything.

grep -ir --color "password" /var/www/html/bwaap/ --include=*.xml

Similarly, we can try to find some other sensitive credentials like login, users, password, API keys, etc.

grep -ir --color "login" /var/www/html/bwaap/ --include=*.xml

 

 

3 – Using “grep” Utility with the “cat” Command :

Cat is another tool that comes pre-installed in Kali Linux to edit or create files. cat files that simply send the contents of the file to standard output, which appears on grep’s standard input because the shell piped them together. As you can see below, using these two combinations we can print the exact output to the terminal.

cat heroes.xml |grep --color -in "password"

 

4 – Identify User-Supplied Input :

In PHP, user-supplied input is usually handled by either $_GET, $_POST, $_COOKIE, or $_REQUEST. However, user-supplied input can also be handled by $_FILES, $_SERVER, and others. The command we will use to find the input supplied by the user in the “$_GET” parameter.

grep -ir --color "\$_GET" /var/www/html/bwaap/

 

 

5 – Find Insecure Transport Protocols :

Using the following command we can find all the non-secure or secure protocols like FTP, HTTP, TCP, https, file, etc. By examining these protocols we can find out where the real flaw of the web application.

grep -ir --color "http://" /var/www/html/bwaap/
grep -ir --color "ftp://" /var/www/html/bwaap/
grep -ir --color "file://" /var/www/html/bwaap/

 

6 – Count of Number of Matches :

We can find the number of lines that matches the given string/pattern.

grep -ir -c --color "exec(" /var/www/html/bwaap/

 

 

7 – Print Line Number Only :

To show the line number of the file with the line matched.

grep -ir -n --color "password" /var/www/html/bwaap/

 

8 – File Names that Matches the Pattern :

We can just display the files that contain the given string/pattern.

grep -ir -l --color "exec(" /var/www/html/bwaap/

 

 

Suman

Hello, I'm SUMAN from India. I’m currently working on Cyber Ethical Hacking Penetration Testing & Bug Bounty. I’m currently learning more about Web Design, Android ROM
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Back to top button
0
Would love your thoughts, please comment.x
()
x