Subscribe to Windows IT Pro
October 16, 2006 12:00 AM

A Tool Harness

Automate your command-line tools with this simple shell script
Jeff Fellinge
Windows IT Pro
InstantDoc ID #93531
Rating: (1)

The Linux and Mac OS X Version
BASH is the standard command-line shell in Linux and Mac OS X. The script below loops through the contents of the data.txt file and performs a Whois lookup on each IP address contained in the file: 

for ip in $(cat data.txt); do
  whois $ip | echo "$ip $(grep
 'OrgName')"; done

This script is a simple loop consisting of three steps separated by semicolons. The first step sets up a for ... in loop, defines the ip variable to represent the IP address, and defines a variable to represent the source of the data. The variable representing the objects to be used is populated by using the cat command. Specifically, $(cat data.txt) means use the output of the cat data .txt command—in this case, the list of IP addresses—as a variable. Cat simply sends the contents of a text file to output. In summary, for ip in $(cat data.txt) means, "Loop through every item in the data.txt file and store each one in the variable ip for immediate processing by the core of the script."

The second part of the loop, which contains the do statement, provides the core functionality of the script— this is where the magic happens. Generally this is the section you'll customize when running the script with different tools. The Bash statement do executes the whois command against the $ip variable.

Our sample script goes a bit further by using the pipe (|) character to send the output of the whois command to the echo command, which lets us customize the formatting of the output. In our example, we print out the IP address followed by the line of the whois output that contains the string OrgName. You can leave out the echo command and the script will still run, but it will display the entire whois output for every IP address, which would be lengthy.

The grep command is encapsulated with the variable notation $(grep ... ), which lets us nest commands within other commands. Otherwise, the echo command would simply print the word grep to the screen instead of executing the grep command. The last portion of the script, the keyword done, concludes the loop.

Running this script against the data.txt file generates the output you see in Figure 1.

Customizing for a Different Tool
Whois is great for finding the owner of an IP address, but what if we want to do a reverse DNS lookup? We need a different tool—dig—but the script needs only very minor modifications: 

for ip in $(cat data.txt); do
  dig -x $ip | grep -v ';' ;
  done

The main change to the script is the command that we want to execute. In this case, we run the dig command in reverse-lookup mode with the parameter -x, feed it the IP address $ip, and then send the results to grep and instruct it to print only the lines that don't include a semicolon (-v ';'), which makes the output more readable.

Customizing for Windows
Windows supports a variety of scripting languages such as JScript and VBScript, but for simply processing a command against a list of items, the scripting capabilities of the Windows command shell do just fine. The Windows script resembles the previous BASH scripts in structure but has a different syntax. The following Windows version of the script uses the NBTStat tool to look up the NetBIOS names of computers given their IP address: 

echo off & (for /F %i in
  (data.txt) do echo %i
  & nbtstat -a %i | find 
  " UNIQUE") & echo on

To reduce output clutter, we first disable the output of the commands from the batch file by using the echo off command. Whereas BASH requires a semicolon to separate commands, the Windows command shell uses an ampersand (&) to chain several instructions together.

The Windows shell for ... in loop uses a syntax different from the BASH loop. The /F parameter instructs the statement to look for a file. The variables are defined and referenced by using a percent sign and a single character (e.g., %i).

The do statement tells the script to print out the IP address by echoing the %i variable and then displaying only the nbtstat command output that includes lines containing UNIQUE. Figure 2 shows the output of this script running on a Windows system, displaying NetBIOS names for a short list of IP addresses.

You've Got the Power
The simple tool that I've demonstrated here lets you harness any of your favorite command-line tools and feed them multiple inputs, customize the output, and otherwise automate your manual processes. Using the command line and shell scripting can make life easier for you and help you keep tabs on user activities.

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
  • Marc
    5 years ago
    Jan 19, 2007

    Very useful in spurring me to examine in more depth the power of scripting to speed up investigations involving large log files. I knew a little bit but the article is good kick in the butt to redouble mastering the various scripting tools.

    Thanks

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.