Bash vs Python (dependency hell)

For a number of years I maintained a small collection of open source security scripts, written in Bash. The main purpose of these scripts was to act as a wrapper around other open source tools. Why try to remember long and awkward command line parameters, when you can ask a script to do that for you ?

Bash was chosen, as it was distribution-independent. It works almost everywhere (although sometimes OSX support is troublesome, due to outdated Bash versions).

After more and more (requested) features crept in, the 

analyze_hosts.sh
Bash script became more and more complex. That's why I decided to port the script to Python. In my experience, it's at-least-as portable, and the usage of third party (pip) packages means that less time is spent on re-inventing the weel, and more on the actual functionality.

Yes, sometimes people talk about the dependency hell of Python, and in some cases, the usage of third party packages means you have to be careful of what you're doing.
However, when using virtual environments each Python script and its dependencies can be safely separated from the 'main' Python. For example, the following commands create a separate virtual environment for the security scripts repo:
`` cd security-scripts virtualenv .``
Voila, a safe working environment. As Linux and Windows virtual environments differ a bit, the following commands can be used to switch to the virtual environment and works on either platform.
`` [[ -f bin/activate ]] && source bin/activate [[ -f Scripts/activate ]] && source Scripts/activate``
The following command installs the recommended pip packages (currently only one):
`` pip install -r requirements.txt``
If you want to switch back to the main environment, use the command 
deactivate
.
Although the Python version of 
analyze_hosts
script doesn't have all the functionality the Bash version has (yet), it already contains a significant number of other features, and is a bit smarter with regards to working on a large number of hosts.
For instance, when running the script on a subnet, it first creates a queuefile containing all targeted hosts. If a host has been scanned, it will automatically be removed from the queuefile. The script doesn't handle forks and subprocesses (yet), but you can safely execute it in parallel specifying different queue- and output files.

The script can be found on https://github.com/PeterMosmans/security-scripts/.

As always, feedback and pull requests are appreciated :smile:

Comments

comments powered by Disqus