Here is why you are doing automation wrong in ethical hacking

Thexssrat
4 min readJul 4, 2023

Introduction

If you have ever attended a live lesson from me, chances are high that you have heard me say this in the past “I hate automation” but why do I always say this when you hear so often that you should automate things that are repetitive? It’s because I don’t disagree with the fact that you have to automate your repetition but that is where most go wrong, they do not want to take the time to organise their own thoughts and actually do the work before they want to automate it. Rather, the wrong direction that’s sometimes taken is one where the hacker desires to implement an automation of someone else’s work into their own flow, thinking they can implement a practical solution of a theoretical idea without the actual experience. Join me, as I tell you what I think a healthy relationship with automation looks like.

The foundation

As my dad owns his own construction company, I like to make the comparison between building houses and my own craft. If you build a house and have a bad foundation, it will collapse and so will you if you don’t build yourself and your automation workflow. The foundation for me starts with what automation is and what it entails.

Automation is the act of programming a workflow that is repeatable or has a structure to it. This is important because that repetition is something I want to zoom in on. You can’t automate things if you don’t know how to do them manually and that repeatability and structure has great importance.

Let’s focus on repetition first and imagine that we have a flow we can always automate the exact same way, a portscan followed by a vulnerability scan with nikto for all the web app ports. This seems like a simple task but what seems simple at first becomes complex with just a few caveats! What ports contain a web server? Do you only do port 443 and 80? How do you know otherwise which ports to scan, will you look at the banner? What about ports that are more hidden and need a different type of more thourough portscan? A simple task turns complex fast and you can rest assured that complexity is the enemy of repeatability.

Now let’s move onto structure because this is our one saving grace if we want to automate as much as possible…

--

--

Thexssrat

No b*llshit Hacking tutorials with extreme value in short bursts