Better pentest reports with linux-util "script" command

An issue came up where the output of a terminal window was needed after that terminal was closed. This unfortunate situation can come up during penetration tests or certification tests like the OSCP.

Some investigation into options revealed the ancient and reviled script linux-util program. It records input, output, and timings to file that allow the terminal session view to be replayed or grepped at a later time.

The program was added to the ~/.bashrc file so that it would start with every terminal session.

# Script
# Record terminal for playback with scriptreplay
[ ! -d ~/.scriptreplay ] && mkdir "$HOME/.scriptreplay"
if [ -z $SCRIPTF ]; then
    export SCRIPTF="$HOME/.scriptreplay/$(date +"%Y%m%d_%H%M-%S")"
    script -q --log-timing "$SCRIPTF.timing" "$SCRIPTF.commands"
fi

This snippet created the directory ~/.scriptreplay, then started script if it was not already running.

The content could then be replayed with something similar to the following:

cd ~/.scriptreplay
scriptreplay -t 20220425_1853-33.timing 20220425_1853-33.commands

The contents could also be grepped with the following:

grep $QUERY ~/.scriptreplay/*.commands

The addition of this script workflow made it easier to have confidence in the ability to retain data once it was in the terminal.

• script