# Course #349: Mercurial for Penetration Testing – Section 1/5: Introduction
## Introduction to Mercurial
Mercurial is a powerful distributed version control system (DVCS) that enables developers and penetration testers to efficiently manage changes in source code and collaborate on projects. It is particularly useful in environments where several teams or individuals work on different aspects of a project and need to keep track of modifications effectively. As a penetration tester, mastering Mercurial can help you manage scripts, tools, and exploit code more effectively while ensuring that you can revert to previous versions of your work quickly and seamlessly.
## Installation and Configuration on Kali Linux
Installing Mercurial on Kali Linux is straightforward. Kali comes pre-packaged with a wide range of security tools, but it's important to ensure that Mercurial is installed and updated to the latest version. Follow these steps to install and configure Mercurial on Kali Linux:
1. **Open the Terminal**: Launch your terminal application from the applications menu or by pressing `Ctrl + Alt + T`.
2. **Update Package Repository**: Before installation, it's a good idea to update the package repository to ensure you're installing the latest version.
sudo apt update
3. **Install Mercurial**: Use the following command to install Mercurial:
sudo apt install mercurial
4. **Verify Installation**: After the installation is complete, verify that Mercurial is installed correctly by checking its version.
hg –version
You should see output similar to the following, indicating the version of Mercurial installed:
[/dm_code_snippet]
Mercurial Distributed Version Control System
Mercurial Distributed Version Control, version 5.7
[/dm_code_snippet]
### Basic Configuration
Once Mercurial is installed, you can configure it to meet your preferences. The global configuration file is typically located at `~/.hgrc`. You can create or edit this file to include your user information and preferences.
1. **Open the Configuration File**:
nano ~/.hgrc
2. **Add Your User Information**: Insert the following lines to set your username and email address:
[/dm_code_snippet]ini
[ui]
username = Your Name
[/dm_code_snippet]
3. **Save and Exit**: Press `CTRL + X`, then `Y`, and hit `Enter` to save the changes.
## Step-by-Step Usage of Mercurial
### Creating a New Repository
To start using Mercurial, you need to create a new repository. The repository is where all your project files will be stored.
1. **Create a Directory**: First, navigate to the directory where you want to create your repository or create a new one.
mkdir my_project
cd my_project
2. **Initialize the Repository**: Run the following command to initialize a new Mercurial repository.
hg init
3. **Verify the Repository**: You can check if the repository was created by listing the hidden files.
ls -la
You should see a `.hg` directory, which contains the repository's metadata.
### Adding Files to the Repository
Now that you have a repository, you can start adding files to it.
1. **Create a New File**: Use your favorite text editor to create a new file.
nano example_script.py
Add some simple code to this file, for example:
[/dm_code_snippet]python
#!/usr/bin/env python3
print("Hello, Mercurial!")
[/dm_code_snippet]
2. **Save and Exit**: Save the file and exit the editor.
3. **Add the File to Mercurial**: Use the following command to add the file to your repository.
hg add example_script.py
4. **Commit Changes**: After adding files, you need to commit your changes. Provide a meaningful commit message to describe what you changed.
hg commit -m "Add example script"
5. **View the Changes**: To see the commit history, use the following command:
hg log
### Real-World Use Cases
1. **Collaborative Penetration Testing**: When working in a team, Mercurial allows multiple team members to work on separate features or exploits without overwriting each other's changes. Each team member can clone the repository, create branches for their work, and merge those changes back into the main branch upon completion.
2. **Version Control for Scripts**: As penetration testers often develop and refine scripts, Mercurial provides a robust way to maintain versions of those scripts. You can easily revert to previous versions of your scripts if a new change introduces bugs or issues.
3. **Audit Trails**: Mercurial tracks the entire history of changes to your files. This feature is incredibly important in penetration testing environments because it allows you to review changes, understand how exploits and tools have evolved, and demonstrate your work to clients or stakeholders.
### Code Example: Creating and Managing a Pen Testing Tool Repository
Let’s illustrate how you can use Mercurial to manage a simple pen-testing tool repository.
1. **Create a New Directory for a Tool**:
mkdir pen_test_tool
cd pen_test_tool
hg init
2. **Add a Python Script**:
Create a new file called `port_scanner.py`:
nano port_scanner.py
Add the following code:
[/dm_code_snippet]python
import socket
def scan_ports(target, ports):
for port in ports:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
result = sock.connect_ex((target, port))
if result == 0:
print(f"Port {port} is open")
else:
print(f"Port {port} is closed")
sock.close()
if __name__ == "__main__":
target_ip = input("Enter the target IP address: ")
ports_to_scan = range(1, 1025) # Scanning ports 1 to 1024
scan_ports(target_ip, ports_to_scan)
[/dm_code_snippet]
3. **Add and Commit the New Script**:
hg add port_scanner.py
hg commit -m "Initial commit of port scanner tool"
4. **Make Updates**:
Later, you may want to add features, for example, multithreading. After modifying the script, you would add and commit the changes again:
hg add port_scanner.py
hg commit -m "Added multithreading capabilities"
5. **Branching for New Features**:
If you want to work on a new feature without disturbing the main branch, you can create a branch:
hg branch new_feature
Make your changes in this new branch, commit them, and then merge them back into the main branch when you are done.
6. **Merging Changes**:
To merge your feature branch back into the main branch:
hg update default
hg merge new_feature
hg commit -m "Merged new_feature into default"
### Further Reading and Resources
– [Mercurial Documentation](https://www.mercurial-scm.org/wiki)
– [Version Control with Mercurial](https://www.mercurial-scm.org/wiki/ShortTutorial)
– [Mercurial Commands Cheat Sheet](https://mercurial-scm.org/wiki/CheatSheet)
By mastering Mercurial, you'll not only enhance your coding practices but also implement better project management techniques in your penetration testing endeavors. Happy coding and happy testing!
nnMade by pablo rotem / פבלו רותם