Get A Quote
Written by Silvia Bitchkei on 10 May 2016

Information Security Techniques: How to Build a Command Shell using newLISP

newLISP: Scripting Languages in Security


In this article, we'll be looking at the role of scripting languages in Information Security and Penetration Testing.

My favorite scripting language is newLISP, a cross-platform LISP-like language. As described by its creator Lutz:

newLISP is a Lisp-like, general-purpose scripting language. It is especially well-suited for applications in AI, simulation, natural language processing, big data, machine learning and statistics. Because of its small resource requirements, newLISP is excellent for embedded systems applications. Most of the functions you will ever need are already built in. This includes networking functions, support for distributed and multicore processing, and Bayesian statistics.


Our toolset follows generic patterns in penetration testing, generally following approaches you'll find in SANS and P-TES approaches.

I will explain basic to advanced programming and security techniques, but I won’t teach you to program in newLISP.

The good news is that newLISP is easy to learn if you already have some programming experience. Download newLISP from and check out some of these references to learn how fun this language is:


Why newLISP?

Many of you that already have programming experience may be asking, why not Python or Ruby? There are many programming libraries and existing resources for these languages, but newLISP holds the edge for me.

Although you'll end up having to create a number of your own algorithms and libraries, newLISP comes with an extensive, yet simplified vocabulary and has batteries included in a very tiny footprint.

Some of my favorite newLISP features that will come in very handy for this series include:

  • Runtime extensibility
  • Cross-platform capability
  • Small footprint, 300kb disk footprint
  • Creation of native executable
  • Often 1MB runtime memory utilization for even complex processing, and network services

A tentative outline of this series will include the following topics, in no particular order.

  • Building a Command Shell for command line interaction, with plugins and workflows to automate repetitive tasks and creations of playbooks that can be re-run, replayed while logging all results
  • Integration of common security tools into the command shell: NMAP, Nessus, PCAP, filterer etc…
  • Integration with databases for storing results and reconnaissance data
  • Analysis and processing results to uncover associated data
  • Generation of independent excusable, supporting multiple platforms.

From here we'll move on to more advanced topics of network services, custom exploits, fuzzers, aggregated machine learning and how to include these techniques to be successful on red and blue teams. Knowledge protects.


Part 1: Command Shell

To start things off we'll create a simplified interactive command shell, which will eventually integrate with your host command line.

newLISP has two built-in functions that will help us create this command line, prompt-event and command-event. We'll be changing the command prompt so we know when we're actually in the shell and not the command line, and we'll also implement a command interpreter with command-event.

An example of these functions can be found in action in newLISP source distribution, where a custom shell is implemented. We'll be using some of this code, primarily for integrating newLISP help functionality and a plugin system that we'll be developing throughout this series. Command completion will work on Linux bash terminals.

(prompt-event (fn (ctx) (string ctx ":"  "> ")))

The basic command event is evaluated for each shell input 's' and will include the command line input on each carriage return. We need to process this string and evaluate our shell commands as required.

(command-event (fn (s) ))

For now, the shell will do nothing but return an empty result; we’ll define shell processing a little later.

And we'll create a stand-alone self-executable for our command shell, by linking both the newlisp interpreter and our little work in progress command shell.


A Helping Hand

Being able to look up API documentation for function prototypes and usage examples is invaluable when trying to limit context switches between the task at hand and finding reference documentation.

This help function comes straight out of newLISP examples and can be used from within our shell to give contextual function prototype data and to look up documentation for a given function we're looking to use.

(define (help func-name)

(when (= func-name "help") (set 'func-name ""))

(if (find func-name "|+*-") (push "\" func-name))

(set 'helpfile (read-file (if (= ostype "Win32")

(string (env "NEWLISPDIR") "/newlisp_manual.html")


(set 'html-text (join

(find-all (format {(syntax: (%s.*?)(<br/>|</h4>)} func-name ) helpfile $1) "n"))

(replace "<.*?>" html-text "" 0)

(replace "&lt;" html-text "<")

(replace "&gt;" html-text ">")

(replace "&amp;" html-text "&")

(println html-text)



Here is a last quick screenshot showing our current context MAIN, and switching to a different context we call PEN-TEST to set the stage for some of our upcoming work on plug-ins and penetration testing. Newlisp Contexts are name-spaces separating data and functions that we define and call.



That's it! The first step is done. Any questions?

Related Posts

Don't Wait.
Get a quote today.

Toll Free 1 866-430-8166Free Quote
Secure Your Organization Today.