`
Bash Customizations for Penetration Testers
As penetration testers, we often follow standard workflows for all ethical
hacking engagements, whether they be consulting work, bug bounty hunting, or
red teaming. We can optimize some of this work with a few bash tips and tricks.
Placing Scripts in Searchable Paths
Bash searches for programs within directories defined by the PATH
environment variable. Commands such as ls are always available to you because
system and user binaries are located in directories that are part of the PATH.
To see your PATH, run the following command:
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
The output might change depending on the operating system you use.
When you write a bash script, place it in a directory such as /usr/local/bin,
which, as you can see, is part of the PATH. If you don’t do this, you have a few
other options available to you:
•
Call the script directly using the full path.
•
Change the directory to the one in which your script lives and execute it from
there.
•
Use aliases (shown in the next section).
•
Adding additional paths to the PATH environment variable
The benefit of placing the script in a searchable path is that you can simply
call it by its name. You don’t have to provide the full path or have the terminal be
in the same directory.
Shortening Commands with Aliases
When you find yourself frequently using a long Linux command, you can
make use of an alias to map it to a shorter custom name that will save you time
when you need to run it.
For example, imagine that you often use Nmap with special parameters to
scan for all 65,535 ports on a given IP address:
nmap -vv -T4 -p- -sV --max-retries 5 localhost
This command is quite hard to remember. With aliases, we can make it more
accessible on the command line or to our scripts. Here, we assign the command to
the alias quickmap:
$ alias quicknmap="nmap -vv -T4 -p- -sV --max-retries 5 localhost"
Black Hat Bash (Early Access) © 2023 by Dolev Farhi and Nick Aleks