Hunting with Bash ~ Basic

I started learning "Bash" recently. And want to share useful information and resources with you guys.

I tried my best to assemble and write blog in laymen language.

Hope you like it :)

Shell Scripting 

A shell is a command-line interpreter and typical operations performed by shell scripts include file manipulation, program execution, and printing text.

There are two major types of shells

• Bourne shell : If you are using a Bourne-type shell, the $ character is the default prompt.

• C shell : If you are using a C-type shell, the % character is the default prompt.

The Bourne Shell has the following subcategories 

• Bourne shell (sh)
• Korn shell (ksh)
• Bourne Again shell (bash)
• POSIX shell (sh)

The different C-type shells follow 

• C shell (csh)
• TENEX/TOPS C shell (tcsh)

Usefulness of shell scripting

• To automate the frequently performed operations
• To run sequence of commands as a single command
• Easy to use
• Portable (It can be executed in any Unix-like operating systems without any modifications)

First Program ~ Hello World

#!/bin/bash
echo "Hello World"

*Save as .sh
*chmod +x filename.sh

Majorly Used Commands

• cat file  Show entire contents of file.
• head file Show the first 10 lines
• tail file Show the last 10 lines
• tail -f file Useful when viewing the output of a log file
• sort : sort the lines
• uniq : Remove duplicate lines from stdin
• grep : search for patterns in files
• SED : text stream editor. Can do insertion, deletion, search and replace
• find : search for files in a directory hierarchy in real time
• cut : command is a fast way to extract parts of lines of text files
• pipeline : A pipeline is a sequence of simple commands separated by one of the control operators | or |&
• Grep : searches the given files for lines containing a match to a given pattern list
• sort : command to order data in file(s) in a sequence
• xargs : can be used to build and execute commands from standard input
• tee : command basically reads from the standard input and writes to standard output and files

We could use external services

• hackertarget.com
• crt.sh
• certspotter.com
• threatcrowd.org

Variable 

      Example

echo "Enter your name:"
read var //Variable
echo "your name is :"$var

Conditions

if command; then
do this
fi

     Example

if host example.com; then
echo "Success"
fi

if else Condition

if command; then
do this
else
do this
fi

     Example

if host example.com; then
echo "Success"
else
echo "Failed"
fi

Loops

while command
do this
done

     Example

echo "Enter the domain name"
read domain

while read var; do
    if host "$var.$domain"; then
        echo "$var.$domain"
    fi
done < demo.txt

* demo.txt is domain wordlist

host command : is used for DNS (Domain Name System) lookup operations.

syntax : host example.com

dig command : is a powerful command-line tool for querying DNS name servers.

syntax : dig example.com

One Liner

• curl -s https://www.threatcrowd.org/searchApi/v2/domain/report/?domain=deliveroo.com | jq -r '.subdomains | .[]' | sort -u

* jq is lightweight and flexible command-line JSON processor.

* | pipe is used connects their input and output

• curl -s "http://web.archive.org/cdx/search/cdx?url=*.hackerone.com/*&output=text&fl=original&collapse=urlkey" |sort| sed -e 's_https*://__' -e "s/\/.*//" -e 's/:.*//' -e 's/^www\.//' | sort -u

• cat all.txt | httprove -s -p https:8443

• host -t CNAME subdomain.example.com

Reference :

• Coding for Penetration Testers
• Penetration Testing with the Bash Shell
• https://opensource.com/article/18/5/bash-tricks
• https://wiki.bash-hackers.org/

Thanks Vivek Sinha for proof reading. :)