Black Hat Bash Bash Scripting for Hackers and Pentesters

Master the art of offensive bash scripting. This highly practical hands-on guide covers chaining commands together, automating tasks, crafting living-off-the-land attacks, and more!

In the hands of the penetration tester, bash scripting becomes a powerful offensive security tool. In Black Hat Bash, you’ll learn how to use bash to automate tasks, develop custom tools, uncover vulnerabilities, and execute advanced, living-off-the-land attacks against Linux servers. You’ll build a toolbox of bash scripts that will save you hours of manual work. And your only prerequisite is basic familiarity with the Linux operating system.

You’ll learn the basics of bash syntax, then set up a Kali Linux lab to apply your skills across each stage of a penetration test—from initial access to data exfiltration. Along the way, you’ll learn how to perform OS command injection, access remote machines, gather information stealthily, and navigate restricted networks to find the crown jewels. Hands-on exercises throughout will have you applying your newfound skills.

Key topics covered include:

• Bash scripting essentials: From control structures, functions, loops, and text manipulation with grep, awk, and sed.
• How to set up your lab: Create a hacking environment with Kali and Docker and install additional tools.
• Reconnaissance and vulnerability scanning:  Learn how to perform host discovery, fuzzing, and port scanning using tools like Wfuzz, Nmap, and Nuclei.
• Exploitation and privilege escalation: Establish web and reverse shells, and maintain continuous access.
• Defense evasion and lateral movement: Audit hosts for landmines, avoid detection, and move through networks to uncover additional targets.

Whether you’re a pentester, a bug bounty hunter, or a student entering the cybersecurity field, Black Hat Bash will teach you how to automate, customize, and optimize your offensive security strategies quickly and efficiently, with no true sorcery required.

Dolev Farhi  is a security engineer and author of Black Hat GraphQL (No Starch Press, 2023). He has extensive experience leading security engineering teams in the fintech and cybersecurity industries and is currently a Distinguished Security Engineer at Palo Alto Networks, where he builds defenses for the largest cybersecurity company in the world. He has provided training for official Linux certification tracks and, in his spare time, enjoys researching vulnerabilities in IoT devices and building open source offensive security tools.

Nick Aleks is a prominent cybersecurity leader whose work has been vital in protecting the financial data of millions of Canadians. He is the Senior Director of Security at Wealthsimple and has served as a patented Distinguished Security Engineer at TD Bank. Aleks is also the Chief Hacking Officer at ASEC.IO, coauthor of Black Hat GraphQL (No Starch Press, 2023), and serves as a Senior Advisory Board Member for the University of Guelph and George Brown’s cybersecurity programs. He specializes in offensive security, penetration testing and has over a decade of experience hacking everything from websites, safes, locks, cars, drones, and even smart buildings.

Acknowledgments
Introduction
Chapter 1: Bash Basics
Chapter 2: Flow Control and Text Processing
Chapter 3: Setting Up a Hacking Lab
Chapter 4: Reconnaissance
Chapter 5: Vulnerability Scanning and Fuzzing
Chapter 6: Gaining a Web Shell
Chapter 7: Reverse Shells
Chapter 8: Local Information Gathering
Chapter 9: Privilege Escalation
Chapter 10: Persistence
Chapter 11: Lateral Movement and Network Probing
Chapter 12: Defensive Evasion and Exfiltration
Index