Bash for Everyone — Part 2


Part-2 — Learn Core Unix Commands.

3. One-liners

4. References

5. Closing gifs!

Learn Basic Unix Commands.

Working with commands

man type //Type Command manual pagetype commands
man which //Which command manual p
which ls
helphelp cdmkdir --help
man infoinfo coreutils
man whatiswhatis ls
alias l.='ls -d .* --color=tty'
alias ll='ls -l --color=tty'
alias ls='ls --color=tty'
unalias which //removing alias

Exploring the file system Commands.

man ls

Useful ls Commands

ls -lt --reverselsls -lils > list.txtls -lLC_ALL=C lsls -l "some_file"
man pwd
man filefile filename
man more

Manipulating files and directories Commands.

man cpcp file.html /usr/local/bin
man mvmv file.html /usr/localbin //moving filesmv file.html file2.html //renaming files.
man mkdirmkdir somedirectory
mkdir dir1 dir2 dir3

Caution: Be careful with rm

man rmrm file.txtrm -i //interective - if this option is not defined, rm will delete files silently.rm -r //recursive recursively delete directories.rm -f //force delete.rm -v //Display informative messages.rm -rf file1 dir1 //if nither file1 or dir1 exists rm will countinue silently.

Redirection Commands

Redirection makes it possible to control where the output of command goes to, and where the input of command comes from.

stdin - standard input stream (eg- keyboard)
stdout - standard output stream (eg- monitor)
stderr - standard error output.
# Below cat-command will execute and redirect its error to (stderr) #to the bit bucketcat file.txt 2>/dev/null# below echo-command will execute and redirect its normal outout (stdout).echo "there was an error" 1>&2
man cat #Manual pagecat 1.txt 2.txt > new.txt
cat >new.txt 1.txt 2.txt
>new.txt cat 1.txt 2.txt
man sortcat -n file.txt // file cat with no of lines.cat company_ip | sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n ipaddr.list
Image for post
Image for post

Wow, that’s ugly. Here it is in the old format:

cat company_ip | sort -t. +0n -1 +1n -2 +2n -3 +3n -
man uniq
man grepgrep root /etc/passwdgrep -n root /etc/passwdgrep -v bash /etc/passwd | grep -v nologingrep -c false /etc/passwdgrep -i ps ~/.bash* | grep -v history
man wc

Permissions Commands

man id
man chmodchmod u+x script.shchmod +x script.sh
man su
man sudo
man passwd

Processes Commands

ps xps auxps -efps -ef | grep stuck_processkill -9 5607

When a process starts up several instances, killall might be easier. It takes the same option as the kill command but applies on all instances of a given process.

Environment commands

Env and printenv commands used to display the environment variable.

printenv or envman printenvprintenv | lessprintenv USER
set | lessset -o // display all shell options
man vim

Benefits of using vim

vim is always available & vim is lightweight and fast

vi filname-txtEnter "i" to edit:q to exit and save:q! to force exit and saveo - The line below the current line.O - The line above the current line.

if interested. good read

Networking Commands —

Important networking files within the local machine.

  • /etc/hosts — Name to the Ip address
  • /etc/networks — Network name to the IP address
  • /etc/protocol — Protocol name to the Protocol number.
  • /etc/services — TCP/UDP names to the port number.
man ping
man traceroute
man netstatnetstat -ienetstat -r
man wget
man curl

Getting subdomains from curl using certspotter.com

curl -s https://certspotter.com/api/v0/certs\?domain\=deliveroo.co.uk | jq '.[].dns_names[]' | sed 's/\*\.//g' | tr -d "\"" | sort -u
Image for post
Image for post

Cool bash_profile by Behrouz Sadeghipour

you can add the recon_profile in bash_profile present in the root directory.

Image for post
Image for post

you can also customize it according to your need.

Searching for files commands —

man locatelocate bin/zip
locate zip | grep bin
find ~
find ~ | wc -l
find ~ -type d | wc -l
find ~ -type f | wc -l
find ~ -type f -name "*.JPG" -size +1M | wc -l 840

text processing commands,

cut — cut out a selected portion of each line of a file.

man cut


AWK: Effective AWK Programming: A User’s Guide for GNU Awk

the basic function of awk is to search files for lines or other text unit text containing one or more pattern. when a line matches one of the patterns, special action is performed on that line.

awk 'EXPRESSION { PROGRAM }' file(s)

The variables $1, $2, $3, …, $N hold the values of the first, second, third until the last field of an input line. The variable $0 (zero) holds the value of the entire line.

man awkls -l | awk '{ print $5 $9 }'history | awk 'BEGIN {FS="[ \t]+|\\|"} {print $3}' | sort | uniq -c | sort -nr | headRemove duplicate lines: awk '!a[$0]++'

We can use the parallel command to resolve the multiple javascript URLs present in a text file.

we can use TomNomNom way back URL to get javascript files URLs.

waybackurls deliveroo.com | grep ".js" > deliveroo-js.txtcat deliveroo-js.txt | parallel -j50 -q curl -w 'Status:%{http_code}\t Size:%{size_download}\t %{url_effective}\n' -o /dev/null -sk
Image for post
Image for post
Thanks to Bharat from Appsecco.

More commands

man clear
histroy | less!88 - bash will expand “!88” into the contents of the 88th line in the history list!! - Repeat the last command

Display most used commands

history | awk 'BEGIN {FS="[ \t]+|\\|"} {print $3}' | sort | uniq -c | sort -nr | head

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both

high-level operations and full access to internals.


ASN — An autonomous system number (ASN) is a unique number assigned to an autonomous system (AS) by the Internet Assigned Numbers Authority (IANA).

ASN Example : - AS63086


CIDR(Classless Inter-Domain Routing or supernetting ) — is a way to allow more flexible allocation of Internet Protocol (IP) addresses than was possible with the original system of IP address classes.

A CIDR network address looks like this under IPv4:


Get CIDR from ASN numbers.

whois -h whois.radb.net -- '-i origin AS63086' | grep -Eo "([0-9.]+){4}/[0-9]+" | head
Image for post
Image for post

CIDR to IP addresses using nmap

nmap -sL | grep "Nmap scan report" | awk '{print $NF}'
Image for post
Image for post

Finding Up hosts using NMAP.

nmap -sP -oG uber-ips.txt
Image for post
Image for post

Grep fro UP hosts only.

cat uber-ips.txt | grep Up | cut -d" " -f2
Image for post
Image for post

Saving UP hosts as uber-up-hosts.txt

Running masscan on uber-up-hosts.txt

masscan -iL uber-up-hosts.txt -p80,443,8080,8000,9000,8888,9999 --rate 10000 --open
Image for post
Image for post

Find your IP address using the command line:

/sbin/ifconfig -a | awk '/(cast)/ { print $2 }' | cut -d':' -f2 | head -1

Pulling IP address from a file.

grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'

Subdomains from hacker target

curl -s https://api.hackertarget.com/hostsearch/?q=deliveroo.com | cut -d',' -f1 | sort -u
Image for post
Image for post

Subdomains from Threatcrowd

curl -s https://www.threatcrowd.org/searchApi/v2/domain/report/?domain=deliveroo.com | jq -r '.subdomains | .[]' | sort -u
Image for post
Image for post

Subdomains from Certspotter

curl -s https://certspotter.com/api/v0/certs\?domain\=deliveroo.co.uk | jq '.[].dns_names[]' | sed 's/\*\.//g' | tr -d "\"" | sort -u
Image for post
Image for post

Subdomain from crt.sh

curl -s https://crt.sh/?q=%.hackerone.com | sed '/crt/d' | sed 's/<\/\?[^>]\+>//g' | tr -d ' ' | sed 's/  */ /g' | sed 's/\*\.//g' | sed 's/\%\.//g' | sed -e '1,2d' | sort -u | uniq | grep hackerone | sed '/IdentityLIKE/d'
Image for post
Image for post

subdomains from Archive.

curl -s "http://web.archive.org/cdx/search/cdx?url=*.hackerone.com/*&output=text&fl=original&collapse=urlkey" |sort| sed -e 's_https*://__' -e "s/\/.*//" -e 's/:.*//' -e 's/^www\.//' | sort -u
Image for post
Image for post

cat deliveroo-domains.txt | filter-resolved > deliveroo-domains-resolved.txt

Image for post
Image for post

fetch titles of the subdomains from a list using httprobeand get-title

cat deliveroo-domains.txt | httprobe | get-title
Image for post
Image for post

Fetching interesting URL from waybackmachine

echo hackerone.com | waybackurls | tee test.txt | urinteresting
Image for post
Image for post

Subdomain from SSL certificates.

true | openssl s_client -connect hackerone.com:443 2> /dev/null | openssl x509 -noout -text 2> /dev/null | grep DNS: | sed 's/ DNS://g' | sed 's/ //g' | sed 's/,/\'$'\n/g'
Image for post
Image for post

Command line basic shortcuts

ctrl + a - move cursor to the begining of the line
ctrl + e - move cursor to the end of the line.
Alt+f - move one word forward
Alt+b Move cursor one work backword
ctrl+l- clear the clean (clear command alternative)

Personal Aliases —

these are the only tip of the iceberg,

more one-liners?

practice and make one-liners according to your need.


Thanks to all of the following peoples for creating awesome content.

Bash Cookbook by Carl Albing, JP Vossen, and Cameron NewhamThe Linux Command Line by William ShottPenetration Testing with the Bash Shell by Keith Makan

Closing Gifs.


Until Next Time!

Written by

Security Engineer II @zomato | Information Security Researcher | Bug Bounty Hunter | https://hackerone.com/ehsahil

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store