Master the art of offensive bash scripting. This highly practical hands-on guide covers chaining commands together, automating tasks, crafting living-off-the-land attacks, and more! Bash is one of the first building blocks that expert penetration testers learn. But every hacker, regardless of experience level, should know their way around a bash shell--its powerful scripting language lets you scale your attacks and write your own tools when others aren't available.
Black Hat Bash will teach you how to harness this essential pentesting skill set through hands-on exercises that use bash scripting to chain commands together, automate critical tasks, craft successful living-off-the-land attacks, and more.
Early chapters cover the bash scripting language's syntax and help you set up a lab environment to test your newfound bash abilities during all stages of the penetration testing process. You'll soon be automating reconnaissance tasks, performing OS command injection, parsing tool output to extract important information, and maneuvering a restricted network using bash techniques that make your offensive engagements more efficient.
This book makes bash easy to learn. And, with its focus on presenting bash in the context of pentesting, you'll not only learn the language but you'll also pick up lots of hacking tricks that allow you to use bash right away as your go-to offensive security tool.
掌握攻擊性 Bash 腳本編寫的藝術。本書是一個高度實用的手把手指南,涵蓋了命令鏈接、自動化任務、製作生活在土地上的攻擊等內容!
Bash 是專業滲透測試者學習的第一個基礎工具之一。但每位黑客,不論經驗水平,都應該熟悉 Bash Shell——其強大的腳本語言讓你能夠擴展攻擊並在其他工具不可用時編寫自己的工具。《Black Hat Bash》將通過實作練習教你如何利用這項基本的滲透測試技能,使用 Bash 腳本將命令鏈接在一起,自動化關鍵任務,製作成功的生活在土地上的攻擊等。
早期章節涵蓋了 Bash 腳本語言的語法,並幫助你設置實驗室環境,以便在滲透測試過程的各個階段測試你新學會的 Bash 能力。你將很快開始自動化偵查任務,執行操作系統命令注入,解析工具輸出以提取重要信息,並使用 Bash 技術在受限網絡中靈活運用,讓你的攻擊行動更加高效。
本書使 Bash 容易學習。而且,因為它專注於在滲透測試的背景下呈現 Bash,你不僅會學會這門語言,還會掌握許多黑客技巧,讓你能立即將 Bash 作為你的首選攻擊性安全工具。
Dolev Farhi is a security engineer and author of
Black Hat GraphQL (No Starch Press, 2023). He is a distinguished security engineer at Palo Alto Networks, where he uses bash daily to automate security tests and sift through network and application artifacts.
Nick Aleks has served as a distinguished security engineer at TD Bank and is the chief hacking officer at ASEC. He has extensive experience using bash scripting on red teams, in penetration tests, and in software development projects. Aleks is also coauthor of
Black Hat GraphQL (No Starch Press, 2023).
Dolev Farhi 是一位安全工程師,也是《Black Hat GraphQL》(No Starch Press, 2023)的作者。他是 Palo Alto Networks 的傑出安全工程師,每天使用 bash 來自動化安全測試並篩選網路和應用程式的資料。
Nick Aleks 曾擔任 TD Bank 的傑出安全工程師,並且是 ASEC 的首席駭客官。他在紅隊、滲透測試和軟體開發專案中擁有豐富的 bash 腳本經驗。Aleks 也是《Black Hat GraphQL》(No Starch Press, 2023)的共同作者。