My friends at Packt Publishing cut me a copy of Penetration Testing with the Bash Shell by Keith Makan. To my disappointment, there wasn’t really a lot of material on the bash shell in this book. Which leads us to a great follow-up question: “What’s in there?”
Let’s break it down.
First off, the book is a quick read and is only five chapters at about a hundred and twenty-five pages.
Chapter one goes into the basics of navigating the file system— learning how to change directories, use the man pages, IO redirection, find and grep. Pretty standard stuff for any tech book.
Chapter two talks about how to configure your prompt, managing your history file, and setting up/configuring tab completion.
Chapter three goes into reconnaissance with tools like dig, dnsmap, ping, and nmap. I don’t feel like executing other applications from the command line really constitutes ‘penetration testing with the bash shell’.
Exploitation and reverse engineering is the topic for chapter four. That means using metasploit and its suite of tools. The section on reverse engineering doesn’t really go into any examples of revering, just goes over objdump and gdb.
And we finish up with chapter five which covers MAC/arp spoofing, ettercap, brute forcing with medusa, using tcpdump and some automated scanning tools.
Overall, this books wasn’t bad. I think it isn’t named appropriately for the content. If you’re fresh to the penetration testing scene, you should be able to pick up some info from here. But if you’re looking on some more in-depth configurations and use of bash or penetration testing… move along.
You can read more about it here.