{"id":15576303,"url":"https://github.com/syslog777/linux-bash-tutorial","last_synced_at":"2025-11-01T09:03:57.706Z","repository":{"id":187565943,"uuid":"95843566","full_name":"Syslog777/Linux-Bash-Tutorial","owner":"Syslog777","description":"An essential guide to Bash and Linux","archived":false,"fork":false,"pushed_at":"2017-12-13T08:21:15.000Z","size":54,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-08T15:56:37.746Z","etag":null,"topics":["bash-guide","bash-tutorial","linux-guide","linux-terminal"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Syslog777.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2017-06-30T03:18:11.000Z","updated_at":"2021-03-23T17:57:03.000Z","dependencies_parsed_at":"2023-08-11T05:16:34.741Z","dependency_job_id":"e0edfe4e-b368-45d5-a785-4d036ba3a879","html_url":"https://github.com/Syslog777/Linux-Bash-Tutorial","commit_stats":null,"previous_names":["syslog777/linux-bash-tutorial"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Syslog777/Linux-Bash-Tutorial","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Syslog777%2FLinux-Bash-Tutorial","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Syslog777%2FLinux-Bash-Tutorial/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Syslog777%2FLinux-Bash-Tutorial/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Syslog777%2FLinux-Bash-Tutorial/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Syslog777","download_url":"https://codeload.github.com/Syslog777/Linux-Bash-Tutorial/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Syslog777%2FLinux-Bash-Tutorial/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278972319,"owners_count":26078017,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-08T02:00:06.501Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash-guide","bash-tutorial","linux-guide","linux-terminal"],"created_at":"2024-10-02T18:45:22.405Z","updated_at":"2025-10-08T15:56:38.172Z","avatar_url":"https://github.com/Syslog777.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Bash-101\n\n![N|Solid](http://jon.dehdari.org/images/logos/bash.png)\n# Table of Contents\n - [About Bash-101](#about-bash-101)\n #### Getting started\n  - [Using man to learn more about applications][man]\n  - [Installing applications using apt][apt]\n  - [Basic Usage of 'ls' Command in Linux With Examples][ls]\n  - [HowTo: Use pwd Command In Linux / UNIX][pwd]\n  - [Writing a Simple Bash Script][jzb]\n#### Advanced Scripting\n  - [Batch file installation](#batch-file-installation)\n  - [An in-depth exploration of the art of shell scripting][absc]\n  - [How to Pass Arguments to a Bash-Script][patbc]\n#### Hacks\n  - [Nmap Network Scanning][ns1]\n  - [Live hosts scanning with Nmap][ns2]\n  - [The Art of Port Scanning - by Fyodor][nps1]\n  - [Open Port Scanning and OS Detection with Nmap in Kali Linux][nps2]\n  - [Penetration Testing Cheat Sheet][ptcs]:\n  - [LFI Vulnerability][lfics]\n  - [Sick OS 1.1][soswt]\n  - [Nbtscan sheet][nbtss]\n - [Essential Linux Applications](#essential-linux-programs)\n\n##### About Bash-101\n  Bash is the command language interpreter or shell script interpreter for the GNU operating system. Every pentester\n  that uses Linux, usually uses Bash. This guide is here to show you some of the basics of how to make Linux do what you\n  want it to do.\n\nWith this you will be able to:\n  - Write and read Bash scripts\n  - Use the Linux terminal/command line\n  - Perform pentesting such as MiTM, sniffing and Wifi hacks\n  - And so much more\n\n### Batch file installation \n\nThis script installs all most of the\nessential applications in a semi-automated manner.\nHere are the steps to making this script work on your Linux\ncomputer:\n - Create a file named \"install_all.sh\"\n - Open that file, then copy the code below and paste it\n   into that file.\n - Save the file, then open up a terminal in the same place\n   the file is in. You should be able to see the file if you\n   type \"ls\" from within the console.\n - Now type \"chmod u+x\". This will make the file executable.\n - Next, place this file in the \"/bin\" directory.\n - Lastly, type install_all.sh in your terminal.\n```sh\n#!/bin/bash\nmyarray=(chkrootkit etherape nikto ettercap-graphical rkhunter\np0f nmap aircrackng netdiscover reaver nbtscan macchanger synaptic\nfirehol htop git get-config nano apt dpkg logkeys denyhosts tiger\nlynis away xtrlock clamtk zenmap lua5.1 sshd dsniff yum mate-terminal\nsamba-common-bin aircrack-ng iprange cmake linuxlogo)\nprintf \"\nProduced by\n    ____  _ __  ______          __         \n   / __ )(_) /_/ ____/___  ____/ /__  _____\n  / __  / / __/ /   / __ \\/ __  / _ \\/ ___/\n / /_/ / / /_/ /___/ /_/ / /_/ /  __/ /    \n/_____/_/\\__/\\____/\\____/\\__,_/\\___/_/ \n\"\nsudo su\n\nfor program in \"${myarray[@]}\" \ndo\n    sudo apt-get install $program\ndone\n```\n\n# Essential Linux Programs\n    \n - Nmap (\"Network Mapper\") is an open source tool for network exploration\nand security auditing. It was designed to rapidly scan large networks,\nalthough it works fine against single hosts. Nmap uses raw IP packets\nin novel ways to determine what hosts are available on the network, what\nservices (application name and version) those hosts are offering, what\noperating systems (and OS versions) they are running, what type of packet\nfilters/firewalls are in use, and dozens of other characteristics. While\nNmap is commonly used for security audits, many systems and network\nadministrators find it useful for routine tasks such as network inventory,\nmanaging service upgrade schedules, and monitoring host or service uptime. \n\n\n- netdiscover is an active/passive  arp  reconnaissance  tool,  initially\ndeveloped  to  gain  information  about  wireless networks without dhcp\nservers in wardriving scenarios. It can also be used on  switched  net‐\nworks.  Built  on  top  of  libnet and libpcap, it can passively detect\nonline hosts or search for them by sending arp requests.\nFurthermore, it can be used to inspect your network's arp  traffic,  or\nfind network addresses using auto scan mode, which will scan for common\nlocal networks.\n\n - ip - show / manipulate routing, devices, policy routing and tunnel\n\n- p0f uses a fingerprinting technique based on analyzing the structure of\na TCP/IP packet to determine the operating system and other  configura‐\ntion properties of a remote host. The process is completely passive and\ndoes not generate any suspicious network traffic. The other host has to\neither\n\n - ettercap was born as a sniffer for switched  LAN  (and  obviously  even\n\"hubbed\"  ones),  but during the development process it has gained more\nand more features that have changed it to a powerful and flexible  tool\nfor  man-in-the-middle attacks.  It supports active and passive dissec‐\ntion of many protocols (even ciphered ones) and includes many  features\nfor network and host analysis (such as OS fingerprint).\n\n- nbtscan is a program for scanning IP networks for NetBIOS name informa‐\ntion.  It  sends NetBIOS status query to each address in supplied range\nand lists  received  information  in  human  readable  form.  For  each\nresponded  host  it  lists IP address, NetBIOS computer name, logged-in\nuser name and MAC address (such as Ethernet).\n\n- dsniff\ndsniff is a password sniffer which handles  FTP,  Telnet,  SMTP,  HTTP,\nPOP,  poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP MS-CHAP,\nNFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster, PostgreSQL,\nMeeting  Maker, Citrix ICA, Symantec pcAnywhere, NAI Sniffer, Microsoft\nSMB, Oracle SQL*Net, Sybase and Microsoft SQL protocols.\n\n - etherApe is a network traffic browser.  It  displays  network  activity\ngraphically.  It  uses GNOME libraries as its user interface, and libp‐\ncap, a packet capture and filtering library.\n\n- reaver  implements  a  brute  force attack against WiFi Protected Setup\nwhich can crack the WPS pin of an access point in a matter of hours and\nsubsequently recover the WPA/WPA2 passphrase.\n  Specifically,  reaver targets the registrar functionality of WPS, which\nis flawed in that it only takes 11,000 attempts to  guess  the  correct\nWPS  pin in order to become a WPS registrar. Once registred as a regis‐\ntrar with the access point, the access point  will  give  you  the  WPA\npassphrase.\n\n- arp  manipulates or displays the kernel's IPv4 network neighbour cache.\nIt can add entries to the table, delete one or display the current con‐\ntent. ARP stands  for Address Resolution Protocol, which is used to find the\nmedia access control address of a network neighbour for  a  given  IPv4\nAddress.\n\n- wpa_supplicant  is  an  implementation of the WPA Supplicant component,\ni.e., the part that runs in the client stations. It implements WPA  key\nnegotiation  with  a  WPA  Authenticator  and  EAP  authentication with\nAuthentication Server. In addition, it controls the  roaming  and  IEEE\n802.11 authentication/association of the wireless LAN driver. \n  wpa_supplicant  is  designed  to be a \"daemon\" program that runs in the\nbackground and acts as the backend component controlling  the  wireless\nconnection.  wpa_supplicant  supports separate frontend programs and an\nexample text-based frontend, wpa_cli, is included with wpa_supplicant.\n\n- macchanger  is  a  GNU/Linux  utility  for viewing/manipulating the MAC\naddress for network interfaces.\n\n- nikto examines a web server to find potential problems and security\nvulnerabilities, including:\n\n      ·   Server and software misconfigurations\n\n      ·   Default files and programs\n\n      ·   Insecure files and programs\n\n      ·   Outdated servers and programs\n\n\u003eNikto is built on LibWhisker (by RFP) and can run on any platform which\nhas a Perl environment. It supports SSL, proxies, host authentication,\nIDS evasion and more. It can be updated automatically from the\ncommand-line, and supports the optional submission of updated version\ndata back to the maintainers.\n\n\n- aircrack-ng is an 802.11 WEP and WPA/WPA2-PSK key cracking program.\nIt can recover the WEP key once enough encrypted packets have been cap‐\ntured with airodump-ng. This part of the aircrack-ng  suite  determines\nthe  WEP key using two fundamental methods. The first method is via the\nPTW approach (Pyshkin, Tews, Weinmann). The main advantage of  the  PTW\napproach  is  that  very few data packets are required to crack the WEP\nkey. The second method is the FMS/KoreK method.  The  FMS/KoreK  method\nincorporates  various  statistical  attacks to discover the WEP key and\nuses these in combination with brute forcing.\nAdditionally, the program offers a dictionary  method  for  determining\nthe WEP key. For cracking WPA/WPA2 pre-shared keys, a wordlist (file or\nstdin) or an airolib-ng has to be used.\n\n- ssh (SSH client) is a program for logging into a remote machine and for\nexecuting commands on a remote machine.  It is intended to provide secure\nencrypted communications between two untrusted hosts over an insecure\nnetwork.  X11 connections, arbitrary TCP ports and UNIX-domain sockets\ncan also be forwarded over the secure channel.\n\n- ftp — Internet file transfer program\n\n- telnet is used for interactive communication with another\nhost using the TELNET protocol. It begins in command mode, where it\nprints a telnet prompt (\"telnet\u003e \"). If telnet is invoked with a host\nargument, it performs an open command implicitly; see the description\nbelow.\n\n- iprange - manage IP ranges\n\n- net utility is meant to work just like the net utility\navailable for windows and DOS. The first argument should be used to\nspecify the protocol to use when executing a certain command. ADS is\nused for ActiveDirectory, RAP is using for old (Win9x/NT3) clients and\nRPC can be used for NT4 and Windows 2000. If this argument is omitted,\nnet will try to determine it automatically. Not all commands are\navailable on all protocols.\n\n- less is a program similar to more (1), but it has many  more  features.\nLess  does  not  have to read the entire input file before starting, so\nwith large input files it starts up faster than text  editors  like  vi\n(1).  Less uses termcap (or terminfo on some systems), so it can run on\na variety of terminals.  There is even  limited  support  for  hardcopy\nterminals.   (On  a hardcopy terminal, lines which should be printed at\nthe top of the screen are prefixed with a caret.)\n\n- sha256sum - computs, print and check SHA256 message digests.\n\n- xterm  is a terminal emulator for the X Window System.  It\nprovides DEC VT102/VT220 and selected features from higher-level termi‐\nnals  such  as  VT320/VT420/VT520  (VTxxx).  It also provides Tektronix\n4014 emulation for programs that cannot use the window system directly.\nIf the underlying operating system supports terminal resizing capabili‐\nties (for example, the SIGWINCH signal in systems derived from 4.3BSD),\nxterm  will use the facilities to notify programs running in the window\nwhenever it is resized.\n\n- ps displays information about a selection of the active processes.  If\nyou want a repetitive update of the selection and the displayed\ninformation, use top instead.\n\n- htop is a free (GPL) ncurses-based process viewer for Linux.\nIt  is similar to top, but allows you to scroll vertically and horizon‐\ntally, so you can see all the processes running on  the  system,  along\nwith  their  full  command  lines, as well as viewing them as a process\ntree, selecting multiple processes and acting on them all at once.\nTasks related to processes (killing,  renicing)  can  be  done  without\nentering their PIDs.\n\n- dpkg - package manager for Debian\n\n- synaptic  is a frontend for the apt package managent system.  It allows\nyou to perform all actions of the command line tool apt-get in a graph‐\nical environemnt. This includes installing, upgrading, downgrading  and\nremoving of single packages or even upgrading your whole system.\nA manual with detailed instructions can be found in the  help  menu  of\nSynaptic.\n\n- apt provides a high-level commandline interface for the package\nmanagement system. It is intended as an end user interface and enables\nsome options better suited for interactive usage by default compared to\nmore specialized APT tools like apt-get(8) and apt-cache(8).\n\n- yum is an interactive, rpm based, package manager. It can automatically\nperform system updates, including dependency analysis and obsolete pro‐\ncessing  based  on \"repository\" metadata. It can also perform installa‐\ntion of new packages, removal of old packages and  perform  queries  on\nthe  installed and/or available packages among many other commands/ser‐\nvices (see below). yum is similar to other high level package  managers\nlike apt-get and smart.\n\n- git is a fast, scalable, distributed revision control system with an\nunusually rich command set that provides both high-level operations and\nfull access to internals.\n\n- wget is a free utility for non-interactive download of files from\nthe Web.  It supports HTTP, HTTPS, and FTP protocols, as well as\nretrieval through HTTP proxies.\n\n- nano  is  a small, free and friendly editor which aims to replace Pico,\nthe default editor included in the non-free Pine package.   On  top  of\ncopying  Pico's  look  and  feel, nano also implements some missing (or\ndisabled by default) features in Pico, such as \"search and replace\" and\n\"go to line and column number\".\n\n- logkeys  is a linux keylogger. It is no more advanced than other avail‐\nable linux keyloggers, notably lkl and uberkey, but  is  a  bit  newer,\nmore  up  to  date,  it doesn't unreliably repeat keys and it shouldn't\ncrash your X. All in all, it just seems to work. It relies on the event\ninterface     of    Linux    input    subsystem    (normally    devices\n/dev/input/eventX).\n\n- ls (list)  information  about  the FILEs (the current directory by default).\nSort entries alphabetically if none of -cftuvSUX nor --sort  is  speci‐\nfied.\n\n- find - search for files in a directory hierarchy\n\n- firehol - an easy to use but powerful iptables stateful firewall\n\n- ufw is for managing a Linux firewall and aims to provide an\neasy to use interface for the user.\n\n- denyHosts  is a python program that automatically blocks ssh attacks by\nadding entries to /etc/hosts.deny.  DenyHosts will also  inform  system\nadministrators  about  offending  hosts,  attacked users and suspicious\nlogins.\n\n- chkrootkit  examines  certain  elements of the target system and deter‐\nmines whether they have been tampered with. Some tools which chkrootkit\napplies  while  analyzing  binaries  and  log  files  can  be  found at\n/usr/lib/chkrootkit.\n\n- rkhunter is  a  shell  script  which carries out various checks on the\nlocal system to try and detect known rootkits and malware. It also per‐\nforms  checks  to  see  if  commands  have been modified, if the system\nstartup files have been modified, and various  checks  on  the  network\ninterfaces, including checks for listening applications.\nrkhunter  has  been written to be as generic as possible, and so should\nrun on most Linux and UNIX systems. It is provided  with  some  support\nscripts should certain commands be missing from the system, and some of\nthese are perl scripts.  rkhunter does require certain commands  to  be\npresent  for it to be able to execute. Additionally, some tests require\nspecific commands, but if these are not present then the test  will  be\nskipped.  rkhunter needs to be run under a Bourne-type shell, typically\nbash or ksh. rkhunter can be run  as  a  cron  job  or  from  the  com‐\nmand-line.\n\n- tiger is a package consisting of Bourne Shell scripts, C code and  data\nfiles  which  is used for checking for security problems on a UNIX sys‐\ntem.  It scans system configuration files, file systems, and user  con‐\nfiguration  files for possible security problems and reports them.  The\ncommand tigexp(8) can be used to obtain explanations  of  the  problems\nreported by tiger.\n\n - lynis is a security auditing tool for Linux and Unix systems. It checks\nthe system and software configurations, to determine any  improvements.\nAll details are logged in a log file. Findings and other data is stored\nin a report file, which can be used to create auditing reports.   Lynis\ncan  be  run as a cronjob, or from the command line. Lynis prefers root\npermissions (or sudo), so it can access all parts of the  system,  how‐\never it not required (see pentest mode).\n\n- xtrlock locks the X server till the user enters their password  at  the\nkeyboard. While  xtrlock  is  running, the mouse and keyboard are grabbed\nand the mouse cursor becomes a padlock.  Output displayed by  X  programs,  and\nwindows  put  up  by new X clients, continue to be visible, and any new\noutput is displayed normally.\nThe mouse and keyboard are returned when the user types their password,\nfollowed  by Enter or Newline.  If an incorrect password is entered the\nbell is sounded.  Pressing Backspace or Delete erases one character  of\na  password  partially  typed; pressing Escape or Clear clears anything\nthat has been entered.\nIf too many attempts are made in too short a  time  further  keystrokes\ngenerate bells and are otherwise ignored until a timeout has expired.\nThe  X  server  screen saver continues to operate normally; if it comes\ninto operation the display may be restored by the usual means of touch‐\ning a key (Shift, for example) or the mouse.\n\n- away is a simple program that locks your terminal, checks for new mail\nin any given number of mailboxes, and lets other users know why you are\ninactive.\n\n- psswd is a program for changing your linux password\n\n- pwd \n  - prints the full filename of the current working directory. \n  - Import and save files from GitHub, Dropbox, Google Drive and One Drive\n  - Drag and drop markdown and HTML files into Dillinger\n  - Export documents as Markdown, HTML and PDF\n\n[//]: # (These are reference links used in the body of this note and get stripped out when the markdown processor does its job. There is no need to format nicely because it shouldn't be seen. Thanks SO - http://stackoverflow.com/questions/4823468/store-comments-in-markdown-syntax)\n\n\n   [dill]: \u003chttps://github.com/joemccann/dillinger\u003e\n   [git-repo-url]: \u003chttps://github.com/joemccann/dillinger.git\u003e\n   [john gruber]: \u003chttp://daringfireball.net\u003e\n   [df1]: \u003chttp://daringfireball.net/projects/markdown/\u003e\n   [markdown-it]: \u003chttps://github.com/markdown-it/markdown-it\u003e\n   [Ace Editor]: \u003chttp://ace.ajax.org\u003e\n   [node.js]: \u003chttp://nodejs.org\u003e\n   [Twitter Bootstrap]: \u003chttp://twitter.github.com/bootstrap/\u003e\n   [jQuery]: \u003chttp://jquery.com\u003e\n   [@tjholowaychuk]: \u003chttp://twitter.com/tjholowaychuk\u003e\n   [express]: \u003chttp://expressjs.com\u003e\n   [AngularJS]: \u003chttp://angularjs.org\u003e\n   [Gulp]: \u003chttp://gulpjs.com\u003e\n   [jzb]: \u003chttps://www.linux.com/LEARN/writing-simple-bash-script\u003e\n   [rmf]: \u003chttps://github.com/YoungCode26/Bash-Shell-Scripting/blob/master/README.md\u003e\n   [ns1]: \u003chttps://nmap.org/book/man-examples.html\u003e\n   [ns2]: \u003chttp://www.hackingtutorials.org/scanning-tutorials/scanning-for-live-hosts-with-nmap/\u003e\n   [nps1]: \u003chttps://nmap.org/nmap_doc.html\u003e\n   [nps2]: \u003chttp://www.hackingtutorials.org/scanning-tutorials/port-scanning-and-os-detection-with-nmap/\u003e\n   [apt]: \u003chttps://www.digitalocean.com/community/tutorials/how-to-manage-packages-in-ubuntu-and-debian-with-apt-get-apt-cache\u003e\n   [ls]: \u003chttp://www.yourownlinux.com/2014/01/linux-ls-command-tutorial-with-examples.html\u003e\n   [pwd]: \u003chttps://www.cyberciti.biz/faq/pwd-linux-unix-command-examples/\u003e\n   [absc]: \u003chttp://tldp.org/LDP/abs/html/\u003e\n   [man]: \u003chttps://www.linux.com/blog/12-examples-decode-man-pages-linuxunix-0\u003e\n   [patbc]: \u003chttps://www.lifewire.com/pass-arguments-to-bash-script-2200571\u003e\n   [ptcs]: \u003chttps://highon.coffee/blog/penetration-testing-tools-cheat-sheet/\u003e\n   [lfics]: \u003chttps://highon.coffee/blog/lfi-cheat-sheet/\u003e\n   [soswt]: \u003chttps://highon.coffee/blog/sickos-1-walkthrough/\u003e\n   [nbtss]: \u003chttps://highon.coffee/blog/nbtscan-cheat-sheet/\u003e\n   [mit]: \u003chttps://opensource.org/licenses/MIT\u003e\n   \n   ### Lisence\n   [MIT][mit]  \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsyslog777%2Flinux-bash-tutorial","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsyslog777%2Flinux-bash-tutorial","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsyslog777%2Flinux-bash-tutorial/lists"}