Up Next from #TripwireBookClub is Black Hat Bash: Creative Scripting for Hackers and Pentesters by Dolev Farhi and Nick Aleks. This duo previously published Black Hat GraphQL, which we reviewed in March 2024.
This book did not disappoint. I think that my favourite aspect of the book is the way that it uses stepping stones to get you through the book. Although I don’t teach anymore, I always think about the possibility of using a book as a textbook.
This one would be fantastic for teaching an introduction to Bash course or even for use in an intro to Linux course. I think that first-year students would have a very easy time following along and taking away a lot of value from a book like this.
One thought that I had, although I didn’t act on it, was that it would be interesting to hand the book to my wife. She’s very non-technical, but I have a feeling that she could make it through the book without issue because the authors have done such a great job of setting things up and guiding you through the steps. This book would also make a great gift for any teen looking to become more technical and learn a bit more about how computers work.
Even though I’m pointing to this as a beginner’s book, I want to emphasize that anyone could tackle this book and learn something. It definitely isn’t just for beginners, anyone who picks up this book is going to learn something new.
What’s the Verdict?
Let’s find out what members of the team had to say about the book.
Black Hat Bash does a good job of getting the user interested in the soft-white underbelly of the hacking world. This book, from beginning to end, does a good job of walking a fine line between holding the reader’s hand and letting them branch out, explore, and improve on the examples that are given throughout the book.
The author feels like they knew who their target audience would be, so they did an excellent job at running through the basics of bash and slowly building up the reader's arsenal of tools as they continue reading through chapters with good, detailed examples.
I recommend this book to anyone with any level of experience in bash and who wants to learn some new tools that can be coupled with your newfound bash scripting knowledge.
Rating: 5.0/5.0
– Matthew Jerzewski, Cybersecurity Researcher III, Fortra
Black Hat Bash is a pretty good book for those interested in getting started with ethical hacking, bug bounties, and pentesting. It would also be a good source for Linux system administrators who would like to understand the tools and techniques used to exploit various systems; it could be a resource for learning ways to detect and/or prevent an administrator’s systems from being hacked.
To start, I have to say that the book title could be a little deceiving at first glance. For example, I was thinking the book was purely Black Hat Bash scripting. However, the book goes further in that it combines scripting with Linux OS tooling and other open-source ethical hacking tools. I think a better title would be “Black Hat Bash and Hacker Tooling”, but that’s just me.
Now, on to the book. The book, as I alluded to above, is really focused on an early beginner who has minimal experience with Bash, Linux, and open-source hacker tooling. It starts off with the basics of Bash shells and scripting.
One thing I always like to see with a technical book of this kind is a lab environment to use for learning. Dolev and Nick provide a great chapter along with resources for building a test lab to learn the material, along with a GitHub repo of scripts and resources—big Kudos for that.
The rest of the book is where things start to get interesting—they provide a mixture of teaching aspects of Bash shell, scripting, Linux OS fundamentals (from a hacking/security perspective), and the use of open-source tools and applications for ethical hacking.
The book provides a common hacking sequence from reconnaissance to scanning (looking for vulnerable targets), web shells, reverse shells, and various other steps (read the table of contents), and finally, defense evasion and data exfiltration.
Once again, the chapters follow a common order of events based on a common attack “kill chain”. Overall, I recommend the book to anyone getting started in the areas listed above.
Rating: 4.5/5.0
– Lane Thames, Principal Cybersecurity Researcher, Fortra
Black Hat Bash by Dolev Farhi and Nick Aleks demonstrates how bash scripting can be used for penetration testing. The authors explain the basic logic and process of writing bash scripts. This knowledge provides the readers the ability to write their own bash scripts. This allows the readers to use bash scripting in the later chapters to parse output from command line tools. This permits the authors to demonstrate the usefulness of bash scripting by utilizing it while exploiting a lab environment. Overall, the book was a good read.
Rating 4.0/5.0
– Andrew Swoboda, Senior Cybersecurity Researcher, Fortra
Black Hat Bash by Dolev Farhi and Nick Aleks is a great introduction to bash scripting, hacking, Kali Linux, and the power that comes from combining those three toolsets. The book comes with a Docker-based lab that includes a variety of targets in a simulated network. The lab is used to effectively practice the skills being taught while leaving room for readers to explore further on their own.
This book focuses on using bash scripts to leverage existing tools more efficiently, for example, by running them against multiple hosts at once or filtering their output to specific pieces of data. It starts by teaching basic bash commands and then expands to specific tools included in Kali Linux. It also explores Linux commands that are particularly interesting to hackers and pentesters due to either the information they provide or their ability to be exploited to gain further unauthorized access of a system.
I would highly recommend Black Hat Bash to any beginner to hacking, pentesting and Kali Linux. I also think it could be a fun way to learn basic bash skills for anyone new to Linux command line tools even without the specific goal of learning hacking or pentesting skills.
Rating: 4.0/5.0
– Darlene Hibbs, Senior Cybersecurity Researcher, Fortra
Excellent read. It focuses more on how to use Bash as an orchestrator than becoming a master of Bash. The level of Bash in the book is not too high. You will not be a Bash ninja by the end of the book, but you will have all the tools you need to integrate Bash with other tools and get all the information you need without leaving the terminal.
That is the whole point of the book: remembering people that you don't need an arsenal of tools and a pretty UI to be good at hacking. The only thing you need is to know how everything works under the hood and a LOT of practice. The way the book is structured helps a lot because you will feel like you are following a tutorial. I recommend you follow the instructions diligently; you will need the outcome of one chapter in the subsequent chapters. Don't be like me. I wanted to make things my way and had to redo some exercises because I needed that information later in the book.
If you consider yourself somehow good at Bash, you can skip Chapter 1 and maybe Chapter 2. I enjoyed Chapter 4 because it had some concepts that I consider key concepts about Linux OS. After Chapter 4, the book focuses more on the use of tools than on the use of Bash. But is worth it. I knew most of the tools presented in the book, but I was introduced to new techniques when using those tools.
If you are running arm64 you will have to have to build some tools for arm64. It's not a big deal but be aware some tools’ binaries are only available for amd64. You can use an emulator like UTM too, but running containers on an emulated OS is not optimal.
Rating: 4.0/5.0
– David Grajales, Senior Cybersecurity Researcher, Fortra
I agree with the 5-star review here. I’ve been looking forward to this book since it was first announced, and it definitely didn’t let me down.
Overall Rating: 4.4/5.0
We don’t have the next book selected, so if you have any recommendations, let us know on our official LinkedIn page.
