Bash is the common-line language of Unix-based operating systems, including Mac OS and Linux. As a Cybersecurity professional, you often work in Linux environments, and you must understand the common bash commands to navigate the operating system properly. Several tools, such as Nmap or Metasploit, are command-line applications, meaning that they don't have a graphical user interface (GUI). Therefore, you must understand the basics of bash to do your job as a security professional effectively. Additionally, bash can create scripts that can automate parts of your job as a Security Administrator. Here are the main reasons why an Ethical Hacker would want to learn bash scripting:
1) Navigating the Linux File System and Interacting with Files
It is common for a security professional to work on a Linux server where you don't have a user interface; you only have a terminal window that connects to SSH. In these situations, you must be comfortable navigating the Linux environment. This means changing directories, copying and pasting files, downloading files, and building command-line tools using only the local terminal commands. This way, you are not limited to working on machines with a user interface, which will make you more valuable. Also, in instances where you have a GUI, it is usually much faster to do things in the command line. This is important for Ethical Hackers, where you do a large amount of your work in Kali Linux or Parrot OS, the most popular Linux distributions for penetration testing.
In addition to navigation, you also want to be comfortable interacting with individual files. A common use case for a security professional needs to search log files for IP addresses or error codes. To do this, it's useful to know how to use common bash commands like grep, which uses regular expressions to search for patterns in computer files. A more common situation is wanting to create, read or write to files. This can be accomplished using bash or the Linux default text editor, nano.
2) Working with Command-Line Tools
As mentioned in the previous paragraph, building command-line tools using only a Linux terminal is a common requirement as an Ethical Hacker. While using bash, you can download files and build tools using only the command line. This is important to automate security tasks. Also, many tools only work in the command-line, such as Nmap, Metasploit, and sqlmap to name a few. You should be comfortable using software like this in a Linux environment.
3) Creating Scripts for Automation
The third reason for learning bash scripting is to create computer scripts for automation. In Security Administration and Ethical Hacking, you must perform the same command across tens or hundreds of different IP addresses; this makes it useful to create a computer script rather than manually type that command repeatedly. A common example of this is creating a ping sweeper. Performing a ping during a penetration test is used to see if a specific IP address is reachable. During a penetration test, you can have hundreds of machines you want to ping, so rather than doing each one individually, you can create a ping sweeper that will check an entire IP address range and save the results to a text file. This is an example of what you can do with bash scripting. Some people may argue that you can do the same thing with Python. Python is 100% a viable option for automation in security; however, Python is typically not installed on every machine in a corporate environment. If you only know how to code in Python, you must wait for approval to install the version you need, or you may be prohibited from installing it all together. However, bash is pre-installed on every Linux machine, which means you will always be able to access it.
Bash scripting is an extremely useful skill for a security professional. In Cybersecurity, you are certain to work in a Linux environment. In those situations, you want to be comfortable using the bash scripting language for navigation, working with tools, and automating repetitive tasks. Since bash comes pre-installed, you can find it on any Linux machine you work on, making it a more reliable alternative to Python.