Linux Bash for Cybersecurity: Complete Course Notes

Welcome to this self-paced course on Linux Bash scripting tailored for cybersecurity professionals! Whether you're a beginner ethical hacker, penetration tester, or security analyst, Bash is your command-line superpower. It automates reconnaissance, parses logs, simulates attacks (ethically!), and fortifies defenses—all from the terminal.

Linux Bash for Cybersecurity

Linux Bash for Cybersecurity

Linux Bash for Cybersecurity: Complete Course Notes

Welcome to this self-paced course on Linux Bash scripting tailored for cybersecurity professionals!
Whether you're a beginner ethical hacker, penetration tester, or security analyst, Bash is your command-line superpower. It automates reconnaissance, parses logs, simulates attacks (ethically!), and fortifies defenses—all from the terminal.

Course Objectives:
- Master Linux navigation and essential commands for pentesting.
- Build scripts for automation in recon, scanning, and incident response.
- Apply Bash to real-world cyber scenarios like log analysis and vulnerability scanning.
- Ethical focus: All examples are for defensive/offensive security in controlled environments (e.g., Kali Linux VM).

Prerequisites: Basic computer knowledge; install Kali Linux (free VM via VirtualBox) or Ubuntu.
Duration: 4-6 weeks (2-3 hours/week).
Tools Needed: Terminal (Bash shell), text editor (nano/vim), Kali Linux.
Resources: Free Udemy previews , O'Reilly course , TryHackMe rooms [post:17], HackerSploit tutorials .

Practice Tip: Run all examples in a safe lab. Never test on unauthorized systems—get permission!

MODULE 1: LINUX FUNDAMENTALS & NAVIGATION

Goal: Get comfortable in the terminal. Essential for any cyber op.

Key Concepts

  • Shell Basics: Bash (Bourne Again SHell) is the default on Linux. Access via bash or sh.
  • File System: Hierarchical: / (root), /home (users), /etc (configs), /opt (tools) .
  • Permissions: rwx (read/write/execute) for owner/group/others. Use chmod for security hardening.
Command Description Cyber Use Case Example
pwd Print working directory Confirm current path during recon pwd/home/kali
ls -la List files (detailed, hidden) Scan directories for sensitive files ls -la /etc
cd /path Change directory Navigate to tool dirs (e.g., /opt/metasploit) cd /etc/passwd
mkdir dir Make directory Create temp folders for captures mkdir recon_logs
rm -rf dir Remove (force, recursive) Clean up after tests (careful!) rm -rf temp/

Hands-On Exercise

  1. Boot Kali Linux. Run whoami to check user.
  2. Create a dir: mkdir cyber_lab, cd cyber_lab, touch secret.txt.
  3. Secure it: chmod 600 secret.txt (owner only).

Pro Tip: For pentesting, always use sudo for root access: sudo -i.

MODULE 2: ESSENTIAL FILE & TEXT COMMANDS

Goal: Manipulate data—crucial for log parsing and evidence handling.

Key Concepts

  • Piping (|): Chain commands (e.g., ls | grep txt).
  • Redirection: > (overwrite), >> (append), < (input).
  • Text Tools: grep, awk, sed for pattern matching .
Command Description Cyber Use Case Example
cat file Display file content Read logs cat /var/log/auth.log
head -n 10 file First 10 lines Quick log preview head -10 /var/log/syslog
tail -f file Last lines + follow Real-time monitoring tail -f /var/log/apache2/access.log
grep "pattern" file Search for pattern Find IPs in logs grep "192.168" access.log
awk '{print $1}' file Extract columns Parse IP from log lines awk '{print $1}' auth.log
sed 's/old/new/g' file Replace text Anonymize logs sed 's/IP/XXX/g' report.txt
find /path -name "*.txt" Search files Hunt for configs find /etc -name "*pass*"
cp src dest Copy Backup evidence cp secret.txt evidence/
mv src dest Move/rename Organize captures mv report.txt /tmp/

Hands-On Exercise

  1. Create a log file: echo "Login from 192.168.1.1 failed" > fake.log.
  2. Parse: grep "failed" fake.log | awk '{print $4}' → Outputs IP.
  3. Monitor: In another terminal, tail -f fake.log while appending lines.

Cyber Application: Automate log grepping for brute-force attempts .

MODULE 3: NETWORKING & RECON COMMANDS

Goal: Scan and gather intel—core of ethical hacking .

Key Concepts

  • Networking Layers: Focus on TCP/IP for pentesting.
  • Tools Integration: Combine with nmap (pre-installed in Kali).
Command Description Cyber Use Case Example
ifconfig or ip a Show interfaces/IPs Check your setup ip a → Lists eth0 IP
ping -c 4 host Ping (4 packets) Host discovery ping -c 4 192.168.1.1
netstat -tuln Network connections Spot open ports netstat -tuln
nmap -sV -p- host Scan ports/versions Recon/vuln scan nmap -sV 192.168.1.0/24
curl -I url HTTP head Banner grab curl -I http://example.com
wget -q -O- url Download quietly Fetch web content wget example.com
nc -zv host port Netcat scan Port check nc -zv 192.168.1.1 80
arp -a ARP table Local network mapping arp -a

Hands-On Exercise

  1. Ping sweep: for i in {1..254}; do ping -c1 192.168.1.$i; done.
  2. Quick nmap: nmap -sn 192.168.1.0/24 (host discovery).
  3. Banner: nc -v mail.example.com 25 (SMTP recon).

Pro Tip: For ethical hacking, use -T4 in nmap for speed .

MODULE 4: INTRODUCTION TO BASH SCRIPTING

Goal: Write your first scripts. Syntax: #!/bin/bash shebang .

Key Concepts

  • Variables: var="value"; echo $var.
  • Comments: # This is a comment.
  • Execution: chmod +x script.sh; ./script.sh.

Example 1: Hello World Script

#!/bin/bash
# Simple recon script
echo "Starting Cyber Recon..."
TARGET="192.168.1.1"
echo "Target: $TARGET"
ping -c 1 $TARGET
if [ $? -eq 0 ]; then
    echo "Host alive!"
else
    echo "Host down."
fi

Run: Save as recon.sh, chmod +x recon.sh, ./recon.sh.

Example 2: User Input

#!/bin/bash
echo "Enter IP range (e.g., 192.168.1.): "
read BASE
for i in {1..10}; do
    ping -c1 $BASE$i | grep "64 bytes"
done

Use: Automates ping sweeps .

Hands-On: Modify to scan ports with nc.

MODULE 5: CONTROL STRUCTURES & LOOPS

Goal: Automate repetitive tasks like scanning .

Key Concepts

  • If/Else: [ condition ] (e.g., -f file exists).
  • Loops: for, while.
  • Case: Multi-condition branching.

Example 3: Port Scanner Script

#!/bin/bash
TARGET=$1
PORTS="22 80 443 8080"
for PORT in $PORTS; do
    if nc -z $TARGET $PORT 2>/dev/null; then
        echo "Port $PORT open on $TARGET"
    fi
done

Run: ./portscan.sh 192.168.1.1.

Example 4: Log Parser with While

#!/bin/bash
LOGFILE="/var/log/auth.log"
while IFS= read -r LINE; do
    if [[ $LINE == *"Failed password"* ]]; then
        echo "Brute force attempt: $LINE"
    fi
done < "$LOGFILE"

Use: Detect attacks in real-time .

Hands-On: Add grep to filter by IP.

MODULE 6: FUNCTIONS & ADVANCED SCRIPTING

Goal: Modular code for complex tools.

Key Concepts

  • Functions: function_name() { ... }.
  • Arrays: ARR=(item1 item2); echo ${ARR[0]}.
  • Error Handling: set -e (exit on error).

Example 5: Recon Function

#!/bin/bash
recon() {
    local IP=$1
    echo "=== Recon on $IP ==="
    nmap -sV $IP | grep "open"
    dig +short $IP  # DNS lookup
}
recon 8.8.8.8

Use: Build a toolkit script .

Example 6: Credential Checker (Ethical!)

#!/bin/bash
USERS=("root" "admin" "user")
for USER in "${USERS[@]}"; do
    if hydra -l $USER -p password 192.168.1.1 ssh 2>/dev/null; then  # Simulated
        echo "Weak cred: $USER"
    fi
done

Warning: Use Hydra only in labs; replace with safe checks.

Hands-On: Create a function to encrypt outputs with openssl.

MODULE 7: CYBERSECURITY APPLICATIONS

Goal: Apply to pentesting phases .

Recon: Ping Sweeper

#!/bin/bash
NETWORK="192.168.1."
for i in {1..254}; do
    ping -c1 -W1 $NETWORK$i &> /dev/null && echo "$NETWORK$i alive"
done

Output: Live hosts for nmap.

Scanning: Web Enum

#!/bin/bash
URL=$1
curl -s $URL | grep -i "powered by"  # Banner
gobuster dir -u $URL -w /usr/share/wordlists/dirb/common.txt  # Simulated

Use: Dir busting ethically.

Incident Response: Log Monitor

#!/bin/bash
tail -f /var/log/syslog | grep --line-buffered "error\|fail" | while read LINE; do
    echo "$(date): Alert - $LINE" | mail -s "Security Alert" admin@example.com
done

Pro Tip: Integrate with ELK stack for SIEM .

Offensive: Obfuscated Script (Educational)

#!/bin/bash
# Simple encoder (base64)
echo "SGVsbG8gV29ybGQ=" | base64 -d  # Decodes to "Hello World"
# Use for payload hiding in red teaming

Ethical Note: For ransomware sims, see —build in VM only.

Hands-On Project: Script a full recon chain: ping → nmap → curl.

MODULE 8: DEBUGGING, BEST PRACTICES & PROJECTS

Goal: Production-ready scripts.

Debugging

  • set -x (trace execution).
  • echo for logs.
  • Test with bash -n script.sh (syntax check).

Best Practices

  • Quote variables: "$VAR".
  • Use #!/bin/bash -e for errors.
  • Modular: Functions over spaghetti code.
  • Security: Avoid eval; validate inputs .

Capstone Project: Automated Pentest Reporter

Build a script that:
1. Takes IP input.
2. Pings, scans ports, greps banners.
3. Outputs to HTML report. 

#!/bin/bash
IP=$1
REPORT="report_$IP.html"
echo "<html><body><h1>Recon Report</h1>" > $REPORT
ping -c1 $IP >> $REPORT 2>&1
nmap -sV $IP | grep open >> $REPORT
echo "</body></html>" >> $REPORT
echo "Report: $REPORT"

Extend: Add email via mail.

Advanced Project: Malware analyzer—parse PCAPs with tcpdump | grep suspicious.

ASSESSMENT & NEXT STEPS

  • Quiz: Write a script to find SUID binaries (find / -perm -4000 2>/dev/null).
  • Certification Path: CompTIA Security+, then OSCP. Free: TryHackMe Bash room [post:17].
  • Further Reading: "Cybersecurity Ops with bash" book ; Udemy "Hacking Essentials" .
  • Community: Join Reddit r/netsec ; X discussions [post:21].

Congratulations! You've leveled up your Bash skills for cyber defense. Practice daily—script one task/week. Questions? Dive deeper into modules.

Legal Reminder: This is for ethical use only. Always follow laws and ROE. Stay safe! 🔒

Last updated: Nov 10, 2025

Linux Bash for Cybersecurity: Complete Course Notes

Welcome to this self-paced course on Linux Bash scripting tailored for cybersecurity professionals! Whether you're a beginner ethical hacker, penetration tester, or security analyst, Bash is your command-line superpower. It automates reconnaissance, parses logs, simulates attacks (ethically!), and fortifies defenses—all from the terminal.

Linux Bash for Cybersecurity

Linux Bash for Cybersecurity

Linux Bash for Cybersecurity: Complete Course Notes

Welcome to this self-paced course on Linux Bash scripting tailored for cybersecurity professionals!
Whether you're a beginner ethical hacker, penetration tester, or security analyst, Bash is your command-line superpower. It automates reconnaissance, parses logs, simulates attacks (ethically!), and fortifies defenses—all from the terminal.

Course Objectives:
- Master Linux navigation and essential commands for pentesting.
- Build scripts for automation in recon, scanning, and incident response.
- Apply Bash to real-world cyber scenarios like log analysis and vulnerability scanning.
- Ethical focus: All examples are for defensive/offensive security in controlled environments (e.g., Kali Linux VM).

Prerequisites: Basic computer knowledge; install Kali Linux (free VM via VirtualBox) or Ubuntu.
Duration: 4-6 weeks (2-3 hours/week).
Tools Needed: Terminal (Bash shell), text editor (nano/vim), Kali Linux.
Resources: Free Udemy previews , O'Reilly course , TryHackMe rooms [post:17], HackerSploit tutorials .

Practice Tip: Run all examples in a safe lab. Never test on unauthorized systems—get permission!

MODULE 1: LINUX FUNDAMENTALS & NAVIGATION

Goal: Get comfortable in the terminal. Essential for any cyber op.

Key Concepts

  • Shell Basics: Bash (Bourne Again SHell) is the default on Linux. Access via bash or sh.
  • File System: Hierarchical: / (root), /home (users), /etc (configs), /opt (tools) .
  • Permissions: rwx (read/write/execute) for owner/group/others. Use chmod for security hardening.
Command Description Cyber Use Case Example
pwd Print working directory Confirm current path during recon pwd/home/kali
ls -la List files (detailed, hidden) Scan directories for sensitive files ls -la /etc
cd /path Change directory Navigate to tool dirs (e.g., /opt/metasploit) cd /etc/passwd
mkdir dir Make directory Create temp folders for captures mkdir recon_logs
rm -rf dir Remove (force, recursive) Clean up after tests (careful!) rm -rf temp/

Hands-On Exercise

  1. Boot Kali Linux. Run whoami to check user.
  2. Create a dir: mkdir cyber_lab, cd cyber_lab, touch secret.txt.
  3. Secure it: chmod 600 secret.txt (owner only).

Pro Tip: For pentesting, always use sudo for root access: sudo -i.

MODULE 2: ESSENTIAL FILE & TEXT COMMANDS

Goal: Manipulate data—crucial for log parsing and evidence handling.

Key Concepts

  • Piping (|): Chain commands (e.g., ls | grep txt).
  • Redirection: > (overwrite), >> (append), < (input).
  • Text Tools: grep, awk, sed for pattern matching .
Command Description Cyber Use Case Example
cat file Display file content Read logs cat /var/log/auth.log
head -n 10 file First 10 lines Quick log preview head -10 /var/log/syslog
tail -f file Last lines + follow Real-time monitoring tail -f /var/log/apache2/access.log
grep "pattern" file Search for pattern Find IPs in logs grep "192.168" access.log
awk '{print $1}' file Extract columns Parse IP from log lines awk '{print $1}' auth.log
sed 's/old/new/g' file Replace text Anonymize logs sed 's/IP/XXX/g' report.txt
find /path -name "*.txt" Search files Hunt for configs find /etc -name "*pass*"
cp src dest Copy Backup evidence cp secret.txt evidence/
mv src dest Move/rename Organize captures mv report.txt /tmp/

Hands-On Exercise

  1. Create a log file: echo "Login from 192.168.1.1 failed" > fake.log.
  2. Parse: grep "failed" fake.log | awk '{print $4}' → Outputs IP.
  3. Monitor: In another terminal, tail -f fake.log while appending lines.

Cyber Application: Automate log grepping for brute-force attempts .

MODULE 3: NETWORKING & RECON COMMANDS

Goal: Scan and gather intel—core of ethical hacking .

Key Concepts

  • Networking Layers: Focus on TCP/IP for pentesting.
  • Tools Integration: Combine with nmap (pre-installed in Kali).
Command Description Cyber Use Case Example
ifconfig or ip a Show interfaces/IPs Check your setup ip a → Lists eth0 IP
ping -c 4 host Ping (4 packets) Host discovery ping -c 4 192.168.1.1
netstat -tuln Network connections Spot open ports netstat -tuln
nmap -sV -p- host Scan ports/versions Recon/vuln scan nmap -sV 192.168.1.0/24
curl -I url HTTP head Banner grab curl -I http://example.com
wget -q -O- url Download quietly Fetch web content wget example.com
nc -zv host port Netcat scan Port check nc -zv 192.168.1.1 80
arp -a ARP table Local network mapping arp -a

Hands-On Exercise

  1. Ping sweep: for i in {1..254}; do ping -c1 192.168.1.$i; done.
  2. Quick nmap: nmap -sn 192.168.1.0/24 (host discovery).
  3. Banner: nc -v mail.example.com 25 (SMTP recon).

Pro Tip: For ethical hacking, use -T4 in nmap for speed .

MODULE 4: INTRODUCTION TO BASH SCRIPTING

Goal: Write your first scripts. Syntax: #!/bin/bash shebang .

Key Concepts

  • Variables: var="value"; echo $var.
  • Comments: # This is a comment.
  • Execution: chmod +x script.sh; ./script.sh.

Example 1: Hello World Script

#!/bin/bash
# Simple recon script
echo "Starting Cyber Recon..."
TARGET="192.168.1.1"
echo "Target: $TARGET"
ping -c 1 $TARGET
if [ $? -eq 0 ]; then
    echo "Host alive!"
else
    echo "Host down."
fi

Run: Save as recon.sh, chmod +x recon.sh, ./recon.sh.

Example 2: User Input

#!/bin/bash
echo "Enter IP range (e.g., 192.168.1.): "
read BASE
for i in {1..10}; do
    ping -c1 $BASE$i | grep "64 bytes"
done

Use: Automates ping sweeps .

Hands-On: Modify to scan ports with nc.

MODULE 5: CONTROL STRUCTURES & LOOPS

Goal: Automate repetitive tasks like scanning .

Key Concepts

  • If/Else: [ condition ] (e.g., -f file exists).
  • Loops: for, while.
  • Case: Multi-condition branching.

Example 3: Port Scanner Script

#!/bin/bash
TARGET=$1
PORTS="22 80 443 8080"
for PORT in $PORTS; do
    if nc -z $TARGET $PORT 2>/dev/null; then
        echo "Port $PORT open on $TARGET"
    fi
done

Run: ./portscan.sh 192.168.1.1.

Example 4: Log Parser with While

#!/bin/bash
LOGFILE="/var/log/auth.log"
while IFS= read -r LINE; do
    if [[ $LINE == *"Failed password"* ]]; then
        echo "Brute force attempt: $LINE"
    fi
done < "$LOGFILE"

Use: Detect attacks in real-time .

Hands-On: Add grep to filter by IP.

MODULE 6: FUNCTIONS & ADVANCED SCRIPTING

Goal: Modular code for complex tools.

Key Concepts

  • Functions: function_name() { ... }.
  • Arrays: ARR=(item1 item2); echo ${ARR[0]}.
  • Error Handling: set -e (exit on error).

Example 5: Recon Function

#!/bin/bash
recon() {
    local IP=$1
    echo "=== Recon on $IP ==="
    nmap -sV $IP | grep "open"
    dig +short $IP  # DNS lookup
}
recon 8.8.8.8

Use: Build a toolkit script .

Example 6: Credential Checker (Ethical!)

#!/bin/bash
USERS=("root" "admin" "user")
for USER in "${USERS[@]}"; do
    if hydra -l $USER -p password 192.168.1.1 ssh 2>/dev/null; then  # Simulated
        echo "Weak cred: $USER"
    fi
done

Warning: Use Hydra only in labs; replace with safe checks.

Hands-On: Create a function to encrypt outputs with openssl.

MODULE 7: CYBERSECURITY APPLICATIONS

Goal: Apply to pentesting phases .

Recon: Ping Sweeper

#!/bin/bash
NETWORK="192.168.1."
for i in {1..254}; do
    ping -c1 -W1 $NETWORK$i &> /dev/null && echo "$NETWORK$i alive"
done

Output: Live hosts for nmap.

Scanning: Web Enum

#!/bin/bash
URL=$1
curl -s $URL | grep -i "powered by"  # Banner
gobuster dir -u $URL -w /usr/share/wordlists/dirb/common.txt  # Simulated

Use: Dir busting ethically.

Incident Response: Log Monitor

#!/bin/bash
tail -f /var/log/syslog | grep --line-buffered "error\|fail" | while read LINE; do
    echo "$(date): Alert - $LINE" | mail -s "Security Alert" admin@example.com
done

Pro Tip: Integrate with ELK stack for SIEM .

Offensive: Obfuscated Script (Educational)

#!/bin/bash
# Simple encoder (base64)
echo "SGVsbG8gV29ybGQ=" | base64 -d  # Decodes to "Hello World"
# Use for payload hiding in red teaming

Ethical Note: For ransomware sims, see —build in VM only.

Hands-On Project: Script a full recon chain: ping → nmap → curl.

MODULE 8: DEBUGGING, BEST PRACTICES & PROJECTS

Goal: Production-ready scripts.

Debugging

  • set -x (trace execution).
  • echo for logs.
  • Test with bash -n script.sh (syntax check).

Best Practices

  • Quote variables: "$VAR".
  • Use #!/bin/bash -e for errors.
  • Modular: Functions over spaghetti code.
  • Security: Avoid eval; validate inputs .

Capstone Project: Automated Pentest Reporter

Build a script that:
1. Takes IP input.
2. Pings, scans ports, greps banners.
3. Outputs to HTML report. 

#!/bin/bash
IP=$1
REPORT="report_$IP.html"
echo "<html><body><h1>Recon Report</h1>" > $REPORT
ping -c1 $IP >> $REPORT 2>&1
nmap -sV $IP | grep open >> $REPORT
echo "</body></html>" >> $REPORT
echo "Report: $REPORT"

Extend: Add email via mail.

Advanced Project: Malware analyzer—parse PCAPs with tcpdump | grep suspicious.

ASSESSMENT & NEXT STEPS

  • Quiz: Write a script to find SUID binaries (find / -perm -4000 2>/dev/null).
  • Certification Path: CompTIA Security+, then OSCP. Free: TryHackMe Bash room [post:17].
  • Further Reading: "Cybersecurity Ops with bash" book ; Udemy "Hacking Essentials" .
  • Community: Join Reddit r/netsec ; X discussions [post:21].

Congratulations! You've leveled up your Bash skills for cyber defense. Practice daily—script one task/week. Questions? Dive deeper into modules.

Legal Reminder: This is for ethical use only. Always follow laws and ROE. Stay safe! 🔒

Last updated: Nov 10, 2025