Hey.

You can use whatever OS you want.

But I've watched first hand as I complete offensive security / recon tasks 10x quicker than anybody using Wind0ze can ever dream of.

Not saying you can't do it, just saying I know what I've seen ;)

A good collection of ZSH functions, Dockerfiles, packer images and i3wm shortcuts are unstoppable.

Shit just works.

make
sudo make install

bundle install

pip install -r requirements.txt

OUT OF THE BOX.

Now I'm on my Mac right now - same exact point stands.

DNS enumerate http://spotify.com  and upload the IP's to a public pastebin.

subfinder -d " http://spotify.com " | zdns A | jq -r 'select(.data.answers[0].type == "A") | .data.answers[].answer' | nc http://termbin.com  9999

Pop open my terminal, I type "sub" and press the up arrow, then I modify the domain and pipe to termbin. DONE.

Take this link that contains a list of IP's and do a GeoIP lookup on each IP address, and give it back to me in a parsable format.

https://termbin.com/whka 

Watch, I'll do it right now.

for ip in $(curl -s https://termbin.com/whka ); do curl http://ipinfo.io/$ip  >> data.txt; done

Here we go. I just wrote this offhand.

https://termbin.com/uc9c 

Right, next task, once you've shared this list to your colleagues, get all the IP's that are in California.

curl -s https://termbin.com/uc9c  | jq 'select(.region == "California")'

Now we have a list of all IP's that reside in Cali, oh you want a list of JUST the IPs?

curl -s https://termbin.com/uc9c  | jq -r 'select(.region == "California") | .ip'

Oh - you want that converted into an excel sheet because apparently reading JSON is really hard on Windows?

No problem.

curl -s https://termbin.com/uc9c  | jq -r 'select(.region == "California") | [.ip, .region, .country] | @csv' > ips.csv

Ok, time for some more 'taxing' examples.

Take screenshots of every easily discoverable asset of http://spotify.com . Go.

subfinder -d " http://spotify.com " | zdns A | jq -r 'select(.data.answers[0].type == "A") | .data.answers[].name' | aquatone -ports 80,443,8080,8081,8000,8443,8001,9000 -scan-timeout 20000 -debug

This will, do some low-level DNS enum, check they resolve, and then parse the JSON to only run Aquatone on the hosts that resolve.

That was easy.

Ok. If my point isn't already made.

"Whats your SSH pubkey?"

Windows users: Stumble around in Putty for 10 minutes trying to find the pubkey, turns out the export is this freaky format nobody ever uses.

Linux users: cat ~/.ssh/id_rsa.pub | nc http://termbin.com  9999

Ok - you want to do some HTML parsing on the fly?

So I'm on my mac right now - pup is not installed.

Go to github, find go command, great.

go get http://github.com/ericchiang/pup 

Find the latest kernel version programmatically,

curl -s https://www.kernel.org/  | pup ' #latest_link json{}' | jq -r '.[].children[].text'

That was really fucking easy.

I'm running out of ideas for examples, but this has been done many times just chilling on calls.

Some tasks people would "quote out" and have an entire lifecycle of 3 weeks where I can do a lot of manipulation with text/data in 5 minutes with Bash and utils.