Hey.

You can use whatever OS you want.

But I& #39;ve watched first hand as I complete offensive security / recon tasks 10x quicker than anybody using Wind0ze can ever dream of.

Not saying you can& #39;t do it, just saying I know what I& #39;ve seen ;)
A good collection of ZSH functions, Dockerfiles, packer images and i3wm shortcuts are unstoppable.

Shit just works.

make
sudo make install

bundle install

pip install -r requirements.txt

OUT OF THE BOX.
Now I& #39;m on my Mac right now - same exact point stands.

DNS enumerate http://spotify.com"> http://spotify.com  and upload the IP& #39;s to a public pastebin.
subfinder -d " http://spotify.com"> http://spotify.com " | zdns A | jq -r & #39;select(.data.answers[0].type == "A") | .data.answers[].answer& #39; | nc http://termbin.com"> http://termbin.com  9999

Pop open my terminal, I type "sub" and press the up arrow, then I modify the domain and pipe to termbin. DONE.
Take this link that contains a list of IP& #39;s and do a GeoIP lookup on each IP address, and give it back to me in a parsable format.

https://termbin.com/whka 

Watch,">https://termbin.com/whka"... I& #39;ll do it right now.
for ip in $(curl -s https://termbin.com/whka );">https://termbin.com/whka"... do curl http://ipinfo.io/$ip ">https://ipinfo.io/$ip"... >> data.txt; done
Here we go. I just wrote this offhand.

https://termbin.com/uc9c ">https://termbin.com/uc9c"...
Right, next task, once you& #39;ve shared this list to your colleagues, get all the IP& #39;s that are in California.
curl -s https://termbin.com/uc9c ">https://termbin.com/uc9c"... | jq & #39;select(.region == "California")& #39;
Now we have a list of all IP& #39;s that reside in Cali, oh you want a list of JUST the IPs?

curl -s https://termbin.com/uc9c ">https://termbin.com/uc9c"... | jq -r & #39;select(.region == "California") | .ip& #39;
Oh - you want that converted into an excel sheet because apparently reading JSON is really hard on Windows?

No problem.

curl -s https://termbin.com/uc9c ">https://termbin.com/uc9c"... | jq -r & #39;select(.region == "California") | [.ip, .region, .country] | @csv& #39; > ips.csv
Ok, time for some more & #39;taxing& #39; examples.

Take screenshots of every easily discoverable asset of http://spotify.com"> http://spotify.com . Go.
subfinder -d " http://spotify.com"> http://spotify.com " | zdns A | jq -r & #39;select(.data.answers[0].type == "A") | .data.answers[].name& #39; | aquatone -ports 80,443,8080,8081,8000,8443,8001,9000 -scan-timeout 20000 -debug
This will, do some low-level DNS enum, check they resolve, and then parse the JSON to only run Aquatone on the hosts that resolve.

That was easy.
Ok. If my point isn& #39;t already made.

"Whats your SSH pubkey?"

Windows users: Stumble around in Putty for 10 minutes trying to find the pubkey, turns out the export is this freaky format nobody ever uses.

Linux users: cat ~/.ssh/id_rsa.pub | nc http://termbin.com"> http://termbin.com  9999
Ok - you want to do some HTML parsing on the fly?

So I& #39;m on my mac right now - pup is not installed.

Go to github, find go command, great.

go get http://github.com/ericchiang/pup ">https://github.com/ericchian...
Find the latest kernel version programmatically,

curl -s https://www.kernel.org/ ">https://www.kernel.org/">... | pup & #39; #latest_link json{}& #39; | jq -r & #39;.[].children[].text& #39;

That was really fucking easy.
I& #39;m running out of ideas for examples, but this has been done many times just chilling on calls.

Some tasks people would "quote out" and have an entire lifecycle of 3 weeks where I can do a lot of manipulation with text/data in 5 minutes with Bash and utils.
You can follow @pry0cc.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: