cybersecurityops / cyber-ops-with-bash Goto Github PK

Under which terms is the software released? I recommend adding a LICENSE file, although I won't recommend a specific license (up to the two authors). :)

Dear authors:
Greeting. Sorry to ask question in this way. My name is Benny Lin, and I am now translating this book (Cybersecurity Ops with bash), hence I am verifying all sample codes & add comments when I thought it's necessary.

For example 10-3, I copied codes from GitHub then paste to my Git bash environment to test it. What I found is, no matter I provided starting directory or not (with option -d, such as ./baseline.sh -d / before.txt), the result is always error messages from function usageErr.

I tried to add a line below, right before shift command:

echo "Check all options inside parseArgs before shifted: $OPTARG, $OPTIND"

But when I ran './baseline.sh -d / before.txt' again, the output became:

Check all options inside parseArgs before shifted: ,1

It seems that $OPTARG wan empty, and $OPTIND was 1. I wonder: aren't $OPTARG and $OPTIND global variables? Shouldn't they be valid while inside a function being called?

So I added another line before calling parseArgs function:

echo "Before parseArgs runs: $#,$0,$1,$2,$3"

Then I ran './baseline.sh -d / before.txt' again, I could see output like this:

Before parseArgs runs: 3,./baseline.sh,-d,/,before.txt,,1

So before parseArgs was called by script, the script itself did recognize my 3 options (-d, /, and before.txt).

Then I suddenly realized, regarding $# inside a function, does it represent function's number of options? Or it actually represents script's number of options? Because if it IS function's number of options, then it would always be '0', so parseArgs would always call usageErr, so I always got the error message.

Please provide your comments. I really love to discuss with authors while I translated.

The API used in ch22/checkemail.sh (line 22) is V2 - which is discontinued and is now replaced with V3.
https://haveibeenpwned.com/api/v2/breachedaccount/

In the tail of this section, it told us that we can invoke script, then type (or paste) the input to get result info.

However, the input is actually the whole line to paste (so script can parse accordingly); meanwhile we need to use the concept ot heredoc to make it work, such as:

getlocal.sh << EOF

Then paste the whole line from cmds.txt, press enter and type EOF to end execution.

In this way I could have correct XML format .info file. Any idea? Should I add comment about this?

Hi

In the comment of 'Usage' in this script, it only mentioned [-z] to show an option to tar all .evtx files; but it did not mention that users can add target folder name as the 2nd argument (except item 3).

Shall we change the 'Usage' as this:

winlogs.sh [-z] [target folder name]