Bash Tool

The Bash tool executes shell commands for system interaction, tool invocation, and security testing.

📸 SCREENSHOT: bash-execution.png

Bash tool command execution

Overview

The Bash tool enables:

Running security tools (nmap, nuclei, sqlmap)
System administration commands
Git operations
Package management
Custom scripts

Basic Usage

Simple Commands

> Run nmap scan on 192.168.1.1

Executes:

nmap -sV 192.168.1.1

With Arguments

> Check open ports on target with service detection

Executes:

nmap -sV -sC -p- 192.168.1.1

Piped Commands

> Find all .env files and search for API keys

Executes:

find . -name "*.env*" -exec grep -l "API" {} \;

Security Tools

Network Scanning

> Scan the network 10.0.0.0/24 for live hosts

nmap -sn 10.0.0.0/24

Vulnerability Scanning

> Run nuclei templates against https://target.com

nuclei -u https://target.com -t cves/

Web Testing

> Fuzz directories on target website

ffuf -u https://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt

Password Attacks

> Test for default credentials on SSH

hydra -L users.txt -P passwords.txt ssh://192.168.1.1

Command Timeout

Default Timeout

Commands timeout after 120 seconds by default.

Long-Running Commands

For extended operations:

> Run comprehensive port scan (may take a while)

The agent will use appropriate timeout:

timeout 600 nmap -p- -sV 192.168.1.1

Background Execution

> Start the scan in background

nmap -p- 192.168.1.1 > scan_results.txt &

Working Directory

Current Directory

Commands run in the current working directory:

> List files in current directory

ls -la

Change Directory

> Navigate to the web directory and list contents

cd /var/www/html && ls -la

Environment Variables

Using Variables

> Use the target IP from environment

nmap -sV $TARGET_IP

Setting Variables

> Set target and scan

export TARGET="192.168.1.1" && nmap $TARGET

Output Handling

Capturing Output

> Save scan results to file

nmap -sV 192.168.1.1 -oN scan_results.txt

JSON Output

> Get scan results in JSON format

nmap -sV 192.168.1.1 -oX - | xq .

Parsing Results

> Extract open ports from nmap output

grep "^[0-9]" scan_results.txt | cut -d'/' -f1

Permission Control

Dangerous Commands

Destructive commands require explicit permission:

Command Type	Example	Requires Permission
Read-only	`ls`, `cat`, `nmap`	No
File modification	`rm`, `mv`	Yes
System changes	`apt install`	Yes
Network attacks	`msfconsole`	Yes

Auto-approve Commands

{
  "permissions": {
    "allow": [
      "Bash(nmap *)",
      "Bash(nuclei *)",
      "Bash(ffuf *)"
    ]
  }
}

Block Dangerous Commands

{
  "permissions": {
    "deny": [
      "Bash(rm -rf *)",
      "Bash(dd *)",
      "Bash(:(){ :|:& };:)"
    ]
  }
}

Security Testing Workflows

Reconnaissance

> Perform initial reconnaissance on target.com

1. DNS enumeration
2. Subdomain discovery
3. Port scanning
4. Service identification

Executes multiple commands:

dig target.com ANY
subfinder -d target.com
nmap -sV -sC target.com

Exploitation

> Attempt SQL injection with sqlmap

sqlmap -u "https://target.com/page?id=1" --batch --dbs

Post-Exploitation

> Enumerate the compromised system

uname -a
id
cat /etc/passwd
ls -la /home/

Tool Integration

Metasploit

> Search for exploits for Apache 2.4.49

msfconsole -q -x "search apache 2.4.49; exit"

Burp Suite

> Start Burp Suite in headless mode

java -jar burpsuite.jar --headless

Custom Scripts

> Run the custom enumeration script

./scripts/enum.sh $TARGET

Error Handling

Command Errors

Failed commands show error output:

Command failed:
$ nmap -sV nonexistent.host
Host seems down. If it is really up, but blocking our ping probes, try -Pn

Retry Logic

> Retry the scan with -Pn flag

nmap -sV -Pn 192.168.1.1

Best Practices

Verify targets - Double-check IPs and domains
Use timeouts - Set appropriate timeouts for long scans
Save output - Always save important results
Check permissions - Ensure authorized access
Clean up - Remove temporary files after testing

Danger

Never run commands against targets without authorization. Unauthorized access is illegal.

Troubleshooting

Command Not Found

Error: command not found: nuclei

Install the tool or check PATH:

which nuclei
export PATH=$PATH:/opt/tools

Permission Denied

Error: permission denied

May need sudo:

sudo nmap -sS 192.168.1.1

Timeout

Error: command timed out

Use explicit timeout or background execution.

File Operations - File handling
Permissions - Command permissions
MCP Kali - Additional security tools

Bash Tool

Overview

Basic Usage

Simple Commands

With Arguments

Piped Commands

Security Tools

Network Scanning

Vulnerability Scanning

Web Testing

Password Attacks

Command Timeout

Default Timeout

Long-Running Commands

Background Execution

Working Directory

Current Directory

Change Directory

Environment Variables

Using Variables

Setting Variables

Output Handling

Capturing Output

JSON Output

Parsing Results

Permission Control

Dangerous Commands

Auto-approve Commands

Block Dangerous Commands

Security Testing Workflows

Reconnaissance

Exploitation

Post-Exploitation

Tool Integration

Metasploit

Burp Suite

Custom Scripts

Error Handling

Command Errors

Retry Logic

Best Practices

Troubleshooting

Command Not Found

Permission Denied

Timeout

Related Documentation