bash
GNU Bourne Again Shell. Executing bash with -i or -c allows spawning interactive shells or running commands, commonly used in reverse shells.
Binary Paths
/bin/bash/usr/bin/bash
Glob Patterns
| Pattern | Notes |
|---|---|
bas?
|
Wildcard replaces 'h' |
b*h
|
Star matches 'as' |
ba[s]h
|
Character class around 's' |
b?sh
|
Wildcard replaces 'a' |
b?s?
|
Two wildcards |
/bin/bas?
|
Full path wildcard on last char |
/???/bash
|
Obfuscate /bin/ prefix |
/b?n/b*h
|
Mixed wildcards across path and command |
b[a]sh
|
Bracket class on second char |
/???/b*
|
Highly obfuscated full path (may match other binaries) |
for p in /usr/{bin,local/bin}/bash; do "$p" && break; done
|
Brace expansion in for loop — tries /usr/bin/bash then /usr/local/bin/bash |
$(ls /bin/bas?)
|
ls resolves glob to /bin/bash; command substitution executes it |
$'\x62\x61\x73\x68'
|
ANSI-C hex escapes expand to 'bash' before execution |
shopt -s extglob; /bin/+(ba)sh
|
extglob +(ba) matches one or more occurrences of 'ba' — matches 'ba' in bash with full path |
Pattern Tester
$
Try typing bash or a full path like /bin/bash
YARA Rule
Auto-generated detection rule for bash