Issue
I am trying to understand what the forward slash between the two variables here does?
"${lsof_line/$c2}"
Below is context. (c2_iocs is a text file)
lsof_output=$(lsof -i)
for lsof_line in ${lsof_output}; do
for c2 in "${c2_iocs[@]}"; do
# echo "$lsof_line - $c2"
if [ "${lsof_line/$c2}" != "$lsof_line" ]; then
log warning "[!] C2 server found in lsof output SERVER: $c2 LSOF_LINE: $lsof_line"
fi
done
done
Solution
It's a string replacement operation. When no replacement text is provided, the /
following the pattern is optional. ${lsof_line/$c2}
is equivalent to ${lsof_line/$c2/}
, and both delete the string contained in $c2
from $lsof_line
.
Answered By - chepner Answer Checked By - Willingham (WPSolving Volunteer)