what are seer scripts?
The Seer Suite is a collection of Bash scripts I wrote to see through the surface of any Unix system—files, processes, packages or the network, like magic! If you’ve ever wanted ls
, lsof
, ps
, and a pile of forensics tools to just play nice together, this suite is for you. They’re as fast, portable, and 100% terminal-friendly as possible.
Born from an old work forensics script (“maxinfo”) and endlessly polished on sleepless nights. If you like transparency, you’ll love these.
features
- Inspect any file—see type, stat, hashes, attributes, metadata, and more
- Analyze processes by pattern, PID, tree, or open ports
- Cross-distro package lookup and info (supports major Linux/BSD package managers)
- LAN and network inspection (interfaces, routes, live hosts, port checks)
- Shared Bash helper library for DRY code
- Human-friendly output, color where supported
- Built to be safe, readable, and easy to hack
why did i write this?
I do a lot of digital forensics work and deep dives and I needed to automate some of the commands I always found myself running manually. The concept behind these was to have a way to zoom in and see all the info for various parts of the system. Basically, automate the boring stuff! I tested extensively and made an effort to be cross-platform friendly and useful in the real world.
usage
Clone/download all scripts (and dotlib.sh
!), then make them executable:
git clone https://github.com/forfaxx/seer-suite.git
cd seer-suite
chmod +x *.sh
# (Make sure dotlib.sh is present, or set $DOTFILES for your dotfiles path)
Sample output
./file-seer.sh inspect ~/Downloads/unknown_file
──────────────────────────────
🧾 File: secret.img
──────────────────────────────
Type: regular file
Size: 1.4 MB
MIME: application/octet-stream
SHA256: f0e1d2c3b4a59687e5f4...
Permissions: rw-r--r--
Owner: grumble:users
Created: 2024-11-20 03:17:44
Modified: 2024-12-01 21:55:10
Attributes: (none)
🔍 Stat Summary:
Device: 803h/2051d Inode: 1284421 Links: 1
Blocks: 2800 IO Block: 4096 regular file
🔑 Extended Attributes:
- (none)
📚 Metadata:
- (no embedded metadata)
───────────────
Hexdump Preview (first 32 bytes)
───────────────
00000000 1f 8b 08 00 00 00 00 00 02 03 7c 0c 00 00 00 00 |..........|.....|
...
Cool bits
There are a few conventions that I really like in these scripts:
- Subcommand pattern
Every script has a subcommand pattern just like git or docker—easy to remember, easy to extend.
case "$CMD" in
search) search_process "$@";;
info) process_info "$2";;
tree) process_tree;;
ports) process_ports;;
help|*) usage;;
esac
- Cross-Platform and defensive patterns
Scripts start with set -euo pipefail
to avoid hidden failures. All commands are wrapped to gracefully handle missing components. In cases like the use of ANSI color, I provide an option and handling to avoid polluting output where it isn’t desirable. The suite features these and more, friendly and robust conventions.
Happy seeing!