Go to file
Kay Marquardt (Gnadelwartz) c581932d07 update function reference
2019-04-15 19:13:39 +02:00
.github/ISSUE_TEMPLATE Update issue templates 2019-04-12 14:31:52 +02:00
doc update function reference 2019-04-15 19:13:39 +02:00
JSON.sh@022ec337c3 Now the messages id can be accessed in MESSAGE[ID], all updates fetched with getUpdates are processed simultaneously and newlines and certain unicode codepoints are parsed correctly in messages (closes #21) 2016-10-24 22:13:52 +00:00
.gitignore fix sync with JSON 2019-03-30 15:11:33 +01:00
.gitmodules Added a license for the unfortunate souls whose governments don't allow public domain. 2016-04-19 05:49:35 -04:00
bashbot.cron dev3-rc1 candidate 2019-04-15 14:17:18 +02:00
bashbot.rc dev3-rc1 candidate 2019-04-15 14:17:18 +02:00
bashbot.sh fix showing text 2x times when upload file 2019-04-15 16:51:26 +02:00
calc update calc example with new keyboard style 2019-04-15 16:44:26 +02:00
commands.sh dev3-rc1 candidate 2019-04-15 14:17:18 +02:00
LICENSE Added a license for the unfortunate souls whose governments don't allow public domain. 2016-04-19 05:49:35 -04:00
notify dev3-rc1 candidate 2019-04-15 14:17:18 +02:00
question dev3-rc1 candidate 2019-04-15 14:17:18 +02:00
README.md some minor doc update 2019-04-15 17:44:04 +02:00
README.txt dev3-rc1 candidate 2019-04-15 14:17:18 +02:00
version dev3-rc1 candidate 2019-04-15 14:17:18 +02:00

bashbot

A Telegram bot written in bash.

Depends on tmux. Uses JSON.sh.

For full UTF-8 support you need python on your system (optional).

Written by Drew (@topkecleon), Daniil Gentili (@danogentili), and Kay M (@gnadelwartz).

Contributions by JuanPotato, BigNerd95, TiagoDanin, and iicc1.

Download latest release from github

Released to the public domain wherever applicable. Elsewhere, consider it released under the WTFPLv2.

Install bashbot

  1. Go to the directory you want to install bashbot, e.g.
  • your $HOME directory (install and run with your user-ID)
  • /usr/local if you want to run as service
  1. Clone the repository:
git clone --recursive https://github.com/topkecleon/telegram-bot-bash
  1. Change to directory telegram-bot.bash, run ./bashbot.sh init and follow the instructions. At this stage you are asked for your Bots token given by botfather.

Update bashbot

Download latest update zip from github and copy all files to bashbot dir. run sudo ./bashbot.sh init.

Getting started

Note on Keyboards

To make use of Keyboards easyer we changed the format of send_keyboard and send_message "mykeyboardstartshere ...". Now you must provide the keyboards in Telegram JSON Array style "[ "yes" , "no" ]". The advantage is that you can create every type of keyboard without relying on bashbot send_keyboard functionality. This is incompatible with keyboards in bashbot versions older than 0.6!

Example Keyboards:

  • Yes No in one row: "[ "yes" , "no" ]"
  • Yes No ind two rows: "[ "yes" ] , [ "no" ]"
  • numpad keyboard: "[ "1" , "2" , "3" ] , [ "4" , "5" , "6" ] , [ "7" , "8" , "9" ] , [ "0" ]"

Security Considerations

Running a Telegram Bot means you are conneted to the public, you never know whats send to your Bot.

Bash scripts in general are not designed to be bullet proof, so consider this Bot as a proof of concept. More concret examples of security problems is bash's 'quoting hell' and globbing. Implications of wrong quoting

Whenever you are processing input from outside your bot you should disable globbing (set -f) and carefully quote everthing.

To improve you scripts we recommend to lint them with shellcheck. This can be done online or you can install shellcheck locally. bashbot itself is also linted by shellcheck.

Run your Bot as a restricted user

Every file your bot can write is in danger to be overwritten/deleted, In case of bad handling of user input every file your Bot can read is in danger of being disclosed.

Never run your Bot as root, this is the most dangerous you can do! Usually the user 'nobody' has almost no rigths on Unix/Linux systems. See Expert use on how to run your Bot as an other user.

Secure your Bot installation

Everyone who can read your Bot files can extract your Bots data. Especially your Bot Token in token must be protected against other users. No one exept you should have write access to the Bot files. The Bot itself need write access to count and tmp-bot-bash only, all other files should be write protected.

Runing ./bashbot.sh init sets the Bot permissions to reasonable default values as a starting point.

Is this Bot insecure?

No - its not less (in)secure as any other Bot written in any other language. But you should know about the implications ...

That's it!

If you feel that there's something missing or if you found a bug, feel free to submit a pull request!

$$VERSION$$ v0.6-rc1-11-gba80ec6