In software engineering, “Not Invented Here” (NIH) syndrome is a dirty word. We’re taught to reuse existing tools, stand on the shoulders of giants, and never reinvent the wheel.

So when I decided to build PentLog—a terminal session logger—from scratch, the obvious question was: “Why not just use script or asciinema?”

The answer wasn’t ego. It was Evidence Integrity.

The Problem with script

The venerable script command has been around since BSD 3.0. It’s solid, it’s everywhere. But it has a fatal flaw for modern engagements: Searchability.

script outputs a raw text file mixed with control characters (ANSI codes).

  • Want to grep for a specific command? Good luck dealing with backspaces and color codes.
  • Want to replay it? You need scriptreplay with separate timing files.
  • Want to share it? You’re sending raw binary garbage.

It’s great for a quick log. It’s terrible for Audit & Compliance.

The Problem with asciinema

Asciinema is brilliant. It solved the replayability problem with a JSON-based format. It’s the gold standard for sharing terminal demos.

But for Red Teaming or Forensics, JSON has a hidden risk: Crash Safety.

If your shell crashes (kernel panic, OOM kill, power loss) while recording:

  • asciinema (v2) might leave a malformed JSON file if the closing brackets aren’t written or the buffer isn’t flushed correctly.
  • Recovering a half-written JSON file is a nightmare.
  • In an audit, a “repaired” log file is suspect. Evidence must be immutable.

The Hidden Cost of Rolling Your Own

Building PentLog wasn’t free.

  • Dependency Hell: Wrapping ttyrec (C library) in Go meant dealing with Cgo and cross-compilation headaches.
  • Protocol Design: Creating a format that supports metadata, streams, and searchability in one file.
  • Time: Hundreds of hours spent debugging PTY interactions that script solved decades ago.

The Payoff: Why It Was Worth It

But by owning the stack, we gained capabilities that generic tools can’t touch:

  1. Crash-Proof Streams: We use a raw binary stream (ttyrec style). If the process dies, every byte up to that millisecond is saved. No closing tags needed.
  2. Native Search: We built a TUI that parses the stream in memory, allowing full-text search across sessions without external tools.
  3. Self-Contained Compliance: Native GIF export (high-res, correct timing) means you can generate reports without ffmpeg or web services.
  4. Real-Time Collaboration: We could bolt on a WebSocket layer for live sharing because we control the PTY master.

Conclusion

Sometimes, “Not Invented Here” is the right call. When the existing tools optimize for convenience (JSON, Web) but your requirement is integrity (Raw Bytes, Crash Safety), you have to build your own wheel.

And if that wheel happens to have built-in GIF export and search… well, that’s just a bonus.