Golang

The Pain of Manual Rebuilds Every Go developer knows this cycle: write code, press Ctrl+C to stop the running app, run go build or go run, then restart. Repeat for every single change. It’s tedious, breaks your flow, and eats away precious development time. What if I told you there’s a better way? Enter Air Air is a live reload tool for Go applications. It watches your source files, automatically rebuilds your binary when changes are detected, and restarts your application — all without you lifting a finger. ...

Operations are messy. That’s the first rule of the field. You’re on a mobile engagement, tethered to a flaky 4G connection. Or maybe you’re deep in a red team assessment, pivoting through a chain of VPNs that feels like it’s held together by duct tape and prayers. Then it happens. The connection drops. The shell hangs. In the old world, that session was gone. Or worse, you’d restart, create a new log file, and end up with fragmented evidence: session-part1.tty, session-part2.tty. Trying to piece that together for a report is a nightmare I wouldn’t wish on a blue teamer. ...

In software engineering, “Not Invented Here” (NIH) syndrome is a dirty word. We’re taught to reuse existing tools, stand on the shoulders of giants, and never reinvent the wheel. So when I decided to build PentLog—a terminal session logger—from scratch, the obvious question was: “Why not just use script or asciinema?” The answer wasn’t ego. It was Evidence Integrity. The Problem with script The venerable script command has been around since BSD 3.0. It’s solid, it’s everywhere. But it has a fatal flaw for modern engagements: Searchability. ...

In the world of terminal recording, asciinema is the undisputed king. It’s modern, it uses JSON, it’s web-native, and it’s everywhere. So, why on earth did I build PentLog on top of ttyrec—a format from the year 2000 that smells like old C code and despair? It wasn’t nostalgia. It was a tactical decision for Evidence Integrity. The JSON Trap Asciinema (v2 format) logs are essentially a list of JSON arrays (lines of text). It’s clean and easy to parse. ...

We’re pushing PentLog beyond simple recording. The next frontier is Real-Time Collaboration. Penetration testing is often a team sport. Yet, sharing a terminal session usually involves clunky solutions like tmux over shared SSH keys (security nightmare) or third-party services like tmate (privacy risk). We need something native, secure, and lightweight. The Challenge: “Don’t Break the Shell” The cardinal rule of PentLog is Evidence Integrity. If the logging tool crashes, the shell must survive. If the network lags, the typing must not delay. ...