This is a silly site to illustrate why you might not want to blindly run shell commands piped from a web page directly to a shell. You should always review the scripts you're going to run, but as an added layer of protection, and you should consider using something like the Linux sandbox utility, a virtual machine, your friends' machine, or an airgapped computer.
If you fetch this site with curl or wget you'll receive the following script:
#!/usr/bin/env sh
# Check if root is mounted with overlayfs, indicating we're in a container probably
if grep -q "overlay / " /proc/mounts; then
echo -e "\033[32m✓\033[0m Filesystem isolation system detected"
else
echo -e "\033[31m✗\033[0m This script can make changes to files willy-nilly!"
fi
# Check if we can ping 1.1.1.1
if ping -c 1 -W 1 1.1.1.1 >/dev/null 2>&1; then
echo -e "\033[31m✗\033[0m This script can upload files to sketchy sites!"
else
echo -e "\033[32m✓\033[0m Network connectivity restricted"
fi
Note: This script is in no way intended to indicate any sort of actual insulation from risk. It checks a couple of very basic things that will be true for scripts running in a default sandbox, but should not be considered any sort of security audit or anything of the sort.
Runningcurl -s https://trustmebro.sh/ | sh should produce something like:
✗ This script can make changes to files willy-nilly! ✗ This script can upload files to sketchy sites!Whereas running
curl -s https://trustmebro.sh/ | sandbox sh should result in:
✓ Filesystem isolation system detected ✓ Network connectivity restricted