curl -sL yabs.sh commands should be updated to use HTTPS.

[Aterfax]

trafficstars

Probably a pretty edge case, but in the event of a middle man attack the attacker can redirect the yabs endpoint to one of their own and run arbitrary code on a user's machine.

If instructions prefix the URL with https:// then any attacker would then need a valid SSL certficate for the domain or curl would refuse to download and avoid said arbitrary code execution.

As it stands when curling:

* Connected to yabs.sh (172.67.164.207) port 80
> GET / HTTP/1.1
> Host: yabs.sh
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 301 Moved Permanently
< Date: Fri, 19 Jul 2024 11:05:12 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Location: https://raw.githubusercontent.com/masonr/yet-another-bench-script/master/yabs.sh

As the initial connection starts with port 80, there is no protection afforded by the redirect for the above.