General Utilities
#Utility Commands & Techniques
#Text Processing
## === GREP - ADVANCED SEARCH ===
# Basic recursive search
grep -r "password" /etc/ 2>/dev/null
grep -ri "password" /home/ 2>/dev/null # Case insensitive
# Search with context (lines before/after)
grep -B 3 -A 3 "error" logfile.txt # 3 lines before and after
grep -C 5 "pattern" file.txt # 5 lines of context
# Multiple patterns
grep -E "(password|passwd|pwd)" file.txt
grep -e "pattern1" -e "pattern2" file.txt
# Exclude patterns
grep -v "exclude_this" file.txt
grep -v -e "pattern1" -e "pattern2" file.txt
# Search in specific file types
grep -r --include="*.txt" "password" /path/
grep -r --include="*.{php,html,js}" "api_key" /var/www/
# Exclude file types
grep -r --exclude="*.log" "error" /var/log/
# Exclude directories
grep -r --exclude-dir={node_modules,vendor} "password" /app/
# Show only filenames
grep -rl "password" /etc/
# Show line numbers
grep -rn "password" /etc/
# Count matches
grep -c "error" logfile.txt
grep -rc "password" /etc/
# Word boundaries
grep -w "root" /etc/passwd # Match whole word only
# Binary files
grep -a "password" binary_file # Treat binary as text
grep -I "pattern" * # Skip binary files
# === REGEX PATTERNS ===
# Email addresses
grep -oE '\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b' file.txt
# IP addresses
grep -oE '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' file.txt
# IPv4 with validation
grep -oE '\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b' file.txt
# URLs
grep -oE 'https?://[^\s]+' file.txt
# Phone numbers (US format)
grep -oE '\b[0-9]{3}[-.]?[0-9]{3}[-.]?[0-9]{4}\b' file.txt
# Credit card numbers
grep -oE '\b[0-9]{4}[- ]?[0-9]{4}[- ]?[0-9]{4}[- ]?[0-9]{4}\b' file.txt
# Hashes (MD5)
grep -oE '\b[a-f0-9]{32}\b' file.txt
# Hashes (SHA1)
grep -oE '\b[a-f0-9]{40}\b' file.txt
# Hashes (SHA256)
grep -oE '\b[a-f0-9]{64}\b' file.txt
# Private keys
grep -r "BEGIN.*PRIVATE KEY" /path/
# AWS keys
grep -oE 'AKIA[0-9A-Z]{16}' file.txt
# === AWK - TEXT PROCESSING ===
# Print specific columns
awk '{print $1}' file.txt # First column
awk '{print $1, $3}' file.txt # First and third columns
awk '{print $NF}' file.txt # Last column
awk '{print $(NF-1)}' file.txt # Second to last column
# Field separator
awk -F: '{print $1}' /etc/passwd # Colon separator
awk -F',' '{print $2}' file.csv # Comma separator
awk -F'\t' '{print $1}' file.tsv # Tab separator
# Pattern matching
awk '/pattern/ {print $0}' file.txt
awk '$1 == "root" {print $0}' /etc/passwd
awk '$3 > 1000 {print $1}' /etc/passwd
# Conditional statements
awk '{if($3 > 1000) print $1}' /etc/passwd
awk '{if($1=="root") print "Found root"; else print "Not root"}' /etc/passwd
# Multiple conditions
awk '$3 > 1000 && $3 < 2000 {print $1}' /etc/passwd
awk '$1=="root" || $1=="admin" {print $0}' /etc/passwd
# BEGIN and END blocks
awk 'BEGIN {print "Start"} {print $0} END {print "End"}' file.txt
# Count lines
awk 'END {print NR}' file.txt
# Sum column values
awk '{sum += $3} END {print sum}' file.txt
# Calculate average
awk '{sum += $3; count++} END {print sum/count}' file.txt
# Remove duplicates
awk '!seen[$0]++' file.txt
# Print line numbers
awk '{print NR, $0}' file.txt
# === SED - STREAM EDITOR ===
# Basic substitution
sed 's/old/new/' file.txt # First occurrence per line
sed 's/old/new/g' file.txt # All occurrences
sed 's/old/new/2' file.txt # Second occurrence only
# In-place editing
sed -i 's/old/new/g' file.txt # Linux
sed -i '' 's/old/new/g' file.txt # macOS
# Multiple substitutions
sed -e 's/old1/new1/g' -e 's/old2/new2/g' file.txt
sed 's/old1/new1/g; s/old2/new2/g' file.txt
# Delete lines
sed '/pattern/d' file.txt # Delete matching lines
sed '1d' file.txt # Delete first line
sed '$d' file.txt # Delete last line
sed '1,5d' file.txt # Delete lines 1-5
# Print specific lines
sed -n '5p' file.txt # Print line 5
sed -n '10,20p' file.txt # Print lines 10-20
sed -n '/pattern/p' file.txt # Print matching lines
# Insert and append
sed '5i\New line before' file.txt # Insert before line 5
sed '5a\New line after' file.txt # Append after line 5
# Replace entire line
sed '/pattern/c\Replacement line' file.txt
# Regular expressions
sed 's/[0-9]\{3\}-[0-9]\{4\}/REDACTED/g' file.txt # Redact phone numbers
sed 's/\b[A-Za-z0-9._%+-]\+@[A-Za-z0-9.-]\+\.[A-Z|a-z]\{2,\}\b/REDACTED/g' file.txt # Redact emails
# === CUT - COLUMN EXTRACTION ===
# Extract by delimiter
cut -d: -f1 /etc/passwd # First field (username)
cut -d: -f1,3 /etc/passwd # Fields 1 and 3
cut -d: -f1-3 /etc/passwd # Fields 1 through 3
# Extract by character position
cut -c1-10 file.txt # Characters 1-10
cut -c5- file.txt # From character 5 to end
# CSV processing
cut -d',' -f2 file.csv # Second column
# === SORT - SORTING ===
# Basic sorting
sort file.txt # Alphabetical
sort -r file.txt # Reverse order
sort -n file.txt # Numeric sort
sort -h file.txt # Human-readable numbers (1K, 2M, etc.)
# Sort by specific field
sort -t: -k3 -n /etc/passwd # Sort by UID (field 3)
sort -t',' -k2 file.csv # Sort CSV by second column
# Unique sorting
sort -u file.txt # Sort and remove duplicates
# Case-insensitive
sort -f file.txt
# Random order
sort -R file.txt
# === UNIQ - REMOVE DUPLICATES ===
# Remove adjacent duplicates (requires sorted input)
sort file.txt | uniq
# Count occurrences
sort file.txt | uniq -c
# Show only duplicates
sort file.txt | uniq -d
# Show only unique lines
sort file.txt | uniq -u
# === TR - CHARACTER TRANSLATION ===
# Case conversion
tr '[:lower:]' '[:upper:]' < file.txt # Lowercase to uppercase
tr '[:upper:]' '[:lower:]' < file.txt # Uppercase to lowercase
# Delete characters
tr -d ' ' < file.txt # Delete spaces
tr -d '\n' < file.txt # Delete newlines
tr -d '[:digit:]' < file.txt # Delete numbers
# Replace characters
tr ' ' '_' < file.txt # Replace spaces with underscores
tr '\n' ' ' < file.txt # Replace newlines with spaces
# Squeeze repeats
tr -s ' ' < file.txt # Squeeze multiple spaces to single
# ROT13 encoding
tr 'A-Za-z' 'N-ZA-Mn-za-m' < file.txt
# === PASTE - MERGE FILES ===
# Merge files line by line
paste file1.txt file2.txt
# Custom delimiter
paste -d',' file1.txt file2.txt
# Serial mode (concatenate)
paste -s file.txt
# === JOIN - JOIN FILES ===
# Join on common field
join file1.txt file2.txt
# Join on specific fields
join -1 2 -2 1 file1.txt file2.txt # Field 2 of file1, field 1 of file2
# Custom delimiter
join -t',' file1.csv file2.csv
# === COLUMN - FORMAT OUTPUT ===
# Create columns
column -t file.txt
# Custom separator
column -t -s',' file.csv
# JSON pretty print
cat file.json | python3 -m json.tool
# === HEAD AND TAIL ===
# First N lines
head -n 10 file.txt
head -10 file.txt
# Last N lines
tail -n 10 file.txt
tail -10 file.txt
# All but last N lines
head -n -10 file.txt
# All but first N lines
tail -n +10 file.txt
# Follow file (real-time monitoring)
tail -f logfile.txt
tail -F logfile.txt # Retry if file is rotated
# Multiple files
tail -f file1.log file2.log
# === WC - WORD COUNT ===
# Count lines, words, characters
wc file.txt
# Count lines only
wc -l file.txt
# Count words only
wc -w file.txt
# Count characters only
wc -c file.txt
# Count bytes
wc -c file.txt
# === DIFF - COMPARE FILES ===
# Basic diff
diff file1.txt file2.txt
# Unified format (like git diff)
diff -u file1.txt file2.txt
# Context format
diff -c file1.txt file2.txt
# Side-by-side comparison
diff -y file1.txt file2.txt
# Brief (only show if files differ)
diff -q file1.txt file2.txt
# Recursive directory comparison
diff -r dir1/ dir2/
# Ignore whitespace
diff -w file1.txt file2.txt
# Ignore case
diff -i file1.txt file2.txt
Encoding/Decoding
## === BASE64 ===
# Encode
echo "text" | base64
echo -n "text" | base64 # No trailing newline
base64 file.txt
base64 -w 0 file.txt # No line wrapping
# Decode
echo "dGV4dA==" | base64 -d
base64 -d encoded.txt
# Encode file
base64 file.exe > file.b64
# Decode file
base64 -d file.b64 > file.exe
# PowerShell encode
[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("text"))
# PowerShell decode
[System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("dGV4dA=="))
# === URL ENCODING ===
# Python encode
python3 -c "import urllib.parse; print(urllib.parse.quote('text with spaces'))"
python3 -c "import urllib.parse; print(urllib.parse.quote_plus('text with spaces'))"
# Python decode
python3 -c "import urllib.parse; print(urllib.parse.unquote('text%20with%20spaces'))"
# Node.js encode
node -e "console.log(encodeURIComponent('text with spaces'))"
# Node.js decode
node -e "console.log(decodeURIComponent('text%20with%20spaces'))"
# PowerShell encode
Add-Type -AssemblyName System.Web
[System.Web.HttpUtility]::UrlEncode("text with spaces")
# PowerShell decode
[System.Web.HttpUtility]::UrlDecode("text%20with%20spaces")
# === HTML ENTITY ENCODING ===
# Python encode
python3 -c "import html; print(html.escape('<script>alert(1)</script>'))"
# Python decode
python3 -c "import html; print(html.unescape('<script>alert(1)</script>'))"
# === HEX ENCODING ===
# Encode to hex
echo "text" | xxd -p
echo "text" | od -A n -t x1 | tr -d ' \n'
# Decode from hex
echo "74657874" | xxd -r -p
# Hex dump
xxd file.bin
hexdump -C file.bin
# PowerShell hex encode
$text = "text"
($text.ToCharArray() | ForEach-Object { "{0:X2}" -f [byte][char]$_ }) -join ''
# PowerShell hex decode
$hex = "74657874"
-join ($hex -split '(..)' | Where-Object {$_} | ForEach-Object { [char][convert]::ToInt32($_, 16) })
# === BINARY ENCODING ===
# To binary
echo "text" | xxd -b
# From binary
echo "01110100 01100101 01111000 01110100" | perl -lpe '$_=pack"B*",$_'
# === HASHING ===
# MD5
echo -n "password" | md5sum
md5sum file.txt
# SHA1
echo -n "password" | sha1sum
sha1sum file.txt
# SHA256
echo -n "password" | sha256sum
sha256sum file.txt
# SHA512
echo -n "password" | sha512sum
sha512sum file.txt
# PowerShell MD5
$md5 = [System.Security.Cryptography.MD5]::Create()
$hash = $md5.ComputeHash([System.Text.Encoding]::UTF8.GetBytes("password"))
[System.BitConverter]::ToString($hash).Replace("-","").ToLower()
# PowerShell SHA256
$sha256 = [System.Security.Cryptography.SHA256]::Create()
$hash = $sha256.ComputeHash([System.Text.Encoding]::UTF8.GetBytes("password"))
[System.BitConverter]::ToString($hash).Replace("-","").ToLower()
# HMAC
echo -n "data" | openssl dgst -sha256 -hmac "secret_key"
# === BCRYPT / PASSWORD HASHING ===
# htpasswd (Apache password file)
htpasswd -bnBC 10 "" password | tr -d ':\n'
# Python bcrypt
python3 -c "import bcrypt; print(bcrypt.hashpw(b'password', bcrypt.gensalt()).decode())"
# === ENCRYPTION ===
# OpenSSL AES encryption
echo "secret data" | openssl enc -aes-256-cbc -a -salt -pass pass:password
# OpenSSL AES decryption
echo "encrypted_base64" | openssl enc -aes-256-cbc -d -a -pass pass:password
# Encrypt file
openssl enc -aes-256-cbc -salt -in file.txt -out file.enc -pass pass:password
# Decrypt file
openssl enc -aes-256-cbc -d -in file.enc -out file.txt -pass pass:password
# GPG encryption
gpg -c file.txt # Symmetric encryption
gpg -e -r recipient@email.com file.txt # Public key encryption
# GPG decryption
gpg -d file.txt.gpg
# === COMPRESSION ===
# Gzip
gzip file.txt
gzip -c file.txt > file.txt.gz # Keep original
gunzip file.txt.gz
# Bzip2
bzip2 file.txt
bunzip2 file.txt.bz2
# XZ
xz file.txt
unxz file.txt.xz
# Compress and base64
gzip -c file.txt | base64 > file.gz.b64
# Decompress from base64
base64 -d file.gz.b64 | gunzip > file.txt
Network Utilities
## === NETCAT (NC) ===
# Listen mode
nc -lvnp 4444 # TCP listener
nc -luvnp 4444 # UDP listener
# Connect mode
nc -nv TARGET_IP 4444
# Transfer file (receiver)
nc -lvnp 4444 > received_file.txt
# Transfer file (sender)
nc -nv TARGET_IP 4444 < file.txt
# Port scanning
nc -zv TARGET_IP 1-1000 # Scan ports 1-1000
nc -zvu TARGET_IP 53,161,514 # UDP scan specific ports
# Banner grabbing
echo "" | nc -nv TARGET_IP 80
nc -nv TARGET_IP 22
# Reverse shell listener
nc -lvnp 4444
# === NMAP - PORT SCANNING ===
# Basic scan
nmap TARGET_IP
nmap -sV TARGET_IP # Service version detection
nmap -O TARGET_IP # OS detection
nmap -A TARGET_IP # Aggressive (OS, version, scripts, traceroute)
# Scan types
nmap -sS TARGET_IP # SYN stealth scan
nmap -sT TARGET_IP # TCP connect scan
nmap -sU TARGET_IP # UDP scan
nmap -sN TARGET_IP # TCP null scan
nmap -sF TARGET_IP # FIN scan
nmap -sX TARGET_IP # Xmas scan
# Port specification
nmap -p 22,80,443 TARGET_IP # Specific ports
nmap -p 1-1000 TARGET_IP # Port range
nmap -p- TARGET_IP # All ports (1-65535)
nmap -p U:53,T:80,443 TARGET_IP # UDP and TCP ports
# Timing and performance
nmap -T0 TARGET_IP # Paranoid (slowest)
nmap -T4 TARGET_IP # Aggressive (faster)
nmap --min-rate 1000 TARGET_IP # Minimum packet rate
nmap --max-retries 1 TARGET_IP # Maximum retries
# Host discovery
nmap -sn TARGET_NETWORK # Ping scan (no port scan)
nmap -Pn TARGET_IP # Skip host discovery (assume up)
nmap -PS22,80,443 TARGET_IP # TCP SYN ping
nmap -PA22,80,443 TARGET_IP # TCP ACK ping
# NSE scripts
nmap --script vuln TARGET_IP # Vulnerability scripts
nmap --script=http-enum TARGET_IP # HTTP enumeration
nmap --script=smb-enum-shares TARGET_IP # SMB share enumeration
nmap --script-help=script_name # Script help
# Output formats
nmap -oN output.txt TARGET_IP # Normal output
nmap -oX output.xml TARGET_IP # XML output
nmap -oG output.grep TARGET_IP # Greppable output
nmap -oA output TARGET_IP # All formats
# Scan through SOCKS proxy
nmap --proxies socks4://127.0.0.1:1080 TARGET_IP
# === MASSCAN - FAST PORT SCANNER ===
# Basic scan
masscan TARGET_NETWORK -p80,443 --rate=10000
# Scan all ports
masscan TARGET_NETWORK -p0-65535 --rate=100000
# Banner grabbing
masscan TARGET_IP -p80 --banners
# === CURL - HTTP CLIENT ===
# Basic request
curl http://TARGET_IP
curl -v http://TARGET_IP # Verbose
curl -i http://TARGET_IP # Include headers
# HTTP methods
curl -X POST http://TARGET_IP/api
curl -X PUT http://TARGET_IP/resource
curl -X DELETE http://TARGET_IP/resource
# Send data
curl -d "param=value" http://TARGET_IP/login
curl -d @data.json http://TARGET_IP/api
curl -H "Content-Type: application/json" -d '{"key":"value"}' http://TARGET_IP/api
# Headers
curl -H "Authorization: Bearer TOKEN" http://TARGET_IP/api
curl -A "User-Agent" http://TARGET_IP
curl -H "X-Custom-Header: value" http://TARGET_IP
# Cookies
curl -b "session=abc123" http://TARGET_IP
curl -c cookies.txt http://TARGET_IP # Save cookies
curl -b cookies.txt http://TARGET_IP # Load cookies
# Follow redirects
curl -L http://TARGET_IP
# Download file
curl -O http://TARGET_IP/file.txt
curl -o output.txt http://TARGET_IP/file.txt
# Upload file
curl -F "file=@upload.txt" http://TARGET_IP/upload
# Authentication
curl -u username:password http://TARGET_IP
curl --ntlm -u username:password http://TARGET_IP
# Proxy
curl -x proxy:port http://TARGET_IP
curl --socks5 127.0.0.1:1080 http://TARGET_IP
# SSL/TLS
curl -k https://TARGET_IP # Ignore certificate errors
curl --cacert ca.crt https://TARGET_IP
# Timing
curl -w "@curl-format.txt" http://TARGET_IP
# curl-format.txt:
# time_namelookup: %{time_namelookup}\n
# time_connect: %{time_connect}\n
# time_total: %{time_total}\n
# === WGET - FILE DOWNLOADER ===
# Download file
wget http://TARGET_IP/file.txt
wget -O output.txt http://TARGET_IP/file.txt
# Recursive download
wget -r http://TARGET_IP/directory/
wget -r -np -nH --cut-dirs=1 http://TARGET_IP/directory/
# Continue interrupted download
wget -c http://TARGET_IP/largefile.iso
# Background download
wget -b http://TARGET_IP/file.txt
# Limit rate
wget --limit-rate=100k http://TARGET_IP/file.txt
# Mirror site
wget --mirror --convert-links --adjust-extension --page-requisites --no-parent http://TARGET_IP
# === DIG - DNS QUERIES ===
# Basic query
dig domain.com
dig @8.8.8.8 domain.com # Specific DNS server
# Record types
dig domain.com A # IPv4 address
dig domain.com AAAA # IPv6 address
dig domain.com MX # Mail servers
dig domain.com NS # Name servers
dig domain.com TXT # Text records
dig domain.com SOA # Start of authority
dig domain.com ANY # All records
# Reverse lookup
dig -x IP_ADDRESS
# Short output
dig +short domain.com
# Trace resolution path
dig +trace domain.com
# === NSLOOKUP - DNS LOOKUP ===
# Basic lookup
nslookup domain.com
nslookup domain.com 8.8.8.8
# Reverse lookup
nslookup IP_ADDRESS
# Interactive mode
nslookup
> server 8.8.8.8
> set type=MX
> domain.com
# === HOST - DNS LOOKUP ===
# Basic lookup
host domain.com
host -t MX domain.com
host -t TXT domain.com
# === TCPDUMP - PACKET CAPTURE ===
# Capture all traffic
sudo tcpdump -i any
# Capture to file
sudo tcpdump -i any -w capture.pcap
# Read from file
tcpdump -r capture.pcap
# Filter by host
sudo tcpdump host TARGET_IP
# Filter by port
sudo tcpdump port 80
sudo tcpdump port 80 or port 443
# Filter by protocol
sudo tcpdump icmp
sudo tcpdump tcp
# Capture specific interface
sudo tcpdump -i eth0
# Display ASCII
sudo tcpdump -A
# Display hex and ASCII
sudo tcpdump -XX
# === NETSTAT / SS - NETWORK STATISTICS ===
# Show all connections
netstat -a
ss -a
# Show listening ports
netstat -tunlp
ss -tunlp
# Show established connections
netstat -tun
ss -tun
# Show routing table
netstat -r
ip route show
# Show statistics
netstat -s
ss -s
# === IP COMMAND ===
# Show interfaces
ip addr show
ip link show
# Show routes
ip route show
# Add route
sudo ip route add 192.168.1.0/24 via 10.0.0.1
# Delete route
sudo ip route del 192.168.1.0/24
# Show ARP table
ip neigh show
# === PING ===
# Basic ping
ping TARGET_IP
# Count
ping -c 4 TARGET_IP
# Interval
ping -i 0.2 TARGET_IP
# Flood ping (root required)
sudo ping -f TARGET_IP
# Large packet
ping -s 1000 TARGET_IP
# === TRACEROUTE ===
# Basic traceroute
traceroute TARGET_IP
tracert TARGET_IP # Windows
# Use ICMP
sudo traceroute -I TARGET_IP
# Use TCP
sudo traceroute -T -p 80 TARGET_IP
# Max hops
traceroute -m 20 TARGET_IP
File Operations
## === FIND - SEARCH FILES ===
# Find by name
find / -name "filename.txt" 2>/dev/null
find / -iname "filename.txt" 2>/dev/null # Case insensitive
# Find by extension
find / -name "*.conf" 2>/dev/null
find / -name "*.php" -o -name "*.html" 2>/dev/null
# Find by type
find / -type f 2>/dev/null # Files
find / -type d 2>/dev/null # Directories
find / -type l 2>/dev/null # Symbolic links
# Find by size
find / -size +100M 2>/dev/null # Larger than 100MB
find / -size -1k 2>/dev/null # Smaller than 1KB
find / -size 1G 2>/dev/null # Exactly 1GB
# Find by permissions
find / -perm -4000 2>/dev/null # SUID files
find / -perm -2000 2>/dev/null # SGID files
find / -perm -777 2>/dev/null # World writable
# Find by modification time
find / -mtime -1 2>/dev/null # Modified in last 24 hours
find / -mtime +7 2>/dev/null # Modified more than 7 days ago
find / -mmin -30 2>/dev/null # Modified in last 30 minutes
# Find by owner
find / -user root 2>/dev/null
find / -group wheel 2>/dev/null
# Find empty files/directories
find / -empty 2>/dev/null
# Execute command on results
find / -name "*.log" -exec rm {} \; 2>/dev/null
find / -name "*.txt" -exec grep "password" {} + 2>/dev/null
# Find and list with details
find / -name "*.conf" -ls 2>/dev/null
# Exclude directories
find / -name "*.txt" -not -path "*/tmp/*" 2>/dev/null
# Multiple conditions
find / -name "*.php" -type f -size +1M 2>/dev/null
find / \( -name "*.php" -o -name "*.html" \) -mtime -7 2>/dev/null
# === LOCATE - FAST FILE SEARCH ===
# Update database
sudo updatedb
# Basic search
locate filename.txt
locate -i filename.txt # Case insensitive
# Count matches
locate -c filename.txt
# Limit results
locate -l 10 filename.txt
# === FILE PERMISSIONS ===
# Change permissions (symbolic)
chmod u+x file.txt # Add execute for user
chmod g-w file.txt # Remove write for group
chmod o+r file.txt # Add read for others
chmod a+x file.txt # Add execute for all
# Change permissions (octal)
chmod 644 file.txt # rw-r--r--
chmod 755 file.txt # rwxr-xr-x
chmod 600 file.txt # rw-------
chmod 777 file.txt # rwxrwxrwx
# Recursive
chmod -R 755 directory/
# Change ownership
chown user:group file.txt
chown -R user:group directory/
# Change group
chgrp group file.txt
# Special permissions
chmod u+s file.txt # Set SUID
chmod g+s directory/ # Set SGID
chmod +t directory/ # Set sticky bit
# Make immutable (prevent modification/deletion)
sudo chattr +i file.txt
sudo chattr -i file.txt # Remove immutable
# === ARCHIVE OPERATIONS ===
# Tar create
tar -czf archive.tar.gz directory/ # Gzip compression
tar -cjf archive.tar.bz2 directory/ # Bzip2 compression
tar -cJf archive.tar.xz directory/ # XZ compression
# Tar extract
tar -xzf archive.tar.gz
tar -xzf archive.tar.gz -C /destination/ # Extract to specific directory
# Tar list contents
tar -tzf archive.tar.gz
tar -tvzf archive.tar.gz # Verbose list
# Tar add files
tar -rzf archive.tar.gz newfile.txt
# Zip create
zip -r archive.zip directory/
zip archive.zip file1.txt file2.txt
# Zip extract
unzip archive.zip
unzip archive.zip -d /destination/
# Zip list contents
unzip -l archive.zip
# Zip with password
zip -e -r archive.zip directory/ # Prompt for password
zip -P password -r archive.zip directory/ # Command line password
# 7z create
7z a archive.7z directory/
7z a -p archive.7z directory/ # With password
# 7z extract
7z x archive.7z
# Rar create
rar a archive.rar directory/
# Rar extract
unrar x archive.rar
# === FILE COMPARISON ===
# Compare files
diff file1.txt file2.txt
diff -u file1.txt file2.txt # Unified format
diff -y file1.txt file2.txt # Side-by-side
# Compare directories
diff -r dir1/ dir2/
# Create patch
diff -u original.txt modified.txt > changes.patch
# Apply patch
patch original.txt < changes.patch
# Compare binary files
cmp file1.bin file2.bin
cmp -l file1.bin file2.bin # Show all differences
# MD5 comparison
md5sum file1.txt file2.txt
# === FILE MANIPULATION ===
# Copy files
cp file.txt destination/
cp -r directory/ destination/ # Recursive
cp -p file.txt destination/ # Preserve attributes
cp -u file.txt destination/ # Update (copy only if newer)
# Move/rename
mv file.txt newname.txt
mv file.txt /new/location/
# Remove files
rm file.txt
rm -r directory/ # Recursive
rm -f file.txt # Force (no prompt)
rm -rf directory/ # Force recursive
# Create directories
mkdir directory
mkdir -p parent/child/grandchild # Create parent directories
# Remove directories
rmdir directory # Empty directory only
rm -r directory # Non-empty directory
# Create links
ln target_file link_name # Hard link
ln -s target_file link_name # Symbolic link
# Touch (create empty file or update timestamp)
touch file.txt
touch -t 202401011200 file.txt # Set specific timestamp
# Truncate file
truncate -s 0 file.txt # Empty file
truncate -s 1M file.txt # Set to 1MB
# Split file
split -b 10M largefile.iso # Split into 10MB chunks
split -l 1000 file.txt # Split every 1000 lines
# Join files
cat part* > complete_file
# === FILE INFORMATION ===
# File type
file filename
file * # Check all files
# File size
du -h file.txt # Human readable
du -sh directory/ # Summary of directory
# Disk usage
df -h # All filesystems
df -h /path # Specific path
# List directory sizes
du -h --max-depth=1 /path/
# Count files
find /path -type f | wc -l
ls -1 | wc -l
# File statistics
stat file.txt
# === ADVANCED FILE OPERATIONS ===
# Read file with line numbers
cat -n file.txt
nl file.txt
# Show non-printing characters
cat -A file.txt
# Concatenate files
cat file1.txt file2.txt > combined.txt
# Reverse file line order
tac file.txt
# View file in reverse
tail -r file.txt # BSD/macOS
tac file.txt # Linux
# Display file with pagination
less file.txt
more file.txt
# Search within less
less file.txt
# Replace text in file
sed -i 's/old/new/g' file.txt
# Remove blank lines
sed '/^$/d' file.txt
# Remove duplicate lines (requires sort)
sort file.txt | uniq
# Number of unique lines
sort file.txt | uniq | wc -l
# Find duplicate lines
sort file.txt | uniq -d
# Reverse lines
rev file.txt
# Convert DOS to Unix line endings
dos2unix file.txt
sed -i 's/\r$//' file.txt
# Convert Unix to DOS line endings
unix2dos file.txt
sed -i 's/$/\r/' file.txt
Process Management
## === VIEW PROCESSES ===
# List all processes
ps aux
ps -ef
# Process tree
ps auxf
pstree
pstree -p # Show PIDs
# Current user processes
ps -u $(whoami)
# Specific process
ps aux | grep process_name
pgrep process_name # Get PID only
pgrep -l process_name # Get PID and name
# Process by PID
ps -p PID
# Full command line
ps aux | grep [p]rocess_name # Avoid grep in results
ps auxww # Don't truncate output
# Sort by CPU
ps aux --sort=-%cpu | head -10
# Sort by memory
ps aux --sort=-%mem | head -10
# Process info from /proc
cat /proc/PID/cmdline
cat /proc/PID/environ
cat /proc/PID/status
ls -la /proc/PID/fd/ # Open file descriptors
ls -la /proc/PID/cwd # Current working directory
# === KILL PROCESSES ===
# Kill by PID
kill PID
kill -9 PID # Force kill (SIGKILL)
kill -15 PID # Graceful termination (SIGTERM)
# Kill by name
killall process_name
killall -9 process_name
# Kill matching pattern
pkill -f pattern
pkill -9 -f pattern
# Kill user's processes
pkill -u username
killall -u username
# === BACKGROUND PROCESSES ===
# Run in background
command &
# List background jobs
jobs
jobs -l # With PIDs
# Bring to foreground
fg
fg %1 # Specific job
# Send to background
bg
bg %1
# Suspend current process
# Ctrl+Z
# Disown (detach from terminal)
command &
disown
disown %1
# Nohup (continue after logout)
nohup command &
nohup command > output.log 2>&1 &
# === PROCESS PRIORITY ===
# Start with specific priority
nice -n 10 command # Lower priority (10)
nice -n -10 command # Higher priority (-10, requires root)
# Change priority of running process
renice -n 5 -p PID
renice -n 5 -u username
# === MONITORING ===
# Top (interactive)
top
top -u username # User's processes
# Press keys in top:
# P - sort by CPU
# M - sort by memory
# k - kill process
# r - renice process
# Htop (enhanced top)
htop
# Watch process in real-time
watch -n 1 'ps aux | grep process_name'
# System load
uptime
cat /proc/loadavg
# === SYSTEMD SERVICES ===
# List all services
systemctl list-units --type=service
systemctl list-unit-files --type=service
# Service status
systemctl status service_name
# Start/stop/restart service
sudo systemctl start service_name
sudo systemctl stop service_name
sudo systemctl restart service_name
sudo systemctl reload service_name # Reload config
# Enable/disable service (start on boot)
sudo systemctl enable service_name
sudo systemctl disable service_name
# Check if enabled
systemctl is-enabled service_name
# View service logs
journalctl -u service_name
journalctl -u service_name -f # Follow
journalctl -u service_name --since today
journalctl -u service_name --since "2024-01-01"
# === RESOURCE USAGE ===
# CPU information
lscpu
cat /proc/cpuinfo
# Memory information
free -h
cat /proc/meminfo
# Disk I/O
iostat
iostat -x 1 # Extended, 1 second intervals
# Network I/O
iftop
nethogs
# Per-process I/O
iotop
sudo iotop
# === STRACE - TRACE SYSTEM CALLS ===
# Trace process
strace command
strace -p PID # Attach to running process
# Trace specific syscalls
strace -e open,read,write command
strace -e trace=network command # Network calls only
# Summary
strace -c command
# Output to file
strace -o output.txt command
# Follow forks
strace -f command
# === LSOF - LIST OPEN FILES ===
# All open files
lsof
# Open files by process
lsof -c process_name
lsof -p PID
# Open files by user
lsof -u username
# Network connections
lsof -i
lsof -i :80 # Specific port
lsof -i TCP # TCP only
lsof -i @TARGET_IP # Specific host
# Files in directory
lsof +D /path/directory/
# Deleted but open files
lsof | grep deleted
# Process using file
lsof /path/to/file
# === FUSER - IDENTIFY PROCESSES ===
# Show processes using file
fuser file.txt
# Kill processes using file
fuser -k file.txt
# Show processes using directory
fuser -v /path/directory/
# Network usage
fuser -n tcp 80
System Information
## === SYSTEM INFO ===
# OS information
uname -a
cat /etc/os-release
lsb_release -a
hostnamectl
# Kernel version
uname -r
cat /proc/version
# Architecture
uname -m
arch
# Hostname
hostname
hostnamectl
# Uptime
uptime
# Current users
who
w
users
# Last logins
last
last -a # Show hostname
# Failed login attempts
lastb # Requires root
# Current user
whoami
id
# User information
id username
groups username
finger username # If installed
# === HARDWARE INFO ===
# CPU info
lscpu
cat /proc/cpuinfo
nproc # Number of cores
# Memory info
free -h
cat /proc/meminfo
# Disk info
lsblk
lsblk -f # With filesystem
fdisk -l # Requires root
blkid # Block device IDs
# PCI devices
lspci
lspci -v # Verbose
# USB devices
lsusb
lsusb -v
# Hardware info (requires root)
dmidecode
dmidecode -t system # System info
dmidecode -t memory # Memory info
dmidecode -t processor # CPU info
# BIOS info
dmidecode -t bios
# === NETWORK INFO ===
# Network interfaces
ip addr show
ifconfig # Legacy
ip link show
# MAC address
ip link show | grep "link/ether"
# IP address
hostname -I
ip addr show | grep "inet "
# Default gateway
ip route | grep default
route -n # Legacy
# DNS servers
cat /etc/resolv.conf
systemd-resolve --status # systemd
# Network statistics
ip -s link
netstat -i # Legacy
# ARP table
ip neigh show
arp -a # Legacy
# === PACKAGE MANAGEMENT ===
# Debian/Ubuntu (APT)
sudo apt update
sudo apt upgrade
sudo apt install package_name
sudo apt remove package_name
sudo apt search package_name
apt list --installed
dpkg -l # List installed packages
dpkg -L package_name # List files in package
# Red Hat/CentOS (YUM/DNF)
sudo yum update
sudo yum install package_name
sudo yum remove package_name
yum search package_name
yum list installed
rpm -qa # List installed packages
rpm -ql package_name # List files in package
# Arch Linux (Pacman)
sudo pacman -Syu # Update system
sudo pacman -S package_name # Install
sudo pacman -R package_name # Remove
pacman -Ss package_name # Search
pacman -Q # List installed
# Alpine Linux (APK)
apk update
apk add package_name
apk del package_name
apk search package_name
# === ENVIRONMENT VARIABLES ===
# Show all variables
env
printenv
# Show specific variable
echo $PATH
echo $HOME
printenv PATH
# Set variable (current shell)
export VAR="value"
# Unset variable
unset VAR
# Make persistent (add to profile)
echo 'export VAR="value"' >> ~/.bashrc
echo 'export VAR="value"' >> ~/.bash_profile
# === SCHEDULED TASKS ===
# List cron jobs
crontab -l
crontab -l -u username # Another user (root only)
# Edit cron jobs
crontab -e
# System cron
cat /etc/crontab
ls /etc/cron.*
# Systemd timers
systemctl list-timers
systemctl list-timers --all
# At jobs
atq # List
at now + 1 hour # Schedule
atrm JOB_ID # Remove
# === LOG FILES ===
# System logs
sudo tail -f /var/log/syslog # Debian/Ubuntu
sudo tail -f /var/log/messages # Red Hat/CentOS
# Authentication logs
sudo tail -f /var/log/auth.log # Debian/Ubuntu
sudo tail -f /var/log/secure # Red Hat/CentOS
# Kernel logs
dmesg
dmesg -T # Human-readable timestamps
dmesg | grep -i error
# Systemd journal
journalctl
journalctl -f # Follow
journalctl -b # Current boot
journalctl --since "1 hour ago"
journalctl -u service_name
journalctl -k # Kernel messages
# Apache/Nginx logs
sudo tail -f /var/log/apache2/access.log
sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/apache2/error.log
sudo tail -f /var/log/nginx/error.log
# === FIREWALL ===
# UFW (Ubuntu)
sudo ufw status
sudo ufw enable
sudo ufw allow 22/tcp
sudo ufw deny 80/tcp
sudo ufw delete allow 22/tcp
# iptables
sudo iptables -L
sudo iptables -L -n -v # Verbose with numbers
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -D INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables-save > /tmp/iptables.rules
sudo iptables-restore < /tmp/iptables.rules
# firewalld (Red Hat/CentOS)
sudo firewall-cmd --list-all
sudo firewall-cmd --add-port=80/tcp --permanent
sudo firewall-cmd --reload
# === SELINUX ===
# SELinux status
getenforce
sestatus
# Set mode
sudo setenforce 0 # Permissive
sudo setenforce 1 # Enforcing
# Permanent (edit /etc/selinux/config)
sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
# === APPARMOR ===
# AppArmor status
sudo aa-status
# Disable profile
sudo aa-disable /path/to/profile
# Enable profile
sudo aa-enforce /path/to/profile
Cleanup & Anti-Forensics
## === CLEAR COMMAND HISTORY ===
# Clear bash history
history -c
history -w
echo "" > ~/.bash_history
cat /dev/null > ~/.bash_history
# Clear for all users (root)
find /home -name ".bash_history" -exec rm -f {} \;
rm -f /root/.bash_history
# Disable history for session
unset HISTFILE
set +o history
# Clear specific entries
history -d LINE_NUMBER
history -d OFFSET
# Clear Zsh history
echo "" > ~/.zsh_history
rm -f ~/.zsh_history
# === CLEAR LOGS ===
# Clear auth logs
sudo truncate -s 0 /var/log/auth.log
sudo rm -f /var/log/auth.log.*
# Clear syslog
sudo truncate -s 0 /var/log/syslog
sudo rm -f /var/log/syslog.*
# Clear systemd journal
sudo journalctl --vacuum-time=1s
sudo journalctl --vacuum-size=1M
sudo rm -rf /var/log/journal/*
# Clear Apache logs
sudo truncate -s 0 /var/log/apache2/access.log
sudo truncate -s 0 /var/log/apache2/error.log
# Clear all logs
sudo find /var/log -type f -exec truncate -s 0 {} \;
# === TIMESTOMPING ===
# Change file timestamp
touch -t 202301011200 file.txt # YYYYMMDDhhmm
touch -d "2023-01-01 12:00:00" file.txt
# Match timestamp to another file
touch -r reference_file target_file
# Change access and modification times
touch -a -t 202301011200 file.txt # Access time
touch -m -t 202301011200 file.txt # Modification time
# === SECURE FILE DELETION ===
# Shred (overwrite before delete)
shred -vfz -n 10 file.txt # 10 passes
shred -vfzu -n 35 file.txt # DOD 5220.22-M standard
# Wipe
wipe -rf file.txt
# Secure-delete
srm file.txt
srm -r directory/
# DD overwrite
dd if=/dev/zero of=file.txt bs=1M count=10
dd if=/dev/urandom of=file.txt bs=1M count=10
# === CLEAR SPECIFIC TRACES ===
# Clear last login
echo "" > /var/log/lastlog
echo "" > /var/log/wtmp
echo "" > /var/log/btmp
# Remove user from wtmp/utmp
utmpdump /var/log/wtmp | grep -v username > /tmp/wtmp
utmpdump -r /tmp/wtmp > /var/log/wtmp
# Clear DNS cache
# Ubuntu/Debian
sudo systemd-resolve --flush-caches
sudo service nscd restart
# Red Hat/CentOS
sudo service nscd restart
# Clear ARP cache
sudo ip -s -s neigh flush all
# Clear thumbnail cache
rm -rf ~/.cache/thumbnails/*
# Clear trash
rm -rf ~/.local/share/Trash/*
# === CLEAR WINDOWS TRACES ===
# Clear PowerShell history
Remove-Item (Get-PSReadlineOption).HistorySavePath
# Clear command history
doskey /reinstall
# Clear Windows event logs
wevtutil el | ForEach-Object {wevtutil cl "$_"}
# Clear specific log
wevtutil cl System
wevtutil cl Security
wevtutil cl Application
# Clear recent documents
Remove-Item "$env:APPDATA\Microsoft\Windows\Recent\*" -Force
# Clear temp files
Remove-Item "$env:TEMP\*" -Force -Recurse
Remove-Item "C:\Windows\Temp\*" -Force -Recurse
# Clear prefetch
Remove-Item "C:\Windows\Prefetch\*" -Force
# Clear DNS cache
ipconfig /flushdns
# === ANTI-FORENSICS ===
# Disable logging
sudo systemctl stop rsyslog
sudo systemctl disable rsyslog
# Mount filesystem as read-only
mount -o remount,ro /
# Use RAM disk
sudo mkdir /mnt/ramdisk
sudo mount -t tmpfs -o size=1G tmpfs /mnt/ramdisk
# Work in /mnt/ramdisk (data lost on reboot)
# Encrypt swap
sudo swapoff -a
sudo dd if=/dev/urandom of=/dev/sda2 bs=1M # WARNING: Destroys data
sudo mkswap /dev/sda2
sudo swapon /dev/sda2
# Disable swap
sudo swapoff -a
sudo rm /swap.img
# Clear memory cache
sudo sync
echo 3 | sudo tee /proc/sys/vm/drop_caches
# === LIVE FORENSICS COUNTERMEASURES ===
# Detect forensic tools
ps aux | grep -E "volatility|rekall|lime"
# Kill forensic processes
pkill -f "volatility"
# Monitor for memory dumping
watch 'lsof | grep /proc/kcore'
# Detect LiME kernel module
lsmod | grep lime
# === SECURE REBOOT/SHUTDOWN ===
# Immediate shutdown (skip syncing)
sudo shutdown -h now
sudo halt -f
# Reboot without syncing
sudo reboot -f
# Force kernel panic (destroys memory)
echo c | sudo tee /proc/sysrq-trigger
