Mastering the Linux command line is essential for penetration testing and ethical hacking. This guide covers the most important commands you need to know, from basic navigation to advanced text processing and networking.
File System Navigation
# Print working directory
pwd
# List files and directories
ls
ls -la # Long format with hidden files
ls -lah # Human-readable sizes
ls -lt # Sort by modification time
# Change directory
cd /var/www
cd ~ # Home directory
cd - # Previous directory
cd .. # Parent directory
# Create directories
mkdir newdir
mkdir -p path/to/nested/dir
# Remove files and directories
rm file.txt
rm -r directory/
rm -rf directory/ # Force remove (careful!)File Operations
# Copy files
cp source.txt destination.txt
cp -r sourcedir/ destdir/
# Move/rename files
mv oldname.txt newname.txt
mv file.txt /new/location/
# Create empty file
touch newfile.txt
# View file contents
cat file.txt
less file.txt # Paginated view
head -n 20 file.txt # First 20 lines
tail -n 20 file.txt # Last 20 lines
tail -f logfile.log # Follow file updates
# File information
file unknown.bin # Determine file type
stat file.txt # Detailed file info
wc -l file.txt # Count linesText Processing
# Search text with grep
grep "pattern" file.txt
grep -i "pattern" file.txt # Case insensitive
grep -r "pattern" directory/ # Recursive search
grep -v "pattern" file.txt # Invert match
grep -E "regex" file.txt # Extended regex
grep -o "pattern" file.txt # Only matching part
grep -c "pattern" file.txt # Count matches
# Stream editing with sed
sed 's/old/new/g' file.txt # Replace all occurrences
sed -i 's/old/new/g' file.txt # Edit in place
sed -n '5,10p' file.txt # Print lines 5-10
sed '/pattern/d' file.txt # Delete matching lines
# Text processing with awk
awk '{print $1}' file.txt # Print first column
awk -F: '{print $1}' /etc/passwd # Custom delimiter
awk '{print $NF}' file.txt # Print last column
awk '/pattern/ {print}' file.txt # Print matching lines
# Sort and unique
sort file.txt
sort -n file.txt # Numeric sort
sort -r file.txt # Reverse sort
sort -u file.txt # Unique only
uniq file.txt # Remove adjacent duplicates
sort file.txt | uniq -c # Count occurrences
# Cut columns
cut -d: -f1 /etc/passwd # First field, colon delimiter
cut -c1-10 file.txt # Characters 1-10Permissions and Ownership
# View permissions
ls -la
# Change permissions
chmod 755 script.sh # rwxr-xr-x
chmod +x script.sh # Add execute
chmod -w file.txt # Remove write
chmod u+x,g+r file.txt # User execute, group read
# Change ownership
chown user:group file.txt
chown -R user:group directory/
# Special permissions
chmod u+s binary # SUID
chmod g+s directory # SGID
chmod +t directory # Sticky bit
# Find SUID files
find / -perm -4000 -type f 2>/dev/nullProcess Management
# View processes
ps aux
ps aux | grep process_name
top
htop
# Process tree
pstree
# Kill processes
kill PID
kill -9 PID # Force kill
killall process_name
pkill pattern
# Background processes
command & # Run in background
jobs # List background jobs
fg %1 # Bring job 1 to foreground
bg %1 # Continue job in background
nohup command & # Run immune to hangups
# Process information
lsof # List open files
lsof -i :80 # What is using port 80
fuser -n tcp 80 # Process using port 80Networking Commands
# Network interfaces
ip a
ip addr show
ifconfig
# Routing
ip route
route -n
netstat -rn
# DNS
dig domain.com
nslookup domain.com
host domain.com
cat /etc/resolv.conf
# Connections
ss -tulpn # Listening ports
netstat -tulpn # Listening ports (legacy)
ss -tp # Established connections
# Connectivity testing
ping -c 4 host
traceroute host
mtr host
# Download files
wget http://example.com/file
curl -O http://example.com/file
curl -s http://example.com/api | jq
# Transfer files
scp file.txt user@host:/path/
scp user@host:/path/file.txt .
rsync -avz source/ dest/User and System Information
# Current user
whoami
id
# System information
uname -a
hostname
cat /etc/os-release
cat /proc/version
# Users and groups
cat /etc/passwd
cat /etc/group
cat /etc/shadow # Requires root
last # Login history
w # Who is logged in
# Environment
env
printenv
echo $PATH
export VAR=valueCompression and Archives
# Tar archives
tar -cvf archive.tar files/ # Create
tar -xvf archive.tar # Extract
tar -czvf archive.tar.gz files/ # Create gzipped
tar -xzvf archive.tar.gz # Extract gzipped
tar -tf archive.tar # List contents
# Zip
zip archive.zip files
zip -r archive.zip directory/
unzip archive.zip
unzip -l archive.zip # List contents
# Gzip
gzip file.txt # Compress
gunzip file.txt.gz # Decompress
# 7z
7z x archive.7z # ExtractFinding Files
# Find command
find / -name "filename"
find / -name "*.txt"
find / -type f -name "*.conf"
find / -type d -name "logs"
find / -user root -type f
find / -perm -4000 # SUID files
find / -writable -type f # Writable files
find / -mtime -7 # Modified in last 7 days
find / -size +100M # Larger than 100MB
find / -name "*.txt" -exec cat {} \;
# Locate (faster, uses database)
locate filename
updatedb # Update locate database
# Which/whereis
which python
whereis pythonPiping and Redirection
# Piping
command1 | command2
cat file.txt | grep pattern | sort | uniq
# Redirection
command > file.txt # Overwrite
command >> file.txt # Append
command 2> errors.txt # Redirect stderr
command &> all.txt # Redirect both
command < input.txt # Input from file
# Tee (output to file and screen)
command | tee file.txt
command | tee -a file.txt # Append
# Null output
command > /dev/null 2>&1Useful One-Liners for Pentesting
# Find passwords in files
grep -r "password" /var/www/ 2>/dev/null
# List all users with shell
grep -v nologin /etc/passwd | grep -v false
# Find world-writable files
find / -writable -type f 2>/dev/null
# Check sudo permissions
sudo -l
# Find files modified in last 24 hours
find / -mtime -1 -type f 2>/dev/null
# Extract IPs from file
grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' file.txt
# Simple HTTP server
python3 -m http.server 8080
# Base64 encode/decode
echo "text" | base64
echo "dGV4dAo=" | base64 -d
# Generate password hash
openssl passwd -1 -salt xyz passwordSummary
These commands form the foundation of working in a Linux environment. Practice them regularly until they become second nature. As you progress, you will chain these commands together to perform complex operations and automate your penetration testing workflow.
