| pwd | Prints the current working directory. | pwd |
| ls | Lists the files and directories in the current directory. | ls |
| cd | Changes the current directory. | cd /home/user/ |
| cat | Displays the contents of a file. | cat filename.txt |
| touch | Creates a new empty file. | touch filename.txt |
| mv | Moves a file or directory. | mv filename.txt /home/user/ |
| cp | Copies a file or directory. | cp filename.txt /home/user/ |
| rm | Deletes a file or directory. | rm filename.txt |
| mkdir | Creates a new directory. | mkdir newdirectory |
| rmdir | Deletes an empty directory. | rmdir directoryname |
| chmod | Changes the permissions of a file or directory. | chmod 777 filename.txt |
| chown | Changes the owner of a file or directory. | chown user:group filename.txt |
| ps | Displays the running processes. | ps |
| top | Displays the system's processes in real-time. | top |
| kill | Terminates a process. | kill PID |
| ping | Tests the connectivity between two hosts. | ping google.com |
| netstat | Displays the network connections. | netstat -a |
| ifconfig | Displays the network interfaces and their configurations. | ifconfig |
| iwconfig | Displays the wireless network interfaces and their configurations. | iwconfig |
| tcpdump | Captures network traffic. | tcpdump |
| nmap | Scans a network and identifies hosts and open ports. | nmap -sS 192.168.1.1 |
| dig | Retrieves DNS information. | dig google.com |
| whois | Retrieves domain registration information. | whois google.com |
| wget | Downloads a file from the Internet. | wget https://example.com/file.zip |
| curl | Transfers data from or to a server. | curl https://example.com/ |
| scp | Copies files securely over SSH. | scp filename.txt user@remotehost:/home/user/ |
| ssh | Connects to a remote host securely. | ssh user@remotehost |
| grep | Searches for a string in a file. | grep "searchstring" filename.txt |
| find | Searches for files and directories. | find / -name filename.txt |
| tar | Archives files and directories. | tar -cvf archive.tar filename.txt |
| unzip | Extracts files from a zip archive. | unzip archive.zip |
| sed | Edits a file. | sed 's/search/replace/g' filename.txt |
| awk | Processes text files. | awk '{print $1}' filename.txt |
| diff | Compares two files. | diff file1.txt file2.txt |
| tee | Redirects output to a file and the screen. | command |
| date | Displays the system date and time. | date |
| cal | Displays a calendar. | cal |
| uptime | Displays the system's uptime. | uptime |
| free | Displays the system's memory usage. | free |
| df | Displays the disk usage. | df |
| du | Displays the disk usage of files and directories. | du -h filename.txt |
| history | Displays the command history. | history |
| man | Displays the manual pages of a command. | man ls |
| ssh-keygen | Generates an SSH key pair. | ssh-keygen |
| ssh-copy-id | Copies the public key to a remote host. | ssh-copy-id user@remotehost |
| openssl | Manages digital certificates and encryption. | openssl genrsa -out key.pem 2048 |
| iptraf | Monitors network traffic in real-time. | iptraf |
| iptables | Manages firewall rules. | iptables -L |
| nc | Sends and receives data over a network connection. | nc google.com 80 |
| socat | Transfers data between two connections. | socat TCP4-LISTEN:8000,fork TCP4:google.com:80 |
| strace | Traces the system calls of a process. | strace ls |
| ltrace | Traces the library calls of a process. | ltrace ls |
| gdb | Debugs a program. | gdb program |
| file | Determines the file type. | file filename |
| hexdump | Displays the hexadecimal representation of a file. | hexdump -C filename |
| base64 | Encodes or decodes base64 data. | base64 filename |
| ncat | A modern version of netcat with additional features. | ncat google.com 80 |
| ss | Displays network connections in a more detailed format. | ss -tunapl |
| ngrep | Filters network traffic by regular expressions. | ngrep -i "searchstring" |
| hping3 | Sends custom packets to a network host. | hping3 google.com -S -p 80 |
| tcpflow | Captures and reassembles TCP streams. | tcpflow -c -i eth0 |
| tcpreplay | Replays network traffic from a pcap file. | tcpreplay -i eth0 traffic.pcap |
| tshark | Captures and analyzes network traffic in real-time. | tshark -i eth0 |
| ettercap | Sniffs network traffic and performs MITM attacks. | ettercap -T -M arp:remote /192.168.1.1/ /192.168.1.2/ |
| aircrack-ng | Cracks WEP and WPA/WPA2 keys. | aircrack-ng capture.cap |
| hydra | Performs password attacks on remote services. | hydra -l username -P passwordlist.txt ssh://remotehost |
| john | A password cracker for Unix/Linux. | john --wordlist=passwordlist.txt hashfile.txt |
| hashcat | A password cracker for a variety of hash types. | hashcat -m 0 -a 0 hashfile.txt passwordlist.txt |
| sqlmap | Automates SQL injection attacks. | sqlmap -u "http://example.com/page.php?id=1" |
| nikto | Scans web servers for vulnerabilities. | nikto -h example.com |
| dirb | Scans web servers for directories and files. | dirb http://example.com/ |
| wpscan | Scans WordPress sites for vulnerabilities. | wpscan --url example.com |
| sslscan | Scans SSL/TLS servers for vulnerabilities. | sslscan example.com:443 |
| stunnel | Wraps an unsecured connection in SSL/TLS. | stunnel -c -d 127.0.0.1:8080 -r example.com:80 |
| lynx | A text-based web browser. | lynx http://example.com |
| nslookup | Queries DNS servers for information. | nslookup example.com |
| host | Resolves IP addresses to hostnames and vice versa. | host example.com |
| traceroute | Determines the path of network packets. | traceroute example.com |
| mtr | Combines ping and traceroute functionality. | mtr example.com |
| masscan | Scans large networks for open ports and services. | masscan 10.0.0.0/8 -p 80,443 |
| snmpwalk | Retrieves information from SNMP-enabled devices. | snmpwalk -v2c -c public example.com |
| smbclient | Connects to SMB/CIFS file shares. | smbclient //example.com/share -U username |
| rpcclient | Connects to RPC services. | rpcclient -U username example.com |
| ftp | Connects to FTP servers. | ftp example.com |
| tftp | Transfers files using the Trivial File Transfer Protocol. | tftp example.com -c get file.txt |
| telnet | Connects to remote hosts using the Telnet protocol. | telnet example.com 23 |
| sftp | Transfers files between hosts over SSH. | sftp user@example.com |
| rsync | Synchronizes files and directories between hosts. | rsync -avz /path/to/source user@example.com:/path/to/destination |
| wc | Counts the number of lines, words, and characters in a file. | wc -l file.txt |
| cut | Extracts columns from files. | cut -f 1,3 -d ":" file.txt |
| head | Displays the first few lines of a file. | head file.txt |
| tail | Displays the last few lines of a file. | tail file.txt |
| less | Displays the contents of a file one page at a time. | less file.txt |
| more | Displays the contents of a file one page at a time. | more file.txt |
| patch | Applies patches to files. | patch -p0 < patchfile |
| gunzip | Decompresses files compressed with gzip. | gunzip file.gz |
| bzip2 | Compresses files using the bzip2 algorithm. | bzip2 file.txt |
| bunzip2 | Decompresses files compressed with bzip2. | bunzip2 file.bz2 |
| zip | Archives and compresses files and directories using the ZIP format. | zip archive.zip file.txt |
| dd | Copies data between files, disks, and partitions. | dd if=/dev/zero of=/dev/sda bs=1M count=10 |
| parted | Manages disk partitions. | parted /dev/sda |
| fdisk | Another utility to manage disk partitions. | fdisk /dev/sda |
| mount | Mounts file systems. | mount /dev/sda1 /mnt |
| umount | Unmounts file systems. | umount /mnt |
| lsblk | Lists information about available block devices. | lsblk |
| blkid | Lists information about available block devices. | blkid |
| lsof | Lists open files and the processes that have them open. | lsof file.txt |
| htop | An alternative to top with more features and interactivity. | htop |
| wireshark | A GUI-based network traffic analyzer. | wireshark |
| netcat | Transfers data over TCP and UDP connections. | netcat example.com 80 |
| medusa | Another tool for brute-forcing passwords. | medusa -u username -P /path/to/wordlist -h example.com -M http |
| ncrack | A tool for brute-forcing network services. | ncrack -p 22 example.com |
| metasploit | A framework for developing and executing exploits. | msfconsole |
| arpspoof | Spoofs ARP packets to redirect network traffic. | arpspoof -i eth0 -t targetip gatewayip |
| fcrackzip | A tool for cracking password-protected ZIP archives. | fcrackzip -u -D -p /path/to/wordlist.zip file.zip |
| tcp_wrappers | Controls access to network services based on IP addresses and domain names. | /etc/hosts.allow |
| screen | A terminal multiplexer that allows multiple sessions in a single window. | screen |
| tmux | Another terminal multiplexer with more features than screen. | tmux |
| sort | Sorts lines in text files. | sort file.txt |
| uniq | Removes duplicate lines in text files. | uniq file.txt |
| locate | Searches for files and directories using an index of the filesystem. | locate file.txt |
| which | Shows the path of a command. | which grep |
| systemctl | Manages system services on systemd-based Linux distributions. | systemctl start/stop/restart/status service |
| uname | Displays system information, such as the kernel version. | uname -a |
| iftop | Displays network traffic in real-time. | iftop |
| ip | Shows and configures network interfaces and routing. | ip addr |
| route | Shows and configures the system's routing table. | route |
| arp | Displays and modifies the system's ARP cache. | arp |
| echo | Prints text to the terminal. | echo "Hello, world!" |
| watch | Repeatedly runs a command and displays its output. | watch -n 1 ls -l |
| sleep | Suspends execution for a specified amount of time. | sleep 10 |
| exit | Terminates the current shell session. | exit |
| netdiscover | A tool for discovering hosts on a network. | netdiscover -i eth0 |
| arp-scan | A tool for scanning for live hosts on a network. | arp-scan --interface=eth0 --localnet |
| enum4linux | A tool for enumerating information from Windows and Samba systems. | enum4linux -a target |
| wfuzz | A tool for fuzzing web applications. | wfuzz -c -w wordlist.txt http://target/FUZZ |
| burp | A web application security testing tool. | burpsuite |
| dnsenum | A tool for enumerating DNS information. | dnsenum target |
| fierce | A tool for DNS reconnaissance. | fierce -dns target |
| theharvester | A tool for gathering email accounts, subdomains, and hosts. | theharvester -d target -l 500 -b google |
| exploitdb | A database of exploits and vulnerable software. | searchsploit |
| metagoofil | A tool for extracting metadata from public documents. | metagoofil -d target -t pdf -l 200 -n 50 |
| exiftool | A tool for reading and writing metadata in image files. | exiftool image.jpg |
| steghide | A tool for hiding data in image and audio files. | steghide embed -cf image.jpg -ef secret.txt |
| volatility | A tool for analyzing memory dumps. | volatility -f memory.dump imageinfo |
| dnsrecon | A tool for performing DNS reconnaissance. | dnsrecon -d target |
| gobuster | A tool for brute-forcing URIs and directories. | gobuster dir -u http://target -w wordlist.txt |
| joomscan | A tool for scanning Joomla! websites for vulnerabilities. | joomscan -u target |
| dirbuster | A tool for brute-forcing URIs and directories. | dirbuster -u http://target -w wordlist.txt |
| zaproxy | An open-source web application security scanner. | zap.sh |
| pwdump | A tool for dumping Windows passwords from the SAM database. | pwdump SYSTEM SAM |
| mimikatz | A tool for dumping Windows credentials from memory. | mimikatz.exe "sekurlsa::logonpasswords" |
| psexec | A tool for executing commands on remote Windows systems. | psexec target cmd.exe |
| smtp-user-enum | A tool for enumerating email accounts on a mail server. | smtp-user-enum -M VRFY -U users.txt -t target |
| johntheripper | A password-cracking tool. | john --wordlist=passwords.txt hashfile |
| hashid | A tool for identifying the type of a hash. | hashid hash |
| hash-identifier | A tool for identifying the type of a hash. | hash-identifier hash |
| hashcat-utils | A set of utilities for working with hash files. | hcat_hashes.sh hashfile |
| crunch | A tool for generating wordlists. | crunch 8 8 -t @@@@@@@@ |
| ophcrack | A tool for cracking Windows passwords. | ophcrack |
| bkhive | A tool for extracting Windows registry hives. | bkhive SYSTEM registry-hive |
| samdump2 | A tool for dumping Windows password hashes. | samdump2 SYSTEM SAM |
| wce | A tool for dumping Windows credentials from memory. | wce |
| wmiexec | A tool for executing commands on remote Windows systems using WMI. | wmiexec.py user:password@target "command" |
| winexe | A tool for executing commands on remote Windows systems using SMB. | winexe -U user%password //target "command" |
| mitmproxy | A tool for intercepting and modifying HTTP/HTTPS traffic. | mitmproxy |
| sslstrip | A tool for stripping SSL/TLS encryption from HTTPS traffic. | sslstrip -l 8080 |
| dnswalk | A tool for DNS reconnaissance. | dnswalk -r target |
| recon-ng | A tool for reconnaissance and information gathering. | recon-ng |
