HOME | ITSEC | CLI | CHEATSHEETS | HOWTO | WHATSIS | TOOLS | BULLETIN | LINKS | GITHUB | RSS ||

#_JOHLEM.net_

"scientia potentia est" - Sir Francis Bacon

( today: 2023-02-08 / last update: 2023-01-24 18:00:00 CET UTC+1 hour )
updated: added pages: ITSEC & CLI.


[ CLI ]

IN PROGRESS

CLI - Usefull command for IT SECURITY

what usefull netcat command to know:

    Port scanning: nc -v -n -z -w 1  1-65535
    File transfer: nc -l -p  >  (to receive) and nc   <  (to send)
    Remote shell: nc -l -p  -e /bin/bash (to start a listener) and nc   (to connect and get a shell)
    Network sniffing: nc -l -p  | tee 
    Port redirection: nc -l  -c  and nc  
    Chatting: nc -l  (to start a listener) and nc   (to connect and chat)
    Checking a service availability: nc -v  
    HTTP requests: nc   (then type the request and press enter twice)

Note: netcat is a powerful and versatile command-line tool that can be used for a wide range of network-related tasks. The commands listed above are just examples of what you can do with netcat, but it has many more capabilities.

what usefull nmap command to know:

    Port scanning: nmap -sS  (TCP SYN scan) or nmap -sU  (UDP scan)
    OS and version detection: nmap -A 
    Service and version detection: nmap -sV 
    Script scanning: nmap --script  
    Fast scanning: nmap -F 
    Target specification: nmap -iL  or nmap -iR 
    Output formatting: nmap -oN  or nmap -oX 
    Ping scanning: nmap -sn 
    Specifying a port range: nmap -p  
    Updating Nmap scripts: nmap --script-updatedb

Note: Nmap is a powerful and widely used tool for network discovery and security auditing.
The commands listed above are just examples of what you can do with Nmap, but it has many more capabilities.
It's recommended to check the official documentation and tutorials to learn more about its features and usage.

best command to know for oscp:

    Port scanning: nmap -sS -sV -p- -A -T4  (to scan all TCP ports and gather information about the open ports and services, OS and version detection, and script scanning)
    Enumeration: enum4linux  (to gather information about SMB shares, users, and groups)
    Password cracking: hydra -l  -P   ssh (to crack SSH login credentials) or john --wordlist=  (to crack password hashes)
    Exploitation: msfconsole (to use Metasploit Framework)
    Privilege escalation: linenum.sh (to gather information about the system and possible privilege escalation vectors) or searchsploit  (to search for known exploits)
    Post-exploitation: netstat -anp (to gather information about open connections and running processes) or ps aux (to gather information about running processes)
    Lateral Movement: smbclient -L  (to list shares on a remote host) or psexec  -u  -p  (to execute commands on a remote Windows host)
    Exfiltration: nc -nvlp  (to start a listener for incoming data) or nc   <  (to send files)

Note: OSCP (Offensive Security Certified Professional) is a certification program that focus on hands-on penetration testing and the ability to think and act like a real-world attacker.
These commands are not specific to the OSCP exam, but they are commonly used in penetration testing and can be useful to know for the OSCP certification.

best command to know for osint:

    Google dorking: site:  (to search for specific information on a website)
    Social media scraping: python3  -u  (to gather information from social media)
    Reverse image search: googleimagesdownload -k  -l  (to find related images)
    Email enumeration: theHarvester -d  -b  (to gather email addresses associated with a domain)
    IP address lookup: whois  (to gather information about the ownership and location of an IP address)
    DNS lookup: nslookup  (to find the IP address associated with a domain name)
    Website reconnaissance: nikto -host  (to scan for vulnerabilities on a website)
    Metadata extraction: exiftool  (to extract metadata from files)
    Phone number reconnaissance: python3   (to gather information about a phone number)
    OSINT browser plugin: osint-browser-extension (to help finding information in the browser)

Note: OSINT (Open-Source Intelligence) is the process of collecting, analyzing, and disseminating information that is freely available to the public.
The commands listed above are just examples of what you can do with OSINT, but it has many more capabilities.
It's recommended to check the official documentation and tutorials to learn more about its features and usage.

best command to know for forensics linux:

    Disk imaging: dd if=/dev/sda of=image.dd bs=4096 conv=noerror,sync (to create a bit-by-bit copy of a storage device)
    File carving: foremost -t  -i  (to extract files from a disk image)
    Hash calculation: md5sum  or sha256sum  (to calculate the hash of a file)
    File system analysis: fsstat  or fls  (to gather information about a file system)
    Memory analysis: volatility -f  --profile=  (to analyze a memory dump using the Volatility Framework)
    Timeline analysis: mactime -b  -d  -f  (to create a timeline of file system events)
    Network analysis: tshark -r  -Y  (to analyze a packet capture using Wireshark)
    File metadata analysis: exiftool  (to extract metadata from files)
    Keyword search: grep -r   (to search for a keyword in a directory)
    Steganography analysis: steghide extract -sf  -p  (to extract hidden data from a file using steghide)

Note: Forensics is the process of collecting, analyzing, and preserving digital evidence. These commands are useful for analyzing forensic images, extracting data, and collecting information about a system. 
It's important to note that forensic analysis should be done on a duplicate copy of the evidence and by following the proper procedures to maintain the integrity of the evidence.

best command to know for forensics windows:

    Disk imaging: dd if=\\.\PhysicalDrive0 of=image.dd bs=4096 conv=noerror,sync (to create a bit-by-bit copy of a storage device)
    File carving: fiwalk -f  (to extract files from a disk image)
    Hash calculation: fciv -md5  or fciv -sha1  (to calculate the hash of a file)
    File system analysis: fls -m \ -r -f ntfs  or icat -f ntfs   (to gather information about a file system)
    Memory analysis: volatility -f  --profile=  (to analyze a memory dump using the Volatility Framework)
    Timeline analysis: log2timeline.py -z  -f   (to create a timeline of system events)
    Network analysis: wireshark -r  -Y  (to analyze a packet capture using Wireshark)
    File metadata analysis: exiftool  (to extract metadata from files)
    Keyword search: findstr /S  :\ (to search for a keyword in a drive)
    Steganography analysis: stegdetect -a  (to detect hidden data in a file using stegdetect)

Note: Forensics is the process of collecting, analyzing, and preserving digital evidence. 
These commands are useful for analyzing forensic images, extracting data, and collecting information about a system in a Windows environment. 
It's important to note that forensic analysis should be done on a duplicate copy of the evidence and by following the proper procedures to maintain the integrity of the evidence.

best linux command to monitor process running :

    top: is a real-time process monitoring command that shows the current status of all running processes, including their process IDs, CPU and memory usage, and running time.

    htop: is an enhanced version of the top command that provides more information and options for process monitoring, such as detailed process information, process tree visualization, and the ability to interact with processes directly from the command line.

    ps: is a command that displays information about the currently running processes, including their process IDs, parent process IDs, and command names. The ps aux command provides a detailed view of all processes running on the system, including those running as other users.

    pstree: is a command that displays the hierarchical relationship between processes in a tree-like format. This can be useful for understanding how processes are related and identifying potential issues or dependencies.

    lsof: is a command that lists all open files on a system and the processes that have them open. This can be useful for identifying which processes are accessing specific files or network connections.

    pgrep and pkill: are commands that can search for and signal processes based on their names. pgrep command will show the process id of the matching process, pkill command will be able to send signals to them.

    pidstat: is a command that provides detailed statistics about processes, including CPU, memory, and disk usage. This can be useful for identifying performance issues or resource constraints caused by specific processes.

These commands are just examples of what you can do to monitor processes running on a Linux system. Depending on the specific use case, other commands or tools may be more appropriate.

best linux command line to audit a website:

    curl: is a command that allows you to send HTTP requests and receive the response from a website. The curl -I  command can be used to retrieve the headers of a website and check the status code, content type, and other metadata.

    wget: is a command that allows you to download files from the internet. The wget -r -np  command can be used to download all files from a website recursively while ignoring parent directories.

    nmap: is a command that can be used to scan a website for open ports and services, and gather information about the web server and operating system. The nmap -sS -sV -p- -A -T4  command can be used to perform a full TCP port scan, service version detection, OS detection and script scanning.

    nikto: is a command that can be used to scan a website for vulnerabilities. The nikto -host  command can be used to scan a website for known vulnerabilities and misconfigurations.

    sqlmap: is a command that can be used to test for SQL injection vulnerabilities. The sqlmap -u  --dbs command can be used to enumerate the databases on a website and sqlmap -u  -D  --tables command can be used to enumerate the tables on a website.

    sslscan: is a command that can be used to check the SSL/TLS configuration of a website. The sslscan  command can be used to check the SSL/TLS configuration of a website and check if it has any vulnerabilities.

    gobuster: is a command that can be used to perform a directory brute force attack on a website

best linux command to audit a server:

    uname: is a command that displays information about the current system, such as the operating system name, version, and kernel version.

    cat /etc/*-release: is a command that displays information about the distribution and version of the system.

    lsb_release -a: is a command that displays detailed information about the Linux distribution and version.

    cat /proc/version: is a command that displays the version of the Linux kernel.

    cat /etc/passwd: is a command that displays the list of all users on the system, including system users and regular users.

    cat /etc/shadow: is a command that displays the hashed password of all users on the system, which can be useful for identifying users with weak passwords.

    lastlog: is a command that displays the last login time and IP address of all users on the system.

    netstat -tulnp: is a command that displays all open network connections, including the process name, IP address, and port.

    df -h: is a command that displays the disk usage of all file systems, including the total size, used space, and available space.

    lsof: is a command that lists all open files on a system and the processes that have them open, which can be useful for identifying open network connections or open files on the system.

These commands are just examples of what you can do to audit a Linux server. Depending on the specific use case, other commands or tools may be more appropriate. it's important to note that a complete server audit should be done by following a standard methodology and

best command to monitor network on linux:

    ifconfig: is a command that displays information about network interfaces on the system, including IP addresses, netmasks, and statistics about the number of packets sent and received.

    ip addr show: is a command that shows information about all configured network interfaces, including their IP addresses, netmasks, and status.

    route -n: is a command that shows the routing table, including the default gateway and the IP addresses of the next hop for each route.

    arp -a: is a command that shows the ARP cache, which is used to map IP addresses to MAC addresses on the local network.

    netstat -tulnp: is a command that shows all open network connections, including the process name, IP address, and port.

    tcpdump: is a command that captures and analyzes network traffic. The tcpdump -i  -w  command can be used to capture network traffic to a file for later analysis.

    nmap: is a command that can be used to scan a network for open ports and services, and gather information about the hosts. The nmap -sS -sV -p- -A -T4  command can be used to perform a full TCP port scan, service version detection, OS detection and script scanning.

    iftop: is a command that shows the bandwidth usage of each network connection, in real-time.

    mtr: is a command that combines the functionality of the ping and traceroute command, it shows the real-time network statistics and the path of packets to a host.

    vnstat: is a

Most usefull command for web scraping:

    curl: is a command line tool that allows you to send HTTP requests and receive the response from a website. The curl  command can be used to retrieve the HTML content of a website and save it to a file.

    wget: is a command line tool that allows you to download files from the internet. The wget  command can be used to download a webpage and save it to a file.

    grep: is a command line tool that allows you to search for patterns in text. The grep   command can be used to search for a specific pattern in the HTML content of a webpage.

    sed: is a command line tool that allows you to manipulate text. The sed 's///g'  command can be used to replace a specific pattern in the HTML content of a webpage.

    awk: is a command line tool that allows you to manipulate and process text files. The awk '{print $1}'  command can be used to extract specific fields from the HTML content of a webpage.

    xpath: is a command line tool that allows you to extract specific elements from an XML or HTML document using an XPath query. The xpath  '' command can be used to extract specific elements from the HTML content of a webpage.

    beautifulsoup and lxml: are python libraries that can be used to parse and extract data from HTML and XML documents. They provide a convenient way to navigate and search the structure of the documents.

    scrapy: is an open-source and collaborative web crawling framework for Python. It can be used to extract data from websites.

These commands and tools are just examples of what you can do to scrape web pages. Depending on the specific use case, other commands or tools may be more appropriate. Also note that web scraping can be considered illegal or unethical in certain situations and it's important to check the terms of use of the website and get consent before scraping.

most usefull SED command:

    sed 's///g' : This command is used to replace all occurrences of a specific pattern in the input file with a new pattern. The s flag is used to indicate a substitution, the g flag is used to indicate that the substitution should be applied globally (to all occurrences of the pattern).

    sed '1,10d' : This command is used to delete the first 10 lines of the input file. The d flag is used to indicate a deletion, and the range 1,10 specifies that the deletion should be applied to the first 10 lines of the file.

    sed -n '10p' : This command is used to print only the 10th line of the input file. The -n flag is used to suppress the default output of sed, and the 10p flag is used to indicate that the 10th line should be printed.

    sed 's/^#.*//g' : This command is used to remove all comments from a file. Comments are usually lines that start with a # symbol, the ^# pattern matches only lines that start with # and .* matches all characters after #.

    sed 's/[ \t]*$//' : This command is used to remove trailing whitespace (spaces or tabs) from the end of each line in the input file. The [ \t]*$ pattern matches any number of spaces or tabs at the end of a line and the // is used to delete that.

    sed '1i\This is the first line.' : This command is used to insert a line before the first line of the input file. The 1i flag is used to indicate that the insertion should be applied to the first line, and the text following the flag is the line to be inserted.

    sed -n '//p' : This command is used to print only the lines that match a specific pattern in the input file. The -n flag is used to suppress the default output of sed, and the `/

most usefull regex command:

    grep  : This command is used to search for a specific pattern in a file or input. The grep command searches for the pattern in the input, and prints all lines that contain the pattern.

    egrep  : This command is similar to grep, but it allows you to use extended regular expressions, which provide more powerful search capabilities. The egrep command searches for the pattern in the input and prints all lines that match the pattern.

    fgrep  : This command is similar to grep, but it searches for a fixed string rather than a regular expression. The fgrep command searches for the pattern in the input and prints all lines that contain the pattern.

    sed 's///g' : This command is used to replace all occurrences of a specific pattern in a file or input with a replacement string. The s flag is used to indicate a substitution, the g flag is used to indicate that the substitution should be applied globally (to all occurrences of the pattern).

    awk '// {print}' : This command is used to print the lines that match a specific pattern in a file or input. The awk command searches for the pattern in the input, and the {print} action is executed for every line that matches the pattern.

    find  -regex : This command is used to find files and directories that match a specific pattern in a specified path. The find command searches for files and directories that match the pattern, and prints the names of the files and directories that match the pattern.

    `perl

Most usefull find command:

    find  -name : This command is used to search for files and directories that match a specific pattern in a specified path. The find command searches for files and directories that match the pattern, and prints the names of the files and directories that match the pattern.

    find  -type : This command is used to search for files or directories of a specific type in a specified path. The -type flag can be set to f for files or d for directories.

    find  -size <+|->[c|k|M|G]: This command is used to search for files that are larger or smaller than a specific size in a specified path. The -size flag is used to specify the size and the + or - sign is used to indicate whether to search for files larger or smaller than the specified size.

    find  -mtime <+|->: This command is used to search for files that were modified within a specific number of days in a specified path. The -mtime flag is used to specify the number of days and the + or - sign is used to indicate whether to search for files modified within the specified number of days or outside of it.

    find  -user : This command is used to search for files and directories owned by a specific user in a specified path. The -user flag is used to specify the username of the owner.

    find  -perm  : This command is used to search for files and directories that have specific permissions in a specified path. The -perm flag is used to specify the permissions in octal mode.

    find  -exec  {} \; :

Search command under windows cli:

The dir command is a built-in command in Windows that can be used as an alternative to the find command.
It allows you to search for files and directories in a specified path. Some of the most useful options for the dir command are:

    dir  /s : This command is used to search for files and directories in a specified path and all subdirectories. The /s flag is used to search subdirectories.

    dir  /b : This command is used to display the names of the files and directories in a specified path in bare format, that is, without any additional information.

    dir  /A: : This command is used to search for files and directories with specific attributes in a specified path. The /A flag is used to specify the attributes, and the attribute can be set to D for directories, H for hidden files, R for read-only files, S for system files, and A for files with the archive attribute set.

    dir  /O: : This command is used to sort the files and directories by a specific criteria in a specified path. The /O flag is used to specify the sort order, and the order can be set to N for name, S for size, D for date, and E for extension.

    dir  /P : This command is used to display the files and directories in a specified path one page at