60+ Vital Linux Commands Every Cybersecurity Analyst Should Master

No Command Description Example

Connects to a remote ssh user@hostname connects to the remote

1 ssh
machine via SSH. machine hostname as user.

ls -l lists files in long format, showing permissions,

2 ls Lists directory contents.
owner, size, and modification date.

Prints the current working

3 pwd pwd displays the full path of the current directory.
directory.

Changes the current cd /home/user changes the directory to

4 cd
directory. /home/user.

Creates an empty file or

touch newfile.txt creates an empty file named
5 touch updates the timestamp of
newfile.txt.
an existing file.

Displays a line of text or a echo "Hello, World!" prints Hello, World!

6 echo
variable value. to the terminal.

nano file.txt opens file.txt in the Nano

7 nano Open the Nano text editor.
editor.

8 vim Open the Vim text editor. vim file.txt opens file.txt in the Vim editor.

@AdSecVN FB: AdSecVN @QuantriBaomat

 Concatenates and displays
9 cat cat file.txt displays the content of file.txt.
file content.

Overwrites a file to hide its

shred -u file.txt overwrites and deletes
10 shred contents and optionally
file.txt.
deletes it.

11 mkdir Creates a new directory. mkdir newdir creates a directory named newdir.

cp file1.txt file2.txt copies file1.txt to

12 cp Copies files or directories.
file2.txt.

13 rm Removes files or directories. rm file.txt deletes file.txt.

Removes an empty rmdir olddir removes the empty directory

14 rmdir
directory. olddir.

Creates hard and symbolic ln -s target linkname creates a symbolic link

15 ln
links. named linkname pointing to target.

16 clear Clears the terminal screen. clear clears the terminal display.

Displays the current

17 whoami whoami shows the username of the current user.
logged-in user.

sudo useradd newuser adds a new user named

18 useradd Adds a new user.
newuser.

Executes a command as
sudo apt-get update runs the apt-get
19 sudo another user, typically the
update command with superuser privileges.
superuser.

@AdSecVN FB: AdSecVN @QuantriBaomat

 Adds a new user with a sudo adduser newuser interactively adds a new
20 adduser
more interactive interface. user named newuser.

Switch to another user

21 su su - user switches to the user account.
account.

Exits the current shell or

22 exit exit logs out of the current session.
session.

passwd prompts to change the current user's

23 passwd Changes a user's password.
password.

Manages packages on sudo apt install package installs the specified

24 apt
Debian-based systems. package.

Displays information about

25 finger finger user shows details about user.
system users.

Displays the manual page

26 man man ls shows the manual for the ls command.
for a command.

Displays a brief description whatis ls provides a short description of the ls

27 whatis
of a command. command.

Transfers data from or to a curl -O http://example.com/file.txt

28 curl
server. downloads file.txt from the specified URL.

Compresses files into a zip zip archive.zip file1 file2 compresses

29 zip
archive. file1 and file2 into archive.zip.

Extracts files from a zip unzip archive.zip extracts files from

30 unzip
archive. archive.zip.

@AdSecVN FB: AdSecVN @QuantriBaomat

 Views file content one less file.txt displays file.txt content one
31 less
screen at a time. screen at a time.

Displays the first part of a head -n 10 file.txt shows the first 10 lines of
32 head
file. file.txt.

Displays the last part of a tail -n 10 file.txt shows the last 10 lines of
33 tail
file. file.txt.

Compare two files byte by

34 cmp cmp file1 file2 compares file1 and file2.
byte.

diff file1 file2 shows the differences between

35 diff Compares files line by line.
file1 and file2.

36 sort Sorts lines of text files. sort file.txt sorts the lines in file.txt.

Searches for files in a find /home -name "*.txt" finds all .txt files in
37 find
directory hierarchy. the /home directory.

chmod 755 script.sh sets the permissions of

38 chmod Changes file permissions.
script.sh to rwxr-xr-x.

Changes file owner and chown user:group file.txt changes the owner
39 chown
group. and group of file.txt to user and group.

Configures network ifconfig eth0 displays the configuration of the

40 ifconfig
interfaces. eth0 interface.

Displays IP addresses and ip address show shows all IP addresses and

41 ip address
interfaces. network interfaces.

@AdSecVN FB: AdSecVN @QuantriBaomat

 Searches for patterns in grep "pattern" file.txt searches for "pattern"
42 grep
files. in file.txt.

A programming language for

awk '{print $1}' file.txt prints the first field
43 awk pattern scanning and
of each line in file.txt.
processing.

resolvectl Shows the current DNS resolvectl status displays the DNS
44
status settings. configuration and status.

Sends ICMP
ping google.com sends ping requests to
45 ping ECHO_REQUEST packets to
google.com.
network hosts.

Displays network
netstat -tuln shows listening ports and their
46 netstat connections, routing tables,
status.
and interface statistics.

ss -tuln shows listening sockets.

47 ss Displays socket statistics. ss -l4p displays all listening IPv4 sockets along
with the associated processes

Configures packet filtering

48 iptables sudo iptables -L lists all current iptables rules.
rules.

Manages firewall with

49 ufw sudo ufw enable enables the firewall.
Uncomplicated Firewall.

50 uname Prints system information. uname -a displays all system information.

Displays system information neofetch shows system information in a visually

51 neofetch
with an aesthetic layout. appealing format.

52 cal Displays a calendar. cal shows the current month's calendar.

@AdSecVN FB: AdSecVN @QuantriBaomat

 free -h shows memory usage in a human-readable
53 free Displays memory usage.
format.

Displays disk space usage df -h shows disk space usage in a human-readable

54 df
of file systems. format.

Displays information about ps aux shows detailed information about all running
55 ps
active processes. processes.

Displays real-time system top shows real-time processes and system resource
56 top
resource usage. usage.

An interactive process htop provides an interactive view of system

57 htop
viewer. processes.

Terminates a process by
58 kill kill 1234 terminates the process with PID 1234.
PID.

Terminates processes by pkill firefox terminates all processes named

59 pkill
name. firefox.

systemctl status nginx shows the status of the

60 systemctl Manages systemd services.
nginx service.

Displays the command history shows the list of previously executed

61 history
history. commands.

62 reboot Reboots the system. sudo reboot restarts the system.

Shuts down or reboots the sudo shutdown -h now shuts down the system
63 shutdown
system. immediately.

@AdSecVN FB: AdSecVN @QuantriBaomat

 Traces the route packets traceroute google.com shows the route to
64 traceroute
take to a network host. google.com.

dig example.com retrieves DNS information for

65 dig Queries DNS servers.
example.com.

host example.com shows the IP address of

66 host Performs DNS lookups.
example.com.

Displays and modifies the

67 arp arp -a shows the current ARP table.
ARP table.

Configures wireless network iwconfig wlan0 shows the configuration of the

68 iwconfig
interfaces. wlan0 wireless interface.

Displays or sets the

69 hostname hostname shows the current hostname.
system's hostname.

Queries the WHOIS

whois example.com retrieves WHOIS information
70 whois database for domain
for example.com.
information.

@AdSecVN FB: AdSecVN @QuantriBaomat