Linux basics

Hacking tools

293 Hacking tools Linux command examples grouped into 42 practical sections.

Categories

Browse grouped command cards or search directly below.

Hacking tools commands

找到 293 条

Directory listing

185 commands

aa-notify

Display and monitor AppArmor denial notifications

aa-notify --since-last
Details

airdecap-ng

Decrypt WEP and WPA/WPA2 encrypted capture files

airdecap-ng -w [hex_key] [capture.cap]
Details

airserv-ng

Wireless card server for remote access over TCP/IP

sudo airserv-ng -d [wlan0mon] -c [6] -p [666]
Details

amap

Identify application protocols on network ports

amap -b [192.168.1.1] [80]
Details

apkeep

Download APKs from app stores

apkeep -a [com.example.app] .
Details

apkleaks

Scan APKs for hardcoded secrets and keys

apkleaks -f [app.apk]
Details

attr

Manipulate extended attributes on filesystem objects

attr -s [attribute_name] -V [value] [path/to/file]
Details

auggie

AI-powered agentic coding CLI from Augment Code

auggie
Details

authelia

Authentication and authorization server with multi-factor support

authelia validate-config --config [config.yml]
Details

autorecon

Automated multi-threaded network reconnaissance

sudo autorecon 192.168.1.1
Details

aws-acm-pca

Manage private certificate authorities and certificates

aws acm-pca create-certificate-authority --certificate-authority-configuration [file://config.json] --certificate-authority-type ROOT
Details

aws-cloudtrail

Track and audit API activity across cloud services.

aws cloudtrail lookup-events --lookup-attributes AttributeKey=Username,AttributeValue=[user@example.com]
Details

aws-sts

Request temporary security credentials and verify identity.

aws sts get-caller-identity
Details

aws-vault

Securely store and access AWS credentials in the system keychain.

aws-vault add [profile-name]
Details

b2sum

Compute and verify BLAKE2 cryptographic checksums.

b2sum [file]
Details

beef

Browser exploitation framework for penetration testing

beef-xss
Details

bettercap

Network attack and monitoring framework

bettercap -iface [eth0]
Details

boltctl

Manage Thunderbolt device authorization

boltctl
Details

boltd

Thunderbolt device management daemon

boltd
Details

bun-pm-trust

Manage trusted dependencies in Bun projects

bun pm trust [package1] [package2]
Details

caddy

Web server with automatic HTTPS

caddy run
Details

capabilities

Linux process privilege capabilities system

getcap [/path/to/binary]
Details

cariddi

crawl URLs for endpoints, secrets, and sensitive data

cat [domains.txt] | cariddi
Details

chage

change user password expiry information

chage -l username
Details

chattr

change file attributes on Linux filesystems

sudo chattr +i path/to/file
Details

chcon

change SELinux security context of files

ls -lZ path/to/file
Details

checkov

static analysis for infrastructure as code

checkov -d [path/to/directory]
Details

chmod

change file access permissions

chmod +x [script.sh]
Details

cifs.idmap

Translate Windows SIDs to Linux UIDs/GIDs for CIFS mounts

cifs.idmap --help
Details

cifscreds

Manage CIFS mount credentials in the kernel keyring

cifscreds add [server_hostname]
Details

cntlm

NTLM/NTLMv2 authenticating HTTP proxy

cntlm -c [/etc/cntlm.conf]
Details

File inspection

114 commands

aa-cleanprof

Clean AppArmor profiles by removing redundant rules

sudo aa-cleanprof [profile_name]
Details

aa-disable

Disable AppArmor security profiles

sudo aa-disable [path/to/profile]
Details

aa-enforce

Set AppArmor profiles to enforce mode

sudo aa-enforce [path/to/profile]
Details

aa-genprof

Generate AppArmor profiles by monitoring program behavior

sudo aa-genprof [/path/to/program]
Details

aircrack-ng

Crack WEP and WPA/WPA2 wireless encryption keys

aircrack-ng -w [wordlist.txt] [capture.cap]
Details

airodump-ng

Capture wireless packets and discover nearby networks

sudo airodump-ng [wlan0mon]
Details

apparmor

Mandatory Access Control framework for confining applications.

sudo aa-status
Details

apparmor_parser

Load, replace, and manage AppArmor security profiles.

sudo apparmor_parser -a [profile_file]
Details

auditd

Linux audit daemon for tracking security-relevant events.

sudo auditd
Details

aws-eks

Manage Amazon Elastic Kubernetes Service clusters

aws eks create-cluster --name [my-cluster] --role-arn [arn:aws:iam::account:role/eks-role] --resources-vpc-config subnetIds=[subnet-1],[subnet-2],securityGroupIds=[sg-123]
Details

az-storage-blob

Manage Azure Blob Storage objects

az storage blob upload -f [/path/to/file] -c [container-name] -n [blob-name] --account-name [account]
Details

besside-ng

Automated WiFi security auditing tool

besside-ng [wlan0mon]
Details

binwalk

Analyze and extract firmware images

binwalk [firmware.bin]
Details

btshowmetainfo

Display metadata from BitTorrent .torrent files

btshowmetainfo [file.torrent]
Details

caligula

Write disk images to USB drives safely

caligula burn [path/to/image.iso]
Details

chcat

change SELinux security categories

sudo chcat -L
Details

chntpw

offline Windows password and registry editor

chntpw -l [path/to/sam_file]
Details

cowpatty

WPA/WPA2 PSK offline auditing tool

cowpatty -f [wordlist.txt] -r [capture.cap] -s [SSID]
Details

dbus-daemon

message bus daemon for inter-process communication

dbus-daemon --config-file [path/to/file]
Details

deno

secure runtime for JavaScript and TypeScript

deno run [script.ts]
Details

dex2jar

Android DEX to JAR file converter

d2j-dex2jar [classes.dex]
Details

dexter

Android DEX file analyzer with call graph generation

dexter -i [classes.dex]
Details

dirac

Efficient AI coding agent CLI

dirac "[describe the task]"
Details

direnv

per-directory environment variable manager

eval "$(direnv hook bash)"
Details

dirsearch

web path brute-force scanner for content discovery

dirsearch -u [https://example.com]
Details

doas

minimal privilege escalation tool

doas [command]
Details

dpkg-deb

Debian archive manipulation tool

dpkg-deb -I [path/to/file.deb]
Details

dumpcap

network packet capture engine

dumpcap -i [eth0] -w [capture.pcapng]
Details

editcap

packet capture file editor and converter

editcap -r [input.pcap] [output.pcap] [1-100]
Details

Text processing

54 commands

aa-teardown

Unload all AppArmor profiles and disable enforcement

sudo aa-teardown
Details

apgbfm

Manage bloom filters for password checking

apgbfm -f [filter.bf] -d [dictionary.txt]
Details

apt-secure

Archive authentication and trust model documentation.

man apt-secure
Details

aws-dynamodb

Manage tables and items in Amazon DynamoDB.

aws dynamodb create-table --table-name [my-table] --attribute-definitions AttributeName=id,AttributeType=S --key-schema AttributeName=id,KeyType=HASH --billing-mode PAY_PER_REQUEST
Details

beef-xss

Browser exploitation framework for penetration testing

beef-xss
Details

bpftool

Inspect and manage eBPF programs and maps.

bpftool prog list
Details

bubblewrap

Unprivileged sandboxing using Linux namespaces

bwrap --ro-bind /usr /usr --symlink usr/lib64 /lib64 --proc /proc --dev /dev --unshare-pid [command]
Details

bundletool-dump

Inspect Android App Bundle contents

bundletool dump manifest --bundle=[app.aab]
Details

certutil

NSS certificate database management

certutil -L -d [~/.pki/nssdb]
Details

clef

standalone Ethereum account manager and transaction signer

clef init
Details

cloudsploit

Open-source cloud security posture management scanner

cloudsploit scan
Details

dcfldd

forensic disk imaging tool with hashing

dcfldd if=[/dev/sda] of=[disk.img]
Details

ettercap

comprehensive suite for network MITM attacks

ettercap -G
Details

faillock

authentication failure tracking and lockout manager

faillock
Details

flask-unsign

Flask session cookie manipulation and cracking

flask-unsign --decode --cookie "[cookie_value]"
Details

gcloud-kms-decrypt

decrypt data using Cloud KMS keys

gcloud kms decrypt --ciphertext-file=[encrypted.enc] --plaintext-file=[decrypted.txt] --key=[key] --keyring=[keyring] --location=[global]
Details

gixy

Nginx configuration security analyzer

gixy [/etc/nginx/nginx.conf]
Details

gksu

Graphical frontend for su with GTK password dialog

gksu -u [userid] [command]
Details

gmssl

Chinese national cryptographic algorithms toolkit

gmssl sm2keygen -pass [password] -out [key.pem]
Details

gpg2

GnuPG 2 encryption and digital signatures

gpg2 --full-generate-key
Details

impacket-getuserspns

finds and requests Kerberos service tickets for user accounts with SPNs

impacket-GetUserSPNs [domain]/[user]:[password] -dc-ip [dc-ip]
Details

keycloak

CLI for Keycloak, an open-source identity and access management

kc.sh start-dev
Details

knock

client component of port knocking

knock [hostname] [port1] [port2] [port3]
Details

librewolf

privacy-focused Firefox fork with enhanced security defaults

librewolf
Details

lua

programming language interpreter

lua
Details

lynis

security auditing tool for Unix-based systems

sudo lynis update info
Details

makeivs-ng

generates IVs files for testing WEP cracking

makeivs-ng -b [00:11:22:33:44:55] -w [key] -o [output.ivs]
Details

Search and filters

42 commands

amass-track

Track changes in external attack surface over time

amass track -d [example.com]
Details

angryoxide

802.11 WiFi attack and penetration testing tool

sudo angryoxide -i [wlan0]
Details

assetfinder

Discover subdomains and related domains

assetfinder [example.com]
Details

az-apim

Manage Azure API Management services

az apim create --name [MyApim] --resource-group [MyResourceGroup] --publisher-email [email@domain.com] --publisher-name [MyCompany] --location [eastus]
Details

bloodhound-python

Collect Active Directory data for BloodHound analysis

bloodhound-python -d [domain.local] -u [username] -p [password] -ns [dc_ip] -c all
Details

borg

Deduplicating backup with compression and encryption

borg init --encryption=[repokey] [/path/to/repo]
Details

checksec

audit security features in ELF binaries

checksec --file=[path/to/binary]
Details

codesign

macOS code signing and verification utility

codesign -s "[Developer ID]" [MyApp.app]
Details

dnsenum

DNS enumeration and reconnaissance tool

dnsenum [domain.com]
Details

easside-ng

automated WEP key recovery tool

sudo easside-ng -f [wlan0] -s [buddy_ip]
Details

fcrackzip

crack password-protected ZIP archives

fcrackzip [-b|--brute-force] [-l|--length] 4-8 [-c|--charset] aA1 [archive]
Details

hashid

python tool that identifies hash types by analyzing their length and character

hashid '[hash]'
Details

impacket-getadusers

Enumerate Active Directory user accounts via LDAP

impacket-getadusers -all '[domain]/[user]:[password]'
Details

impacket-sniff

basic packet capture tool using Impacket's raw socket capabilities

sudo impacket-sniff [eth0]
Details

john

the Ripper, a password security auditing tool

john [hashes.txt]
Details

kure

CLI password manager with sessions

kure add
Details

mpiexec

launches MPI parallel programs

mpiexec -n [4] [program]
Details

newrole

starts a new shell with a different SELinux security context

newrole -r [role_name]
Details

ntpctl

queries the OpenNTPD daemon for synchronization status

ntpctl -s status
Details

ophcrack

windows password cracker that uses rainbow tables to recover passwords from LM

ophcrack -g -d [path/to/tables] -f [hashes.txt]
Details

pam_time

PAM module for time-based access control

account required pam_time.so
Details

phar

manages PHP Archive files, which bundle PHP applications into single

phar add -f [path/to/archive.phar] [files...]
Details

pptp

Establish PPTP VPN tunnel connections

pptp [server] --nolaunchpppd
Details

rar2john

Extract password hashes from RAR archives

rar2john [archive.rar] > [hash.txt]
Details

rbac-lookup

Look up Kubernetes RBAC roles for users

rbac-lookup [user@example.com]
Details

scan-build

Clang static analyzer build integration tool

scan-build make
Details

semgrep

Lightweight static analysis for code security and quality

semgrep scan --config auto
Details

setoolkit

Social engineering penetration testing framework

sudo setoolkit
Details

snmpset

Modify SNMP object values on agents

snmpset -v 2c -c [community] [host] [OID] i [value]
Details

File operations

36 commands

aa-unconfined

Find network-listening processes without AppArmor profiles

sudo aa-unconfined
Details

airbase-ng

Create software-based wireless access points for penetration testing

sudo airbase-ng -e "[FakeSSID]" -c [6] [wlan0mon]
Details

aireplay-ng

Inject packets into wireless networks for security testing

sudo aireplay-ng -0 [5] -a [AP_BSSID] -c [CLIENT_MAC] [wlan0mon]
Details

apptainer-config

Manage Apptainer container platform configuration

sudo apptainer config fakeroot --add [username]
Details

arjun

Discover hidden HTTP parameters in web applications

arjun -u [https://example.com/page]
Details

aws-autoscaling

Automatically scale EC2 instance groups based on demand

aws autoscaling create-auto-scaling-group --auto-scaling-group-name [my-asg] --launch-template LaunchTemplateId=[lt-12345] --min-size [1] --max-size [5] --vpc-zone-identifier "[subnet-abc,subnet-def]"
Details

aws-iot

Manage IoT devices, certificates, and message routing.

aws iot list-things
Details

burp

Web application security testing platform

burpsuite
Details

chainctl

manage Chainguard container images and resources

chainctl auth login
Details

codex

OpenAI terminal-based coding agent

codex
Details

cosign

Container image signing and verification tool

cosign sign [registry/image@sha256:digest]
Details

dillo

lightweight minimalist web browser

dillo
Details

distccd

distcc server daemon for distributed compilation

distccd --daemon
Details

dmitry

information gathering reconnaissance tool

dmitry -w [domain.com]
Details

dnsrecon

comprehensive DNS reconnaissance tool

dnsrecon -d [example.com]
Details

dolt-blame

show the commit, author, and timestamp that last modified each row of a Dolt table

dolt blame [table_name]
Details

evil-winrm

penetration testing shell for WinRM

evil-winrm -i [target_ip] -u [username] -p [password]
Details

findomain

fast cross-platform subdomain enumerator

findomain -t [example.com]
Details

gophish

Open-source phishing simulation framework

./gophish
Details

hashcat

high-performance password recovery tool that uses CPU, GPU, and other hardware

hashcat -m 0 -a 0 [hashes.txt] [wordlist.txt]
Details

jf

JFrog CLI for interacting with JFrog platform services

jf config add
Details

jfrog

Official CLI for the JFrog Platform

jfrog config add [server-id]
Details

metasploit

penetration testing platform for developing, testing, and executing exploits

msfconsole
Details

mktorrent

creates BitTorrent metainfo files

mktorrent -a [http://tracker.example.com/announce] [file]
Details

nc

Read and write arbitrary data across TCP and UDP connections — the network Swiss-army knife

nc -l [8080]
Details

nc_openbsd

OpenBSD rewrite of netcat for TCP/UDP connections and port scanning

nc.openbsd -l [8080]
Details

netcat

versatile networking utility for reading and writing data across TCP and UDP

nc [host] [port]
Details

nmap

Network exploration and security auditing tool

nmap [192.168.1.1]
Details

pkeyutl.1s

Perform low-level public key operations

openssl pkeyutl -sign -rawin -digest sha256 -in [data] -inkey [key.pem] -out [signature]
Details

rcrack

Crack password hashes using rainbow tables

rcrack [path/to/tables] -h [5d41402abc4b2a76b9719d911017c592]
Details

relic

End-to-end encrypted secret manager for developers

relic login
Details

scp

Secure copy files over SSH

scp [path/to/file] [user]@[host]:[path/to/destination]
Details

srm

Secure file deletion with overwriting

srm [file.txt]
Details

sublist3r

Subdomain enumeration using search engines

sublist3r -d [example.com]
Details

zmap

Fast internet-wide network scanner

sudo zmap -p [80] [192.168.1.0/24]
Details

Network diagnostics

28 commands

aa-audit

Set AppArmor profiles to audit mode

sudo aa-audit [profile_name]
Details

aa-complain

Set AppArmor profiles to complain mode

sudo aa-complain [path/to/profile]
Details

arpspoof

Forge ARP replies for man-in-the-middle interception.

sudo arpspoof -i wlan0 host_ip
Details

aws-ec2

Manage virtual servers and networking on Amazon EC2.

aws ec2 run-instances --image-id [ami-0c55b159cbfafe1f0] --instance-type [t2.micro] --key-name [my-key]
Details

aws-iam

Manage identity, access, and permissions for AWS resources.

aws iam create-user --user-name [my-user]
Details

aws-vpc

Manage Virtual Private Cloud networks, subnets, and gateways.

aws ec2 describe-vpcs
Details

az-devops

Manage Azure DevOps organizations and projects

az devops configure --defaults organization=[https://dev.azure.com/contoso] project=[ContosoWebApp]
Details

flarectl

Cloudflare management from the command line

flarectl dns list --zone [example.com]
Details

fossa

dependency license and security scanner

fossa analyze
Details

frida

Dynamic instrumentation toolkit for developers and security researchers

frida [process_name]
Details

gnucash-cli

command-line interface for GnuCash reports and quotes

gnucash-cli --quotes get [file.gnucash]
Details

impacket-ping6

ICMPv6 ping implementation using raw sockets via the Impacket library

impacket-ping6 [2001:db8::1]
Details

ipset

Create and manage IP address sets for firewall rules

ipset create [set_name] hash:ip
Details

kube-linter

analyzes Kubernetes YAML files and Helm charts for security and best practices

kube-linter lint [path/to/manifests]
Details

lastb

same as last, but shows failed login attempts as recorded in /var/log/btmp

sudo lastb
Details

masscan

fastest asynchronous Internet port scanner

sudo masscan [192.168.1.0/24] -p [80]
Details

pip-hash

Compute hash digests of package archives

pip hash [package.whl]
Details

pwn

Exploit development and CTF utilities

pwn asm "xor edi, edi"
Details

snapd

Background service for snap package management

sudo systemctl start snapd
Details

trezorctl

Trezor hardware wallet command-line interface

trezorctl list
Details

Processes and services

16 commands

az-acr

Manage Azure Container Registries

az acr create -n [registry-name] -g [resource-group] --sku [Standard]
Details

az-advisor

View and manage Azure best-practice recommendations

az advisor recommendation list
Details

homectl

manages user accounts and home directories via systemd-homed, a systemd

homectl list
Details

massdns

high-performance DNS stub resolver for bulk lookups

massdns -r [resolvers.txt] -t A [domains.txt]
Details

pmount

Mount removable devices as regular user

pmount [/dev/sdb1]
Details

symfony

Symfony PHP framework development CLI

symfony new [project_name]
Details

xsp

Mono ASP.NET development web server

xsp
Details

zm

Manage ZoneMinder surveillance daemons

sudo zmpkg.pl start
Details

Users and permissions

13 commands

aa-logprof

Update AppArmor profiles from log events interactively

sudo aa-logprof
Details

argon2

Hash passwords using the Argon2 algorithm

echo -n "password" | argon2 [salt] -e
Details

ausearch

Search and query audit log events

sudo ausearch -m avc
Details

firejail

application sandboxing with Linux namespaces

sudo firecfg
Details

genid

random identifier and UUID generator

genid
Details

gksudo

Graphical frontend for sudo with GTK password dialog

gksudo -u [userid] [command]
Details

grpck

verify integrity of group files

sudo grpck
Details

ike-scan

discovers and fingerprints IPsec VPN servers

sudo ike-scan [192.168.1.0/24]
Details

jj-config-set

sets configuration values in Jujutsu config files

jj config set --user [user.name] "[John Doe]"
Details

makepasswd

generates random passwords suitable for user accounts

makepasswd
Details

postfix

Control the Postfix mail system

sudo postfix check
Details

yast2

SUSE system configuration tool

sudo yast2
Details

Shell workflow

6 commands

disable

Disable shell builtins or other named elements

disable [builtin_name]
Details

fswebcam

command-line webcam image capture

fswebcam [image.jpg]
Details

grype

vulnerability scanner for container images and filesystems

grype [image:tag]
Details

safety

Check Python dependencies for known vulnerabilities

safety scan
Details

uv-export

Export dependencies to requirements format

uv export > requirements.txt
Details

Package management

5 commands

androguard

Reverse engineer and analyze Android applications

androguard analyze [app.apk]
Details

apksigner

Sign and verify Android APK files

apksigner sign --ks [keystore.jks] [app.apk]
Details

bun-audit

Scan dependencies for known security vulnerabilities

bun audit
Details

SSH and remote access

5 commands

crackmapexec

post-exploitation tool for Windows/AD networks

crackmapexec smb [192.168.1.0/24] -u [user] -p [password] --shares
Details

exo-compute

Exoscale compute instance and infrastructure management

exo compute instance list
Details

pam_motd

displays message of the day

session optional pam_motd.so
Details

HTTP and downloads

4 commands

driftnet

capture images from network traffic

driftnet -i [eth0]
Details

kanha

Web application pentesting suite

kanha fuzz -u [https://example.com/FUZZ] -w [path/to/wordlist.txt]
Details

mitmdump

command-line companion to mitmproxy, a powerful HTTPS proxy

mitmdump
Details

Security tools

4 commands

b3sum

Compute and verify BLAKE3 cryptographic checksums.

b3sum [file]
Details

markdown

converts Markdown-formatted text to HTML

markdown [file.md]
Details

prowler commands

4 commands

Archive and compression

1 commands

airolib-ng commands

1 commands

airolib-ng

Pre-compute WPA/WPA2 PMK databases for faster cracking

airolib-ng [database.db] --init
Details

apptainer commands

1 commands

apptainer-sign

Cryptographically sign SIF container images

apptainer sign [path/to/image.sif]
Details

az commands

1 commands

az-network

Manage Azure networking resources

az network dns zone create -g [resource-group] --name [example.com]
Details

crane commands

1 commands

dch commands

1 commands

dch

Debian package changelog editor

dch "[changelog message]"
Details

debsecan commands

1 commands

eksctl commands

1 commands

eksctl

AWS EKS cluster management CLI

eksctl create cluster --name [cluster_name]
Details

genpmk commands

1 commands

genpmk

WPA/WPA2 PSK precomputation tool

genpmk -f [wordlist.txt] -d [hashfile] -s [SSID]
Details

gixy-next commands

1 commands

gixy-next

Maintained fork of gixy for nginx security analysis

gixy-next [/etc/nginx/nginx.conf]
Details

golangci-lint commands

1 commands

hash commands

1 commands

hash

shell built-in that manages the hash table of recently executed commands

hash
Details

holehe commands

1 commands

holehe

checks if an email is registered on various websites

holehe [email@example.com]
Details

impacket-smbclient commands

1 commands

impacket-smbclient

generic SMB client for listing shares and files, uploading

impacket-smbclient [domain]/[user]:[password]@[target]
Details

keyctl commands

1 commands

keyctl

utility for managing the Linux kernel keyring facility

keyctl list @us
Details

kubeaudit commands

1 commands

kubeaudit

audits Kubernetes clusters and manifests for security vulnerabilities

kubeaudit all
Details

msfvenom commands

1 commands

msfvenom

generates payloads for Metasploit

msfvenom -l payloads
Details

pkcs11-tool commands

1 commands

pkcs11-tool

Manage PKCS#11 cryptographic tokens and smart cards

pkcs11-tool --list-token-slots
Details

pkg commands

1 commands

pkg

FreeBSD binary package manager

pkg install [package]
Details

rtgen commands

1 commands

rtgen

Generate rainbow tables for password cracking

rtgen [hash_algorithm] [charset] [min_len] [max_len] [table_index] [chain_len] [chain_num] [part_index]
Details

runcon commands

1 commands

runcon

Run commands with specified SELinux context

runcon
Details

secon commands

1 commands

secon

Display SELinux security contexts

secon
Details

session commands

1 commands

pam_selinux

PAM module to set the default SELinux security context

session required pam_selinux.so
Details

sestatus commands

1 commands

ss-server commands

1 commands

ss-server

Linux command ss-server

ss-server -s [0.0.0.0] -p [8388] -k "[password]" -m [aes-256-gcm]
Details

systemd-cryptenroll commands

1 commands

tshark commands

1 commands

tshark

Command-line network packet analyzer

tshark
Details

vlock commands

1 commands

vlock

Lock Linux virtual console sessions

vlock
Details