67 commandes · 12 catégories
echo
Displays text or the value of a variable in the terminal.
echo Hello echo "Hello world" echo $HOME
whoami
Displays the username of the currently logged-in user.
ls
Lists files and directories in the current (or specified) directory.
ls ls -l # long format (permissions, owner, size, date) ls -a # show hidden files (dot files)
cat
Displays the content of a file directly in the terminal. Best suited for small files. For large files, use:
cat file.txt cat ./- # file whose name is a dash cat "./file with spaces" # file whose name contains spaces
cd
Changes the current working directory.
cd folder cd .. cd /absolute/path
pwd
Prints the absolute path of the current working directory.
mkdir
Creates a new directory.
mkdir new_folder mkdir -p parent/child/grandchild # create nested directories in one shot
touch
Creates a new empty file or updates its timestamp if it already exists.
touch file.txt
cp
Copies files or directories.
cp file.txt backup.txt cp -r folder/ backup_folder/
mv
Moves or renames files and directories.
mv file.txt /home/user/ mv old.txt new.txt
rm
Removes files or directories.
rm file.txt rm -r folder/
file
Determines the type of a file (text, binary, gzip, bzip2, tar…).
file document.txt file ./* # check all files in current directory
man
Opens the manual page for a command.
man ls man find man chmod
clear
Clears the terminal screen.
date
Displays the current system date and time. Supports custom output formatting. The `+` prefix defines a custom format using strftime-style specifiers.
date # full date and time date +"%Y-%m-%d" # formatted: 2026-02-26 date +"%H:%M:%S" # time only: 14:35:00
basename
Returns the last component of a path — the filename or directory name without the leading path. Useful in scripts to extract a clean name from a full path.
basename /home/user/docs/report.txt # → report.txt basename /home/user/docs/ # → docs
nano
Terminal-based text editor — simple and beginner-friendly. Keyboard shortcuts:
nano file.txt
find
Searches for files and directories recursively.
find / -name "*.txt" find / -type f -name "secret" find / -type f -user bob -group dev -size 33c 2>/dev/null
grep
Searches for a specific pattern inside files.
grep "admin" file.txt grep -r "admin" /path grep -i "admin" file.txt
cut
Extracts specific fields from lines based on a delimiter.
cut -d ' ' -f 1 file.txt # extract first field, space-delimited echo "a b c" | cut -d ' ' -f 2 # → b md5sum file | cut -d ' ' -f 1 # extract only the hash
sort
Sorts lines in a file alphabetically (or numerically).
sort file.txt sort -u file.txt # sort and remove duplicates sort -n file.txt # sort numerically
uniq
Filters or counts duplicate lines. Usually combined with `sort`.
sort file.txt | uniq # remove duplicates sort file.txt | uniq -u # keep only unique lines sort file.txt | uniq -c # count occurrences of each line
wc
Counts lines, words, or characters in a file.
wc file.txt # lines, words, characters wc -l file.txt # count lines only wc -w file.txt # count words only
strings
Extracts human-readable strings from a binary file.
strings binary_file strings data.txt | grep "=" # extract and filter
md5sum
Computes the MD5 hash of a file or input string.
md5sum file.txt echo "I am user bandit23" | md5sum echo "I am user bandit23" | md5sum | cut -d ' ' -f 1 # hash only
base64
Encodes or decodes base64 data.
base64 file.txt # encode base64 -d file.txt # decode
tr
Translates or replaces characters in a stream.
tr 'A-Za-z' 'N-ZA-Mn-za-m' # ROT13 tr 'a-z' 'A-Z' # lowercase to uppercase cat file.txt | tr 'A-Za-z' 'N-ZA-Mn-za-m' # ROT13 via pipe
xxd
Creates a hex dump of a file, or reverses one back to binary.
xxd file # display hex dump xxd -r hexdump > binary # rebuild binary from hex dump
gzip` / `gunzip
Compresses or decompresses `.gz` files.
gzip file.txt # compress → file.txt.gz gunzip file.gz # decompress gzip -d file.gz # decompress (alternative)
bzip2` / `bunzip2
Compresses or decompresses `.bz2` files.
bzip2 file.txt # compress → file.txt.bz2 bunzip2 file.bz2 # decompress bzip2 -d file.bz2 # decompress (alternative)
tar
Archives multiple files into a single `.tar` file.
tar tf archive.tar # list contents tar xf archive.tar # extract tar czf archive.tar.gz folder/ # create compressed archive
su
Switches to another user account. `-l` provides a full login shell environment.
su username su -l username
ssh
Connects to a remote machine over a network.
ssh user@hostname ssh user@192.168.1.10 ssh user@host -p 2220 # specify port
scp
Securely copies files between machines over SSH.
scp file.txt user@192.168.1.10:/path/ # send scp user@192.168.1.10:/path/file.txt . # receive scp -P 2220 user@host:file.txt . # specify port
wget
Downloads files from a URL.
wget http://example.com/file.txt
nc` (Netcat)
Opens raw TCP/UDP connections. Useful for interacting with services directly.
nc host port # connect to a host on a port nc localhost 30000 # connect to a local service nc -l -p 1234 # listen on port 1234 (TCP server mode)
openssl s_client
Connects to a host using SSL/TLS. Required when the service does not accept plaintext. `-ign_eof` prevents the connection from closing when stdin reaches EOF — necessary when piping input.
openssl s_client -connect localhost:30001 openssl s_client -connect localhost:30001 -ign_eof
nmap
Scans hosts and port ranges to identify open services.
nmap host # default scan nmap -p 31000-32000 localhost # scan a specific port range nmap -sV localhost # detect service versions
diff
Compares two files line by line and shows differences. Output convention: `<` = line from the first file, `>` = line from the second file.
diff file1.txt file2.txt
ping
Sends ICMP echo requests to test whether a host is reachable.
ping hostname ping 8.8.8.8 ping -4 hostname # force IPv4 only
traceroute
Maps the path packets take to reach a destination by recording each hop. Uses the Internet layer (IP) by default.
traceroute hostname traceroute -i eth0 hostname # specify the network interface traceroute -T hostname # use TCP SYN instead of default UDP
whois
Queries domain registration information and IP address ownership.
whois example.com whois 8.8.8.8
dig
Manually queries DNS servers to resolve domain names. Key sections in the output:
dig example.com # standard DNS lookup dig example.com @8.8.8.8 # query a specific DNS server dig -x 8.8.8.8 # reverse DNS lookup
python3 -m http.server
Starts a simple HTTP server in the current directory. Useful for transferring files between machines. Then fetch from another machine:
python3 -m http.server # serve on port 8000 python3 -m http.server 9000 # serve on custom port
ps
Displays running processes.
ps ps aux
top
Displays real-time process statistics (CPU, memory, PID).
kill
Sends signals to processes.
kill PID # SIGTERM – graceful stop kill -9 PID # SIGKILL – forced stop
systemctl
Manages system services.
systemctl start apache2 systemctl stop apache2 systemctl enable apache2 # auto-start on boot
Job Control
Suspend a running process: Resume in the background: Resume in the foreground:
CTRL + Z
apt
Package manager for Debian-based systems (Ubuntu, Kali, etc.).
sudo apt update # refresh package list sudo apt upgrade # upgrade installed packages sudo apt install package_name # install a package
cron
Schedules recurring tasks. Edit the crontab: Cron format:
crontab -e
chown
Changes the owner (and optionally the group) of a file or directory.
chown user file.txt chown user:group file.txt chown -R user folder/ # recursive
chmod
Changes the permissions of a file or directory. Permissions are structured across three levels: Numeric values: Example — `chmod 750 file.txt`:
chmod 750 file.txt chmod 400 keyfile # read-only for owner (SSH private keys) chmod +x script.sh # add execute permission
On files
On directories
seq
Generates a sequence of numbers. Commonly used in loops for brute force or iteration:
seq 5 # 1 2 3 4 5 seq 0 9999 # 0 to 9999 seq 1 2 10 # 1 3 5 7 9 (step of 2)
printf
Formats and prints data — more powerful than `echo` for precise formatting.
printf '%04d\n' 7 # → 0007 printf '%s %04d\n' "abc" 42
export
Sets an environment variable and makes it available to child processes. Used in PATH Hijacking — prepending a custom directory to `$PATH` forces the shell to find fake binaries before real ones.
export VAR=value export PATH=/tmp/mydir:$PATH # prepend a directory to PATH
Shebang
The shebang must be alone on the first line and tells the OS which interpreter to run the script with. `/usr/bin/env bash` is more portable than `#!/bin/bash` — it resolves `bash` via `PATH` instead of assuming a fixed location.
#!/usr/bin/env bash
Variables
Declare a variable without spaces around `=`. Reference it with `$VAR` (case-sensitive). Always quote variables to handle paths with spaces: Concatenate variables using `${}`:
SOURCE="/path/to/dir" echo "$SOURCE"
Command Substitution
Store the output of a command in a variable:
DATE=$(date +"%Y-%m-%d") DIR_NAME=$(basename "$SOURCE")
Conditionals
Common condition flags: Example — check that a directory exists before proceeding:
if [ condition ]; then # commands fi
Exit Codes
Every command returns an exit code when it finishes. Use `exit` to terminate a script explicitly: If a script finishes without an explicit `exit`, it returns the exit code of the last command.
exit 0 # success exit 1 # error
Copying Directories
cp -r "$SOURCE" "$DESTINATION" # copies the directory itself cp -r "$SOURCE"/* "$DESTINATION" # copies only the contents
sudo
Executes a command as another user (default: root). Requires the target user to be specified with `-u`. The allowed commands per user are configured in `/etc/sudoers`.
sudo command sudo -u username command sudo -u app-admin /bin/cat /path/to/file
SUID Binaries
A binary with the SUID bit set runs with the **file owner's** privileges, regardless of who executes it. Identifying SUID binaries:
ls -la ./binary # look for 's' in owner permissions: -rwsr-xr-x ./binary command # runs as the file owner
PATH Hijacking
If a SUID binary calls a command without an absolute path (e.g., `ls` instead of `/bin/ls`), the shell resolves it via `$PATH`. Prepending a custom directory allows substituting the real binary with a fake one.
mkdir /tmp/fake echo -e '#!/bin/bash\ncat /path/to/secret' > /tmp/fake/ls chmod +x /tmp/fake/ls