Quick reference guides for most Linux distros and the tools I use regularly.
These are mostly for my own reference, but feel free to use them.
Display file contents to stdout. One of the most fundamental Unix commands for reading files, combining files, and creating files.
Change root directories like a pro. Essential for system recovery and maintenance.
Display filesystem disk space usage with color output. Enhanced version of df with better formatting and visual indicators.
Disk partitioning that doesn't need to be scary. Just be careful.
Search for files and directories in a directory hierarchy. Powerful tool for locating files by name, type, size, modification time, and more.
Interactive process viewer and system monitor. Enhanced version of top with better visualization, mouse support, and easier navigation.
Display information about block devices in a tree format. Shows disks, partitions, and their mount points in an easy-to-read hierarchy.
Attach a filesystem to the directory tree. Essential for accessing disks, partitions, network shares, and other storage devices.
Performance analysis tool for Linux. Provides profiling, tracing, and performance monitoring capabilities using hardware performance counters and kernel tracing.
Fast text search tool that recursively searches directories for a regex pattern. Faster than grep, respects .gitignore by default, and has excellent Unicode support.
Hardware sensor monitoring tool. Displays temperature, voltage, fan speed, and other hardware sensor data. Essential for monitoring CPU and system temperatures.
Trace system calls and signals. Monitors interactions between a process and the Linux kernel, essential for debugging, performance analysis, and security auditing.
System stress testing tool. Tests CPU, memory, I/O, disk, and network under load. Useful for system testing, benchmarking, and thermal testing.
Execute a command repeatedly and display output fullscreen. Useful for monitoring system resources, processes, logs, and other changing data in real-time.
Terminal image viewer and converter. Converts images to ANSI art, Unicode blocks, or sixel graphics for display in terminals.
Browsing Gemini space from the comfort of my terminal. Retro-futuristic vibes.
Minimal, fast, and you have to compile it yourself. Peak Linux experience.
My terminal of choice. Fast, minimal, and doesn't get in my way.
Fuzzy finding everything. Because scrolling through lists is overrated.
Wayland compositor that actually works and looks good doing it.
IRC in the terminal. For when you want to chat like it's 1999.
The basics that make everything else possible. You know, the important stuff.
Plays everything, respects your privacy. What's not to love?
Email in the terminal. Because GUIs are overrated and this one actually works.
The editor that makes you feel like a wizard once you figure it out.
RSS feeds without the bloat. Just the articles, please.
Tiling windows with Python config. Because why not make it programmable?
Because one terminal window is never enough. Sessions that survive disconnects.
Highly customizable status bar for Wayland compositors. Displays system information, application status, and custom modules with JSON configuration and CSS styling.
File management that doesn't make me want to throw my computer out the window.
Securely transfer files and text between computers using human-readable codes. Simple, encrypted, and cross-platform.
Secure shell for remote login and command execution. Encrypted replacement for telnet and rsh.
Subdomain enumeration on steroids. Find what they didn't want you to find.
Multi-cloud OSINT tool. Find exposed buckets and cloud resources.
Get All URLs from multiple sources. Wayback, OTX, Common Crawl, and more.
Fast web crawler for security testing. Discovers endpoints, parameters, and hidden paths through intelligent crawling.
Passive subdomain discovery tool. Fast and stealthy enumeration.
Subdomain enumeration using search engines. Classic recon tool.
Fetch URLs from Wayback Machine. Discover historical endpoints.
Visual recon for web-based attack surfaces. Screenshots at scale.
Comprehensive DNS enumeration. Zone transfers, brute force, and more.
Fast web fuzzer written in Go. Brute force directories, parameters, and more.
Directory and DNS busting tool. Find hidden paths and subdomains.
Simple DNS lookup utility. Quick and to the point.
Fast HTTP toolkit. Probe live hosts, detect tech, and extract info.
Ultra-fast port scanner. Scan the entire internet in minutes.
Network mapper and port scanner. The gold standard for network discovery and security auditing.
Web Application Firewall detection. Know what's protecting the target.
Web technology fingerprinting. Know thy target's stack.
Transfer data from anything to anywhere. The Swiss army knife of HTTP.
Web screenshot tool with SQLite backend. Visual recon made easy.
Convert and analyze WiFi captures. Extract handshakes, PMKIDs, and convert formats for hashcat.
Lightweight JSON processor. Parse, filter, transform, and manipulate JSON data with ease.
Like awk, sed, cut, join, and sort for CSV, TSV, and tabular JSON. Stream processing for structured data.
Web server scanner that finds the vulnerabilities others miss.
Template-based vulnerability scanner. Fast, customizable, and deadly accurate.
Pattern matching that makes sense once you understand it. Examples included.
Stream editor for filtering and transforming text. Edit files non-interactively and manipulate text streams.
Download files like it's 1996. Reliable, recursive, and scriptable.
Network attack and monitoring framework. ARP spoofing, DNS spoofing, credential harvesting, and more.
Post-exploitation tool for Active Directory environments. Enumerates, exploits, and pivots through Windows networks.
Advanced password recovery tool. GPU-accelerated cracking for various hash types and formats.
WiFi handshake capture tool. Capture WPA/WPA2 handshakes and PMKID hashes from wireless networks.
Brute force authentication tool. Fast parallel attacks on SSH, HTTP, FTP, and many other protocols.
Collection of Python classes for network protocols. Tools for SMB, MSRPC, LDAP, Kerberos, and Active Directory exploitation.
Metasploit Framework console. The pentester's best friend.
LLMNR, NBT-NS, and MDNS poisoner. Answers name resolution requests to capture authentication hashes.
SQL injection testing and exploitation. Automatic detection and exploitation of SQL injection vulnerabilities.
Monitor ARP traffic and log changes to Ethernet/IP pairings. Detects ARP spoofing and network anomalies.
Linux Auditing System. Monitor system calls and file access for security compliance and forensics.
Collaborative intrusion prevention system. Analyzes behaviors, responds to attacks, and shares threat intelligence.
See what's eating your bandwidth in real-time. Spoiler: it's probably updates.
Intrusion detection that's been around forever and still gets the job done.
High-performance network IDS, IPS, and security monitoring engine. Multi-threaded and protocol-aware.
Wireshark in the terminal. For when you need to debug network things.
Security monitoring platform with MITRE ATT&CK integration. Intrusion detection, vulnerability scanning, and compliance.
Network security monitoring that's actually useful. Logs everything, finds the weird stuff.
Ban IP addresses that show malicious signs. Automatic intrusion prevention at the firewall level.
The classic Linux firewall. Tables, chains, and rules to control your traffic.
Send signals to processes. Terminate, pause, resume, or control processes by PID.
List open files. Shows information about files opened by processes, including network connections.
The modern replacement for iptables. Cleaner syntax, better performance.
Display information about running processes. Shows process IDs, resource usage, and command lines.
Socket statistics. Modern replacement for netstat. Displays network socket information including TCP, UDP, and Unix sockets.
Simple, modern file encryption tool. Designed to be secure, easy to use, and script-friendly.
GNU Privacy Guard for encryption, signing, and key management. Foundation for OpenPGP workflows.
Background agent that caches GPG passphrases and handles private key operations securely.
Compute and verify MD5 checksums. Useful for legacy integrity checks, but not for security.
Swiss army knife for TLS, certificates, and crypto primitives. Generates keys, CSRs, and tests SSL/TLS.
Automate Let's Encrypt SSL certificates. Free certificates that actually work. Because paying for SSL is silly.
Unix password manager using GPG and git. Stores passwords as encrypted text files in a simple tree.
Compute and verify SHA-1 checksums. Mostly for legacy compatibility, avoid for new security uses.
Compute and verify SHA-256 checksums. Commonly used for verifying downloads and file integrity.
Compute and verify SHA-512 checksums. Stronger variant of the SHA-2 family for integrity checking.
Generate and manage SSH key pairs. Creates keys for secure remote access and authentication.