Essential commands for security professionals and power users.

If you really found this post valuable you can 👉 Bookmark this page for quick reference!

Hey there! Whether you're a pentester hunting for vulnerabilities, a blue teamer locking things down, or just someone who lives in the terminal - these Linux commands will become your daily companions.

Why This Matters:

• 🛡️ Handpicked commands.
• ⚡ Daily useful (like troubleshooting).
• 🧠 For all levels: Newbies and greybeards will find value.

---

📋 Table of Contents

1. Navigation Essentials

• Directory Shortcuts
  (/, ~, ., .., -)

2. File System Basics

• 🔍 ls - List Files
  (View contents, permissions, and hidden files)
• 📂 mkdir - Create Directories
  (With -p for nested folders)
• 🗑️ rmdir - Remove Directories
  (Safe folder deletion)

3. Command Line Power

• ⏳ history - Recall Commands
  (Search, reuse, and secure your history)
• 📁 cd - Change Directory
  (Quick path navigation tricks)

4. Advanced Hunting

• 🔎 find - File Discovery
  (Basic searches by name/size/time)
• 🕵️ Advanced find - Hidden Threats
  (SUID bins, world-writable files, configs)
• 👥 getent - User/Group Intel
  (Query accounts across LDAP/NIS)

5. Permission Control

• 🛡️ chmod - Access Management
  (Secure file modes like 600, 755)

---

➡️ Linux Command Cheat Sheet - Part 2 - upcoming

---

First: Know Your Navigation Shortcuts

Before diving into commands, let's cover the essential path symbols you'll encounter in Linux and macOS systems. These symbols act as shortcuts to navigate directories efficiently:

Generally most common and fundamental symbols used to define paths in Unix-like operating systems (Linux and macOS)

• / Root directory.
• . Current directory
• .. One level up directory
• ~ Home directory
• - Previous working directory

Path Wildcards (for matching patterns)

• * Asterisk - "Anything": This matches any number of characters (even zero).

  | e.g: report*.txt would match report.txt, report_final.txt, or report2025.txt.

• ? Question Mark - "Any single character": This matches exactly one character.

  | e.g: photo?.jpg would match photo1.jpg or photoB.jpg, but not photo11.jpg.

• [ ] Square Brackets - "Any character inside": This matches any one character from the list or range you put inside the brackets.

  | e.g: document[1-3].pdf would match document1.pdf, document2.pdf, or document3.pdf.

• [! ] Excludes characters in the set

  | e.g: report[!0-9].md → Excludes numbers (e.g., reportA.md but not report1.md)

• { } Matches comma-separated patterns (Brace Expansion)

  | e.g: {backup,log}_*.txt → Matches both backup_2025.txt and log_errors.txt

ls (List command)

The ls command is one of the most used system command in the Linux terminal to display the files and directories.

• ls - list the contents of a directory
• ls -a - list the all contents even if its hidden.
• ls -l - list the contents with long format that display detailed about files and its directories.
• ls -t - list the content by their last modification time, displaying the most recently modified ones first.
• ls -r - list the content in reverse order.
• ls -S - list the content by shorting their sizes, listing the largest ones first.
• ls -R - list the content recursively, including subdirectories.
• ls -i - list the content recursively, including subdirectories.

mkdir (Make directory command)

The mkdir vary common command use to create new directory.

• mkdir - This command use to make directory.
• mkdir -p ( -p stands for parent ) - This command use to make directories in nested mode like directory inside directory. Similarly this same command also use to make multiple directories at a same time for e.g., mkdir -p dir1 dir2 dir3.

e.g.

mkdir -p parent_dir/{dir1/subdir1/{temp,docs},dir2,dir3}

Result :

               parent_dir
                   |________ _______
                   |        |       |
                 dir1      dir2    dir3
                   |
                 subdir1
               ____|_____
              |          |
             temp      docs

rmdir (Remove Directory)

Just like mkdir creates a directory, its opposite is rmdir, which you use to remove an empty directory. It's a very common command!

• rmdir directory_name/path - This command use to delete empty directory.
• rmdir -p ( -p stands for parent ) - This command use to delete empty multiple directories at a same time for e.g., rmdir -p dir1 dir2 dir3. Similarly also use to delete directories in nested mode like directory inside directory.

history command

The history command use to view all previously executed commands.

• history -c - This command use to clear the history list by deleting all of the entries.
• history -d - This command use to delete the history entry at specific position.

e.g.

ubuntu@DESKTOP:~$ history
    1  history
    2  ls
    3  ls -l
    4  pwd
    5  uname -a
    6  history
ubuntu@DESKTOP:~$

Now to delete the uname -a from history we will run history -d 5 command.

ubuntu@DESKTOP:~$ history
    1  history
    2  ls
    3  ls -l
    4  pwd
    5  history
    6  history -d 5
    7  history
ubuntu@DESKTOP:~$

And we can see in the above snippet the uname -a record got deleted from the history.

However the fun fact is that 😆 the history -d command itself will also get added to your history.

• history | tail - This command use to view the last 10 commands from the history

cd (Change directory)

The cd <directory> command moves you into a specified directory. You can use an absolute path (starting from the root, /) or a relative path (relative to your current location).

• cd /path - This command use to move to specific /path you assign to move/change.

  e.g. cd /home/user/downloads this will move you from your directory to the downloads folder or directory.

• cd .. - This command will moves you up one level in the directory structure (to the parent directory).

• cd ~ or cd (without an argument) - This command will moves you to your home directory.

find command

This find command is a basic directory search utility.

• find . -name example.txt - Find all the files whose name is example.txt in a current working directory.

e.g.:

ubuntu@DESKTOP:~$ find . -name example.txt
./example.txt

find /home -name example.txt - Find all the files under /home directory with having name example.txt.

ubuntu@DESKTOP:~$ find /home -name example.txt
/home/ubuntu/example.txt

Note: In the -name section we can search files and directories both with and without extension.

Generally the command is look like this:

~$ find < location/path > -name < name/extension/name*.extension/*name.extension > * denoted as wildcard

Find Files and Directories by Type

The find command enables you to search for files or directories based on their type. Furthermore, by using the -type option, you can specify whether you are searching for regular files, directories, symbolic links, or other file types.

The file types are:

• f - Regular files.

• d - Directories.

• l - Symbolic links.

• find /home -name "*.txt" - find all .txt files within the /home directory.

e.g:

ubuntu@DESKTOP:~$ find /home -name "*.txt"
/home/ubuntu/example.txt

• find /home/ubuntu -type d - To search for all directories within the /home/ubuntu.

e.g:

ubuntu@DESKTOP:~$ find /home/ubuntu -type d
/home/ubuntu
/home/ubuntu/.landscape
/home/ubuntu/2
/home/ubuntu/3
/home/ubuntu/4
/home/ubuntu/5
/home/ubuntu/6
/home/ubuntu/directory1
...

• find /home -type f -perm 644 - This command, with its -perm option, lets you locate files by specifying exact permissions, or those with at least (+) or at most (-) the permission bits you define.

e.g.

ubuntu@DESKTOP:~$ find /home -type f -perm 644
/home/ubuntu/.bashrc
/home/ubuntu/.bash_logout
/home/ubuntu/.landscape/sysinfo.log
/home/ubuntu/.motd_shown
/home/ubuntu/.profile
/home/ubuntu/.sudo_as_admin_successful
/home/ubuntu/dpkglist
/home/ubuntu/example.txt
...

• find / -perm /u=s - This command find all SUID set files.

ubuntu@DESKTOP:~$ find / -perm /u=s
find: ‘/etc/polkit-1/localauthority’: Permission denied
find: ‘/etc/ssl/private’: Permission denied
find: ‘/mnt/c/Config.Msi’: Permission denied
find: ‘/mnt/c/DumpStack.log.tmp’: Permission denied
...

• find / -perm /g=s - This command find all SGID set files.

• find / -perm /u=r - This command find all Read-Only files.

• find / -perm /a=x - This command find all Executable files.

• find / -type f -perm 0777 -print -exec chmod 644 {} ; - This command will find all 777 permission files and use the chmod command to set permissions to 644.

• find / -type d -perm 777 -print -exec chmod 755 {} ; - This command will find all 777 permission directories and use the chmod command to set permissions to 755.

• find . -type f -name "*.txt" -exec rm -f {} ; - This command use to find and remove multiple files e.g. deleting the files having extension .txt.

• find . -type f -name "example.txt" -exec rm -f {} ; - This command use to find and remove single file e.g. deleting the example.txt file from current directory.

• sudo find / | less - This command, using administrator privileges, lets you search your entire system for all files and folders, and then view the extensive list one screen at a time.

• sudo find . | less - This command, using administrator privileges, lets you search your all files and folders within current directory, and then view the list one screen at a time.

• find / -type f -name ".*" - This command use to find all hidden files.

Advanced Hidden File Discovery Commands

Some additional advance find commands useful for pentesters and linux professionals.

1. World-Writable Directories

find / -path /proc -prune -o -type d -perm -o+w 2>/dev/null

• What it does: Finds dangerous folders that anyone can modify
• Why it matters: Attackers often hide tools in these locations
• OPSEC tip: /proc is excluded to avoid system noise

2. World-Writable Files

find / -path /proc -prune -o -type f -perm -o+w 2>/dev/null

• What it does: Locates risky files that any user can edit
• Why it matters: Common privilege escalation vector
• Pro trick: Combine with -exec ls -la {} \; to see details

3. Hidden User Files

find / -type f -name ".*" -exec ls -l {} \; 2>/dev/null | grep <user_name>

• What it does: Finds dotfiles belonging to specific users
• Why it matters: Often contains credentials/configs
• Real-world use: Replace <user_name> with target username

4. Hidden Directories

find / -type d -name ".*" -ls 2>/dev/null

• What it does: Reveals secret folders starting with dot (.)
• Why it matters: Common malware hideout
• Bonus: -ls flag shows permissions/timestamps

5. Process Command Lines

find /proc -name cmdline -exec cat {} \; 2>/dev/null | tr " " "\n"

• What it does: Extracts command arguments from running processes
• Why it matters: Can reveal malicious commands
• Pro tip: tr reformats for better readability

6. Config File Hunter

find / -type f \( -name *.conf -o -name *.config \) -exec ls -l {} \; 2>/dev/null

• What it does: Finds all configuration files with detailed listing
• Why it matters: Configs often contain secrets/passwords
• OPSEC: 2>/dev/null suppresses permission errors

7. Shell Script Finder

find / -type f -name "*.sh" 2>/dev/null | grep -v "src\|snap\|share"

• What it does: Locates shell scripts while excluding common dirs
• Why it matters: Scripts may contain hardcoded credentials
• Customize: Add more exclusions with |dir_name

8. Config File Hunter (Improved)

find / ! -path "*/proc/*" -iname "*config*" -type f 2>/dev/null

• What it does: Finds config files while skipping /proc
• Why better: Case-insensitive (-iname) and cleaner output
• Pro tip: Add -exec grep -i "password" {} \; to hunt secrets

9. SUID Binaries

find / -user root -perm -4000 -exec ls -ldb {} \; 2>/dev/null

• What it does: Finds privileged executables that run as root
• Why it matters: Classic privilege escalation path
• Bonus: -ldb shows symbolic links properly

10. SUID+SGID Binaries

find / -user root -perm -6000 -exec ls -ldb {} \; 2>/dev/null

• What it does: Finds files with both SUID+SGID bits set
• Why rare: These are extra dangerous if exploitable
• Investigate: Check with ltrace/strace

11. Capability Hunter

find /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin -type f -exec getcap {} \;

• What it does: Reveals special capabilities on binaries
• Why it matters: Can grant root-like powers without SUID
• Example: cap_net_raw allows packet sniffing

getent command

This getent command helps to get entries from Name Service Switch libraries.

• getent passwd - This command use to list all user accounts.

• getent passwd < user > - This command use to shows user details.

• getent group sudo - This command use to lists sudo privilege users.

• getent group - This command use to lists all groups.

• getent shadow - This command use to shows password hashes (needs root).

• getent hosts < domain > - This command use to resolves hostnames.

• getent services < service_name | e.g. ssh > - This command use to shows service ports (sometimes the services configured in custom ports).

• getent protocols tcp - This command use to displays protocol numbers.

• getent protocols tcp - This command use to displays protocol numbers.

• getent ahosts < IP > - This command use to reverse DNS lookup (like it will help sometimes to enumerate internal hosts).

• getent netid - This command use to lists NIS netgroups (like it will help find shared resources in old networks).

chmod command

In easy terms this command helps to controls who can do what with your files and folders:.

• Read? (peek inside)
• Write? (make changes)
• Execute? (run it like a program)

Controls access for three groups:

• You (owner)
• Your team (group)
• Everyone else (others)

How You’ll Use It Daily:

chmod +x script.sh # "Make this file runnable!"
chmod 600 secret.txt # "Lock this down—only I can read/write it."
chmod 755 my_app # "Let everyone run this, but only I can edit it."

Why It Matters:

Too loose? (777) → Anyone can delete or infect your files. ☠️

Too tight? (000) → Even you get locked out. 🔐

Just right? (644/755) → Balances usability and safety. ✅

👉 Check out → Linux File Permissions Basics for more detail. 👈

---

Stay tune for 👉 Linux Command Cheat Sheet - Part 2 👈