See listening services
Check which local processes are waiting for network connections.
$ ss -tulpnCONTEXTRun this on a machine you control. Some process details may require elevated privileges.
LIBRARY ONLINE
FREE COMMANDS / TOOLS / CONTEXT
A growing collection of commands I actually reach for—plus the question each one helps answer.
Every active-security command here is for systems you own or are explicitly authorized to test.
01 // COMMAND LIBRARY
Search by tool, task, command, category, or tag.
Check which local processes are waiting for network connections.
$ ss -tulpnCONTEXTRun this on a machine you control. Some process details may require elevated privileges.
Find a string recursively without wasting time inside Git metadata.
$ grep -Rni --exclude-dir=.git "needle" .CONTEXTReplace needle with the exact text you are investigating.
List regular files modified during the last 24 hours.
$ find . -type f -mtime -1 -printCONTEXTUseful for a lab directory or a controlled investigation folder.
Ask which services and versions are exposed on an authorized target.
$ nmap -sV -Pn <authorized-target>CONTEXTUse only on systems you own or have explicit permission to test.
Run default scripts and version checks against ports 80 and 443.
$ nmap -p 80,443 -sC -sV <authorized-target>CONTEXTA smaller question usually produces cleaner evidence than scanning everything immediately.
Return the current IPv4 records for a domain.
$ dig +short A example.comCONTEXTUse a domain you control or a deliberately public example during practice.
Request only the response headers and keep the output readable.
$ curl -sSI https://example.comCONTEXTLook for status, server behavior, caching, redirects, and security headers.
See each response while curl follows redirects to the final URL.
$ curl -sSIL https://example.comCONTEXTUseful for understanding canonical hosts, HTTPS upgrades, and authentication redirects.
Retrieve the site’s crawler instructions without opening a browser.
$ curl -sS https://example.com/robots.txtCONTEXTrobots.txt is not authorization and does not make private paths fair game.
Get a compact view of interface names, state, and assigned addresses.
$ ip -brief addressCONTEXTStart here before blaming the network—or the tool.
Follow the resolution path from the root servers to the answer.
$ dig +trace example.comCONTEXTThis sends several DNS queries; use it when delegation is the actual question.
Capture DNS packets visible on your own machine’s interfaces.
$ sudo tcpdump -i any -nn port 53CONTEXTPacket capture may contain sensitive data. Capture only where you are authorized and store evidence carefully.
Keep project dependencies isolated from the system Python installation.
$ python3 -m venv .venv && source .venv/bin/activateCONTEXTUse one environment per project and avoid running unknown scripts outside a disposable lab.
Turn a dense JSON response into something a human can inspect.
$ python3 -m json.tool response.jsonCONTEXTValidate the file first if the command reports malformed JSON.
Stop a script when a command fails, a variable is missing, or a pipeline breaks.
$ set -Eeuo pipefailCONTEXTPlace it near the top of a script, then test the failure paths instead of assuming they work.
Create a tiny scope note before touching an authorized lab target.
$ printf '%s\n' 'target: lab.local' 'scope: authorized' > scope.txtCONTEXTA written boundary keeps the engagement clear when tools and tabs start multiplying.
Record a SHA-256 digest so you can detect later changes to a file.
$ sha256sum evidence.binCONTEXTA hash supports integrity; it does not prove where the evidence came from.
Add a consistent timestamp to notes, screenshots, or collected output.
$ date -u +"%Y-%m-%dT%H:%M:%SZ"CONTEXTUTC makes it easier to compare evidence across machines and platforms.
02 // HOW TO USE THIS
Read the purpose and context before running a command. Replace placeholders deliberately. Save the output that supports your conclusion.
SEE THE METHOD IN WRITEUPS →