Home Commands Tools Labs Defense Center Learning Paths Quizzes Challenges CTF Hubs Premium Log in

Library

Command reference

Search the live database for syntax, tools, use cases, tags, MITRE context, and safe lab-ready command examples.

140 results Clear filters
Offensive Beginner Free

OSINT email, subdomain, and employee enumeration from multiple sources

OSINT email, subdomain, and employee enumeration from multiple sources

theHarvester -d target.com -b google,bing,linkedin,github -l 500
osint recon email subdomain passive
TheHarvester / OSINT Open
Defensive Intermediate Free

Capture packets on eth0, rotating files, excluding SSH traffic

Capture packets on eth0, rotating files, excluding SSH traffic

tcpdump -i eth0 -w /tmp/capture.pcap -C 100 -W 10 port not 22
tcpdump packet-capture pcap network monitoring
Tcpdump / Network Monitoring Open
Defensive Advanced Premium

Capture and display HTTP/HTTPS metadata from a specific host in real-time

Capture and display HTTP/HTTPS metadata from a specific host in real-time

tcpdump -i any -A -n "host 192.168.1.100 and (port 80 or port 443)" 2>/dev/null | grep -E "(GET|POST|Host:|User-Agent:)"
tcpdump http threat-hunting c2 detection
Tcpdump / Threat Hunting Open
Defensive Beginner Free

Identify top IPs generating failed SSH login attempts from auth log

Identify top IPs generating failed SSH login attempts from auth log

grep "Failed password" /var/log/auth.log | awk '{print $11}' | sort | uniq -c | sort -rn | head -20
log-analysis ssh brute-force auth detection
Linux CLI / Log Analysis Open
Defensive Intermediate Free

Real-time SSH authentication event monitoring from systemd journal

Real-time SSH authentication event monitoring from systemd journal

journalctl -u ssh.service --since "1 hour ago" --no-pager | grep -E "(Accepted|Failed|Invalid)" | awk '{print $1, $2, $3, $9, $11}'
journalctl systemd ssh log-analysis monitoring
Linux CLI / Log Analysis Open
Defensive Intermediate Free

Hardened IPTables firewall baseline — default deny with explicit allow rules

Hardened IPTables firewall baseline — default deny with explicit allow rules

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables firewall hardening network security
IPTables / Linux Hardening Open
Defensive Beginner Free

Audit all listening services and count active established connections

Audit all listening services and count active established connections

ss -tlnp | grep LISTEN && netstat -an | grep ESTABLISHED | wc -l
ss netstat hardening audit network
Linux CLI / Linux Hardening Open
Defensive Beginner Free

List all registered Wazuh agents and their current connection status

List all registered Wazuh agents and their current connection status

/var/ossec/bin/agent_control -l
wazuh siem agent monitoring soc
Wazuh / SIEM Open
Defensive Advanced Premium

Query Wazuh REST API for recent high-severity alerts (level 10+)

Query Wazuh REST API for recent high-severity alerts (level 10+)

curl -k -u admin:SecretPassword -X GET "https://wazuh-manager:55000/alerts?pretty=true&limit=10&sort=-timestamp&q=rule.level>=10"
wazuh api alerts soc siem
Wazuh / SIEM Open
Defensive Intermediate Free

Quick triage — identify top CPU processes and all established network connections

Quick triage — identify top CPU processes and all established network connections

ps aux --sort=-%cpu | head -20 && lsof -i -n -P | grep ESTABLISHED
ir triage incident-response process network
Linux CLI / Incident Response Open
Defensive Intermediate Free

Splunk SPL query — Top 10 source IPs generating SSH authentication failures

Splunk SPL query — Top 10 source IPs generating SSH authentication failures

index=main sourcetype=syslog "Failed password" | stats count by src_ip | sort -count | head 10
splunk spl siem brute-force detection
Splunk / SIEM Open
Defensive Advanced Premium

Windows failed logon (Event 4625) brute-force detection with time bucketing

Windows failed logon (Event 4625) brute-force detection with time bucketing

index=windows EventCode=4625 | bucket _time span=5m | stats count by _time, src_ip, Account_Name | where count > 10 | eval alert="Possible Brute Force" | table _time, src_ip, Account_Name, count, alert
splunk windows event-log 4625 brute-force
Splunk / SIEM Open