Home Commands Tools Labs Defense Center Learning Paths Quizzes Challenges CTF Hubs Premium Log in

Library

Command reference

Search the live database for syntax, tools, use cases, tags, MITRE context, and safe lab-ready command examples.

140 results Clear filters
Defensive Advanced Premium

Run a local Velociraptor information query.

Run a local Velociraptor information query.

velociraptor query "SELECT * FROM info()"
velociraptor endpoint-security expanded-library
Velociraptor / Endpoint Security Open
Defensive Advanced Premium

List Windows-focused artifacts.

List Windows-focused artifacts.

velociraptor artifacts list | grep Windows
velociraptor endpoint-security expanded-library
Velociraptor / Endpoint Security Open
Defensive Advanced Premium

Inspect running process telemetry.

Inspect running process telemetry.

velociraptor query "SELECT Name, CommandLine FROM pslist()"
velociraptor endpoint-security expanded-library
Velociraptor / Endpoint Security Open
Defensive Advanced Premium

Collect simulated temp directory file listing.

Collect simulated temp directory file listing.

velociraptor query "SELECT * FROM glob(globs='C:/Windows/Temp/*')"
velociraptor endpoint-security expanded-library
Velociraptor / Endpoint Security Open
Defensive Advanced Premium

Run a Windows event log hunting artifact.

Run a Windows event log hunting artifact.

velociraptor query "SELECT * FROM Artifact.Windows.EventLogs.EvtxHunter()"
velociraptor endpoint-security expanded-library
Velociraptor / Endpoint Security Open
Defensive Advanced Premium

Collect generic endpoint info.

Collect generic endpoint info.

velociraptor query "SELECT * FROM Artifact.Generic.Client.Info()"
velociraptor endpoint-security expanded-library
Velociraptor / Endpoint Security Open
Defensive Advanced Premium

Review Velociraptor client configuration.

Review Velociraptor client configuration.

velociraptor config show --section Client
velociraptor endpoint-security expanded-library
Velociraptor / Endpoint Security Open
Defensive Advanced Premium

List endpoint users.

List endpoint users.

velociraptor query "SELECT * FROM users()"
velociraptor endpoint-security expanded-library
Velociraptor / Endpoint Security Open
Defensive Advanced Premium

Inspect endpoint network connections.

Inspect endpoint network connections.

velociraptor query "SELECT * FROM netstat()"
velociraptor endpoint-security expanded-library
Velociraptor / Endpoint Security Open
Defensive Advanced Premium

Hash a known endpoint binary.

Hash a known endpoint binary.

velociraptor query "SELECT * FROM hash(path='C:/Windows/System32/cmd.exe')"
velociraptor endpoint-security expanded-library
Velociraptor / Endpoint Security Open
Defensive Intermediate Free

Query running process inventory.

Query running process inventory.

osqueryi "select name,path,pid from processes limit 10;"
osquery endpoint-security expanded-library
Osquery / Endpoint Security Open
Defensive Intermediate Free

Find unusual listening ports.

Find unusual listening ports.

osqueryi "select * from listening_ports where port not in (80,443,22);"
osquery endpoint-security expanded-library
Osquery / Endpoint Security Open