Linux for Hackers: Top 15 Commands Every Ethical Hacker Must Know in 2026

If you cannot move fluently around a Linux terminal you are not yet a hacker — you are a tutorial reader. Linux is the operating system every serious cyber security professional in India lives in, whether you run Kali, Parrot, BlackArch, or Ubuntu with custom tooling. The faster you internalize the core commands, the faster everything else falls into place.

These are the 15 commands our trainers at Cyber Defence Academy drill students on before they touch any "hacking tool". Master these and tools like Nmap, Burp, and Metasploit become 10× easier.

1. find — locate anything, anywhere

find / -type f -name "*.conf" 2>/dev/null
find /var/www -name "*.bak" -mtime -7

Used for post-exploitation file hunting, finding backup files leaked by admins, locating world-writable files.

2. grep — pattern matching

grep -RIn "password" /etc 2>/dev/null
grep -E "(api[_-]?key|secret|token)" -ri .

The number one way credentials get found during privilege escalation.

3. netstat / ss — open ports and connections

ss -tulpn        # all listening sockets with process
ss -anp | grep ESTAB

What is listening, what is connected, who launched it.

4. nmap — the recon workhorse

nmap -sC -sV -p- -T4 target.com
nmap --script vuln 10.0.0.0/24

Even if you only know two flags (-sV and -p-), you can map any network.

5. curl / wget — HTTP recon and exfiltration

curl -sI https://target.com
curl -X POST -d "user=admin&pass=admin" https://target.com/login

6. tcpdump — packet capture

sudo tcpdump -i eth0 'port 80' -w capture.pcap

Used for sniffing credentials, debugging exploits, capturing handshakes.

7. chmod / chown — permissions

Most CTF and real-world privilege escalation comes down to misconfigured permissions. Know them cold.

8. sudo -l — what can I run as root?

First command after gaining a low-privilege shell. Half of all priv-esc paths show up here.

9. ssh + key files

ssh -i id_rsa user@target -p 2222
ssh -L 8080:internal:80 jump@host  # port forwarding

10. nc (netcat) — the Swiss army knife

nc -lvnp 4444    # listener for reverse shells
nc target 80 < payload.txt

11. tar / zip — archive and extract

Used for exfiltrating data and unpacking dropped payloads. Also a classic priv-esc vector via setuid wildcards.

12. history — what did the user just do?

cat ~/.bash_history
cat ~/.zsh_history

Treasure chest after gaining a shell.

13. awk + sed — text processing pipelines

cat access.log | awk '{print $1}' | sort | uniq -c | sort -rn | head
sed -i 's/foo/bar/g' file.txt

14. ps + top / htop — processes

ps auxf
ps -ef --forest

Find suspicious / cron processes; spot defender / EDR agents.

15. journalctl — modern Linux logs

journalctl -xe -u sshd
journalctl --since "1 hour ago"

Bonus: pipes, redirection, and the brain you actually need

Commands are just legos. What matters is being able to chain them. A real engagement starts with one-liners like:

find / -perm -4000 -type f 2>/dev/null | xargs -I{} ls -la {}

How to practice these in Hisar, Haryana

Don't memorize the commands — use them every day. We recommend students at our cyber security training in Hisar set up a Kali Linux VM at home and complete one TryHackMe room per day for 60 days. By day 30 you'll never need a cheat-sheet again.

FAQs

Do I need to learn Linux before learning ethical hacking?

Yes. Without Linux fluency, every offensive tool feels mysterious. With it, even unfamiliar tools become trivial.

Is Kali Linux the best distribution for hackers in 2026?

Kali is the most common, but Parrot Security OS and BlackArch are equally good. Pick one and stick to it.