Listen to this Post
Introduction
Reconnaissance is a critical phase in cybersecurity, enabling professionals to gather system and network information for analysis or penetration testing. These 15 Linux commands help beginners perform basic recon tasks, from identifying users to inspecting network configurations.
Learning Objectives
- Understand foundational Linux commands for system reconnaissance.
- Learn how to extract user, network, and hardware details.
- Apply these commands in real-world cybersecurity assessments.
1. View System Information with `uname`
Command:
uname -a
What It Does:
Displays system kernel and hardware details, including OS name, version, and machine architecture.
How to Use:
- Run `uname -a` to see a full system summary.
- Use `uname -r` to check only the kernel version.
2. List Running Processes with `ps`
Command:
ps aux
What It Does:
Shows all running processes, including those by other users, helping identify suspicious activity.
How to Use:
– `ps aux | grep
` filters for a specific process. - Check CPU/Memory usage to spot anomalies. <h2 style="color: yellow;">3. Check User Identity with `id`</h2> <h2 style="color: yellow;">Command:</h2> [bash] id
What It Does:
Displays current user’s UID, GID, and group memberships—critical for privilege escalation checks.
How to Use:
- Run `id
` to inspect another user’s privileges. </li> </ul> <h2 style="color: yellow;">4. Inspect Network Interfaces with `ifconfig` or `ip`</h2> <h2 style="color: yellow;">Legacy Command:</h2> [bash] ifconfig
Modern Alternative:
ip addr
What It Does:
Lists IP addresses, MACs, and interface statuses. `ip` is preferred for newer systems.
How to Use:
– `ip route show` reveals routing tables.
5. Monitor Network Connections with `netstat` or `ss`
Legacy Command:
netstat -tuln
Modern Alternative:
ss -tuln
What It Does:
Lists active TCP/UDP ports and listening services. `ss` is faster and more detailed.
How to Use:
- Combine with `grep` to filter for specific ports (e.g.,
ss -tuln | grep 443).
6. List Logged-In Users with `who`
Command:
who
What It Does:
Shows active user sessions, including login time and source IP.
How to Use:
– `w` provides additional data like idle time and running commands.
7. Scan USB Devices with `lsusb`
Command:
lsusb
What It Does:
Lists connected USB devices, useful for detecting unauthorized hardware.
How to Use:
– `lsusb -v` for verbose details (requires root).
8. Find Open Files with `lsof`
Command:
lsof -i
What It Does:
Lists files opened by processes, including network connections.
How to Use:
– `lsof -u
` shows files accessed by a specific user. <h2 style="color: yellow;">What Undercode Say</h2> <h2 style="color: yellow;">Key Takeaways:</h2> <ol> <li>Recon is foundational: These commands are the first step in penetration testing and threat hunting. </li> <li>Modern tools replace legacy: Prefer `ip` over `ifconfig` and `ss` over `netstat` for accuracy. </li> </ol> <h2 style="color: yellow;">Analysis:</h2> While basic, these commands form the backbone of system reconnaissance. Mastery enables faster vulnerability identification—critical for both attackers and defenders. Future Linux distributions may deprecate older tools like <code>ifconfig</code>, so adopting modern alternatives is essential. <h2 style="color: yellow;">Prediction:</h2> As Linux evolves, expect tighter integration with AI-driven analysis tools (e.g., automated anomaly detection in `ps` outputs). Recon will become more automated, but command-line proficiency will remain vital for debugging and advanced assessments. <h2 style="color: yellow;">Final Tip:</h2> Combine these commands in scripts (e.g., Bash/Python) to automate recon workflows. For example: [bash] !/bin/bash echo "=== System Info ===" uname -a echo "=== Open Ports ===" ss -tuln
IT/Security Reporter URL:
Reported By: Chuckkeith 15 – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅Join Our Cyber World:
- Combine with `grep` to filter for specific ports (e.g.,
