Table of Contents
Linux Pentesting
Return to Pentesting by OS, Linux Security, macOS Pentesting, Pentesting, Linux, Linux Testing Bibliography, Linux Testing, Linux DevSecOps, Linux Internals, Windows Pentesting, Pentesting Glossary, Awesome Pentesting, Pentesting GitHub, Pentesting Topics
- Snippet from Wikipedia: Penetration test
A penetration test, colloquially known as a pentest, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed to identify weaknesses (or vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.
The process typically identifies the target systems and a particular goal, then reviews available information and undertakes various means to attain that goal. A penetration test target may be a white box (about which background and system information are provided in advance to the tester) or a black box (about which only basic information other than the company name is provided). A gray box penetration test is a combination of the two (where limited knowledge of the target is shared with the auditor). A penetration test can help identify a system's vulnerabilities to attack and estimate how vulnerable it is.
Security issues that the penetration test uncovers should be reported to the system owner. Penetration test reports may also assess potential impacts to the organization and suggest countermeasures to reduce the risk.
The UK National Cyber Security Center describes penetration testing as: "A method for gaining assurance in the security of an IT system by attempting to breach some or all of that system's security, using the same tools and techniques as an adversary might."
The goals of a penetration test vary depending on the type of approved activity for any given engagement, with the primary goal focused on finding vulnerabilities that could be exploited by a nefarious actor, and informing the client of those vulnerabilities along with recommended mitigation strategies.
Penetration tests are a component of a full security audit. For example, the Payment Card Industry Data Security Standard requires penetration testing on a regular schedule, and after system changes. Penetration testing also can support risk assessments as outlined in the NIST Risk Management Framework SP 800-53.
Several standard frameworks and methodologies exist for conducting penetration tests. These include the Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), the NIST Special Publication 800-115, the Information System Security Assessment Framework (ISSAF) and the OWASP Testing Guide. CREST, a not for profit professional body for the technical cyber security industry, provides its CREST Defensible Penetration Test standard that provides the industry with guidance for commercially reasonable assurance activity when carrying out penetration tests.
Flaw hypothesis methodology is a systems analysis and penetration prediction technique where a list of hypothesized flaws in a software system are compiled through analysis of the specifications and documentation for the system. The list of hypothesized flaws is then prioritized on the basis of the estimated probability that a flaw actually exists, and on the ease of exploiting it to the extent of control or compromise. The prioritized list is used to direct the actual testing of the system.
There are different types of penetration testing, depending upon the goal of the organization which include: Network (external and internal), Wireless, Web Application, Social Engineering, and Remediation Verification.
Even more recently a common pen testing tool called a flipper was used to hack the MGM casinos in 2023 by a group called Scattered Spiders showing the versatility and power of some of the tools of the trade.
Research More
Fair Use Sources
Pentesting: Pentesting Kubernetes - Pentesting Docker - Pentesting Podman - Pentesting Containers, Pentesting Java, Pentesting Spring Boot, Vulnerability Assessment, Penetration Testing Frameworks, Ethical Hacking, Social Engineering Attacks, Network Penetration Testing, Web Application Penetration Testing, Wireless Network Penetration Testing, Physical Security Penetration Testing, Social Engineering Techniques, Phishing Techniques, Password Cracking Techniques, SQL Injection Attacks, Cross-Site Scripting (XSS) Attacks, Cross-Site Request Forgery (CSRF) Attacks, Security Misconfiguration Issues, Sensitive Data Exposure, Broken Authentication and Session Management, Insecure Direct Object References, Components with Known Vulnerabilities, Insufficient Logging and Monitoring, Mobile Application Penetration Testing, Cloud Security Penetration Testing, IoT Device Penetration Testing, API Penetration Testing, Encryption Flaws, Buffer Overflow Attacks, Denial of Service (DoS) Attacks, Distributed Denial of Service (DDoS) Attacks, Man-in-the-Middle (MitM) Attacks, Port Scanning Techniques, Firewall Evasion Techniques, Intrusion Detection System (IDS) Evasion Techniques, Penetration Testing Tools, Automated Penetration Testing Software, Manual Penetration Testing Techniques, Post-Exploitation Techniques, Privilege Escalation Techniques, Persistence Techniques, Security Patches and Updates Testing, Compliance Testing, Red Team Exercises, Blue Team Strategies, Purple Teaming, Threat Modeling, Risk Analysis, Vulnerability Scanning Tools, Exploit Development, Reverse Engineering, Malware Analysis, Digital Forensics in Penetration Testing
Mitre Framework, Common Vulnerabilities and Exposures (CVE), Pentesting by Programming Language (Angular Pentesting, Bash Pentesting, C Pentesting, C Plus Plus Pentesting | C++ Pentesting, C Sharp Pentesting | Pentesting, Clojure Pentesting, COBOL Pentesting, Dart Pentesting, Fortran Pentesting, Golang Pentesting, Java Pentesting, JavaScript Pentesting, Kotlin Pentesting, Python Pentesting, PowerShell Pentesting, React Pentesting, Ruby Pentesting, Rust Pentesting, Scala Pentesting, Spring Pentesting, Swift Pentesting - iOS Pentesting - macOS Pentesting, TypeScript Pentesting),
Pentesting by Cloud Provider, Pentesting GitHub - Pentesting GitHub Repositories, Pentesting by OS, Pentesting by Company, Awesome Pentesting, Pentesting Bibliography, Pentesting GitHub, Pentesting topics, Cybersecurity topics, Dictionary attack, Passwords, Hacking (Ethical hacking, White hat, Black hat, Grey hat), Pentesting, Rainbow table, Cybersecurity certifications (CEH), Awesome pentesting. (navbar_pentesting. See also navbar_passwords, navbar_passkeys, navbar_mfa, navbar_security, navbar_encryption, navbar_iam, navbar_devsecops)
Linux, kernel, systemd, init, GRUB (GRand Unified Bootloader), initramfs, ext4 (Fourth Extended Filesystem), XFS, Btrfs (B-Tree File System), zram, zswap, cgroups (Control Groups), namespaces, selinux (Security-Enhanced Linux), AppArmor, iptables, nftables, firewalld, auditd, journald, syslog, logrotate, dmesg, udev, eBPF (Extended Berkeley Packet Filter), KVM (Kernel-based Virtual Machine), QEMU (Quick Emulator), VirtIO, LXC (Linux Containers), Docker, Podman, CRI-O, Kubernetes Integration, etcd, Linux Control Groups, LXD (Linux Daemon), Snap, Flatpak, AppImage, RPM (Red Hat Package Manager), dpkg (Debian Package Manager), APT (Advanced Package Tool), YUM (Yellowdog Updater, Modified), DNF (Dandified YUM), Pacman, Zypper, Portage, emerge, Nix, pkg-config, ldconfig, make, cmake, autoconf, automake, configure, GCC (GNU Compiler Collection), Clang, glibc (GNU C Library), musl, libstdc++, libc, binutils, GNU Coreutils, Bash (Bourne Again Shell), Zsh (Z Shell), Fish Shell, dash, sh, SSH (Secure Shell), sshd (SSH Daemon), scp (Secure Copy), rsync, SCP (Secure Copy Protocol), wget, curl, ftp, sftp, TFTP (Trivial File Transfer Protocol), NFS (Network File System), CIFS (Common Internet File System), Samba, autofs, mount, umount, lsblk, blkid, parted, fdisk, gdisk, mkfs, fsck, tune2fs, xfs_repair, btrfs-progs, mdadm (Multiple Device Admin), RAID (Redundant Array of Independent Disks), LVM (Logical Volume Manager), thin provisioning, lvcreate, lvremove, vgcreate, vgremove, pvcreate, pvremove, multipath-tools, ISCSI (Internet Small Computer Systems Interface), nvme-cli, dm-crypt, cryptsetup, LUKS (Linux Unified Key Setup), dracut, GRUB Customizer, PXE (Preboot Execution Environment), tftpboot, Syslinux, LiveCD, LiveUSB, mkbootdisk, dd, cpio, tar, gzip, bzip2, xz, 7zip, zstd, rsyslog, sysctl, lsmod, modprobe, depmod, modinfo, insmod, rmmod, kmod, dkms (Dynamic Kernel Module Support), kernel tuning, kernel headers, kernel modules, patch, diff, strace, ltrace, ptrace, perf, htop, top, iotop, atop, vmstat, mpstat, sar, dstat, iostat, uptime, free, df, du, ps, pidstat, nice, renice, kill, pkill, killall, jobs, bg, fg, wait, nohup, screen, tmux, cron, crontab, at, anacron, systemctl, service, chkconfig, rc-update, update-rc.d, ntpd (Network Time Protocol Daemon), chronyd, hwclock, timedatectl, ntpdate, ufw (Uncomplicated Firewall), iptables-save, iptables-restore, fail2ban, denyhosts, tcp_wrappers, libcap, setcap, getcap, auditctl, ausearch, kernel parameters, boot parameters, sysfs, procfs, debugfs, tmpfs, ramfs, overlayfs, aufs, bind mounts, chroot, pivot_root, overlay2, network namespaces, bridge-utils, iproute2, ip, ifconfig, route, netstat, ss, arp, ping, traceroute, mtr, tcpdump, ngrep, nmap, arp-scan, ethtool, iwconfig, iw, wpa_supplicant, hostapd, dnsmasq, networkmanager, nmcli, nmtui, system-config-network, dhclient, dhcpd, isc-dhcp-server, bind9, named, unbound, nslookup, dig, resolvconf, iptables, nftables, firewalld, conntrack, ipset, snort, suricata, tcp_wrappers, rkhunter, chkrootkit, clamav, lynis, openvpn, strongswan, libreswan, openconnect, network namespaces, virtual ethernet, veth, tap interfaces, tun interfaces, vlan, bridge, brctl, ovs-vsctl, openvswitch, macvlan, ipvlan, bonding, teamd, network teaming, multipath, multipath-tools, route tables, ip rule, ip route, policy routing, qos, tc (Traffic Control), htb, fq_codel, cake, iptables NAT, iptables MASQUERADE, squid, socks5, privoxy, tor, iptables DNAT, iptables SNAT, iptables REDIRECT, conntrack, stateful firewall, stateless firewall, tcp_window_scaling, tcp_timestamps, tcp_sack, tcp_rmem, tcp_wmem, tcp_no_metrics_save, tcp_ecn, netem, ip6tables, ipset, ebtables, arptables, bridge-nf, br_netfilter, openvswitch, gre tunnels, ipip tunnels, vxlan, gretap, macsec, macvlan, ipvlan, wireguard, strongswan, libreswan, xfrm, ipsec, isakmpd, racoon, openswan, ikev2, ikev1, vpn tunnels, gre tunnels, vxlan tunnels, fou tunnels, ipip tunnels.
Linux Core Utilities commands - GNU Core Utilities command-line interface programs
This list should really only include standard universal commands that come with GNU Core Utilities.
- tac
This should really only include standard universal commands that come with all Linux distributions adhering to the Single UNIX Specification.
Really this is “Unix programs”, since there are no commands in Unix, they are programs except for shell builtins.
Unix command-line interface programs and shell builtins:
Unix user environment commands:
[[env]]
Unix text processing commands:
[[alias (command) ]] | [[ alias]]
Note: Networking is not part of SUS
Unix network utility commands:
Unix software development commands: Note: There are a huge number of Linux software development tools / Unix software development tools; this list should be restricted to ones that are standardized as part of Unix, i.e., those marked SD, CD], or FD (http://pubs.opengroup.org/onlinepubs/9699919799/help/codes.html) within the Unix/POSIX specifications
See also
References
Linux Commands (ls, cd, pwd, cp, mv, rm, mkdir, rmdir, touch, cat, less, head, tail, grep, find, chmod, chown, chgrp, tar, gzip, gunzip, df, du, ps, top, kill, man, ssh, scp, rsync, vim, nano, sed, awk, ping, ifconfig, netstat, route, traceroute, dig), Linux Fundamentals, Linux Inventor: Linus Torvalds says “Linux sucks | Linux just sucks less.”, Linux Best Practices - Linux Anti-Patterns, Linux kernel, Linux commands-Linux Shells-Linux CLI-GNU-Linux GUI-X11, Linux DevOps-Linux development-Linux system programming-Bash-zsh-Linux API, Linux package managers, Linux configuration management (Ansible on Linux, Chef on Linux, Puppet on Linux, PowerShell on Linux), Linux Distros (RHEL-Rocky Linux-CentOS (CentOS Stream)-Oracle Linux-Fedora, Ubuntu-Debian-Linux Mint-Raspberry Pi OS-Kali Linux-Tails, openSUSE - SUSE Linux Enterprise Server (SLES), Arch Linux-Manjaro Linux, Alpine Linux-BusyBox - Slackware - Android-Chrome OS); UNIX-UNIX Distros (FreeBSD-OpenBSD, BSD, macOS), Linux networking, Linux storage, Linux secrets, Linux security (Linux IAM-LDAP-Linux Firewall-Linux Proxy), Linux docs, Linux GitHub, Linux Containers, Linux VM, Linux on AWS, Linux on Azure, Linux on GCP, Linux on Windows (WSL), Linux on IBM, Linux on Mainframe (Linux on IBM Z mainframe - Linux for System z - IBM LinuxONE), Embedded Linux, Linus IoT-Linux on Raspberry Pi, LinuxOps-Linux sysadmin, systemd-userland-kernel space-POSIX-SUS-Linux filesystem-Linux architecture, Linux books-UNIX books, Linux courses, Linux Foundation, Linux history, Linux philosophy, Linux adoption, Linux Glossary - Glossaire de Linux - French, Linux topics (navbar_linux and navbar_unix - see also navbar_fedora, navbar_rhel, navbar_centos, navbar_debian, navbar_ubuntu, navbar_linux_mint, navbar_freebsd, navbar_opensuse, navbar_manjaro, navbar_kali_linux, navbar_nixos, navbar_alpine_linux, navbar_tails_linux, navbar_slackware, navbar_rocky_linux, navbar_arch_linux, navbar_oracle_linux)
Cloud Monk is Retired ( for now). Buddha with you. © 2025 and Beginningless Time - Present Moment - Three Times: The Buddhas or Fair Use. Disclaimers
SYI LU SENG E MU CHYWE YE. NAN. WEI LA YE. WEI LA YE. SA WA HE.