← Back to Blog Home

Five of My Favorite Command-Line Utilities

DevOps & System Admin.
by: Justin Kulesza

Article summary

I spend a lot of time on the command line (generally, GNU/Linux), and often work on automating processes and tasks. My work often occurs on a remote machine to which I do not have access, and it generally must be headless (no GUI).

As a result, I have collected an arsenal of command-line interface (CLI) utilities that I always install when I’m setting up a new development machine for myself. There are often graphical analogues for these utilities, but I prefer these because of their CLI. Below is a sampling of my favorites.

ssh-copy-id

ssh-copy-id is probably the simplest tool on this list, but it is definitely one of my most-used. It is a helper to install SSH public keys on SSH-capable machines–without the need to manually edit an authorized_keys file.

Basic usage:

  • ssh-copy-id @

Example:


jk@GERTY-MK-IV ~ $ ssh-copy-id [email protected]
/usr/local/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/local/bin/ssh-copy-id: INFO: 2 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: ******

Number of key(s) added:        2

Now try logging into the machine with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

subnetcalc

subnetcalc is a calculator that helps perform the math for IP (v4 and v6) networks. I find it indispensable when setting up new networks and correctly configuring subnet masks. Before I knew better, I did subnet size calculations in my head–this saves me the headache.

Basic usage:

  • subnetcalc /

Example:


jk@GERTY-MK-IV ~ $ subnetcalc 10.1.0.1/16
Address       = 10.1.0.1
                   00001010 . 00000001 . 00000000 . 00000001
Network       = 10.1.0.0 / 16
Netmask       = 255.255.0.0
Broadcast     = 10.1.255.255
Wildcard Mask = 0.0.255.255
Hosts Bits    = 16
Max. Hosts    = 65534   (2^16 - 2)
Host Range    = { 10.1.0.1 - 10.1.255.254 }
Properties    =
   - 10.1.0.1 is a HOST address in 10.1.0.0/16
   - Class A
   - Private
DNS Hostname  = (nodename nor servname provided, or not known)

HTTrack

Whenever I need to back up a website or create a suitable archive to use as static cache/mirror, I use HTTrack. It downloads a website to a local directory as HTML, collecting domain documents and assets from the domain. It will rewrite all links to use a relative link structure appropriate to the site so that it can be fully browsable offline, served locally. If desired, it can also pull down assets and link targets from other domains so that no functionality is lost.

My most common usage:

  • httrack --mirror-wizard

Example:

The mirror-wizard option will prompt for what to do with external resources. It is often desirable to include remote assets (such as images, JavaScript, and styles).


jk@GERTY-MK-IV ~ $ httrack --mirror-wizard https://example.com
Mirror launched on Sun, 16 Jul 2017 18:41:32 by HTTrack Website Copier/3.49-2 [XR&CO'2014]
mirroring https://example.com with the wizard help..
2/3: https://example.com/ (1270 bytes) - OK
A link, www.iana.org/domains/example, is located beyond this mirror scope.
What should I do? (type in the choice + enter)

* Ignore all further links and do not ask any more questions
0 Ignore this link (default if empty entry)
1 Ignore directory and lower structures
2 Ignore all domain

4 Get only this page/link, but not links inside this page
5 Mirror this link (useful)
6 Mirror all links located on the same domain as this link

>> 0
ok..
Done.
Thanks for using HTTrack!

sslscan

Ever needed to quickly verify that the SSL configuration of a webserver is sane? sslscan enables me to do this quickly and easily. While it may not go through as many specific tests as Qualys’ SSL Labs, it gives me a baseline level of confidence in how the server is configured and how the associated SSL certificates are installed. It also allows testing of STARTTLS commands for various services like LDAP and SMTP.

Basic usage:

  • sslscan

Example:


jk@GERTY-MK-IV ~ $ sslscan https://example.com
Version: 1.11.9
OpenSSL 1.0.2l  25 May 2017

OpenSSL version does not support SSLv2
SSLv2 ciphers will not be detected

Testing SSL server example.com on port 443 using SNI name example.com

  TLS Fallback SCSV:
Server supports TLS Fallback SCSV

  TLS renegotiation:
Secure session renegotiation supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed

  Supported Server Cipher(s):
Preferred TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256
Accepted  TLSv1.2  256 bits  AES256-SHA
Accepted  TLSv1.2  256 bits  CAMELLIA256-SHA
Accepted  TLSv1.2  128 bits  AES128-SHA
Accepted  TLSv1.2  128 bits  CAMELLIA128-SHA
Accepted  TLSv1.2  128 bits  SEED-SHA
Preferred TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  256 bits  AES256-SHA
Accepted  TLSv1.1  256 bits  CAMELLIA256-SHA
Accepted  TLSv1.1  128 bits  AES128-SHA
Accepted  TLSv1.1  128 bits  CAMELLIA128-SHA
Accepted  TLSv1.1  128 bits  SEED-SHA
Preferred TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  256 bits  AES256-SHA
Accepted  TLSv1.0  256 bits  CAMELLIA256-SHA
Accepted  TLSv1.0  128 bits  AES128-SHA
Accepted  TLSv1.0  128 bits  CAMELLIA128-SHA
Accepted  TLSv1.0  128 bits  SEED-SHA

  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength:    2048

Subject:  www.example.org
Altnames: DNS:www.example.org, DNS:example.com, DNS:example.edu, DNS:example.net, DNS:example.org, DNS:www.example.com, DNS:www.example.edu, DNS:www.example.net
Issuer:   DigiCert SHA2 High Assurance Server CA

Not valid before: Nov  3 00:00:00 2015 GMT
Not valid after:  Nov 28 12:00:00 2018 GMT

convert (ImageMagick)

Working with images can be frustrating, especially when there is a lot of hidden metadata that many editors ignore. The CLI tools for ImageMagick are great for working with images, but I find convert, in particular, quite useful. Generally, I use it to strip out metadata that I don’t need, or to quickly convert between file formats.

Basic usage:

  • convert -strip . .

Example:


jk@GERTY-MK-IV ~ $ convert -verbose 400_Kulesza_Justin-2014.jpg 400_Kirkham_Phil-2014.png
400_Kulesza_Justin-2014.jpg JPEG 200x200 200x200+0+0 8-bit sRGB 9574B 0.000u 0:00.000
writing raw profile: type=8bim, length=40
writing raw profile: type=exif, length=138
writing raw profile: type=iptc, length=0
400_Kulesza_Justin-2014.jpg=>400_Kulesza_Justin-2014.png JPEG 200x200 200x200+0+0 8-bit sRGB 64332B 0.020u 0:00.019
jk@GERTY-MK-IV ~ $
jk@GERTY-MK-IV ~ $ convert -verbose -strip 400_Kulesza_Justin-2014.jpg 400_Kirkham_Phil-2014.png
400_Kulesza_Justin-2014.jpg JPEG 200x200 200x200+0+0 8-bit sRGB 9574B 0.000u 0:00.009
400_Kulesza_Justin-2014.jpg=>400_Kulesza_Justin-2014.png 200x200 200x200+0+0 8-bit sRGB 63692B 0.010u 0:00.009

I’d love to hear about your favorites in the comments.

Related Posts