learn_bash_from_session_data 1.0.10 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/package.json +1 -1
  2. package/scripts/enrichment_builtins.py +1266 -0
  3. package/scripts/enrichment_coreutils.py +1499 -0
  4. package/scripts/enrichment_netproc.py +2270 -0
  5. package/scripts/enrichment_netsys.py +1601 -0
  6. package/scripts/enrichment_pkgcomp.py +2185 -0
  7. package/scripts/enrichment_textdev.py +2016 -0
  8. package/scripts/html_generator.py +144 -1
  9. package/scripts/knowledge_base.py +11521 -5648
  10. package/scripts/main.py +1 -1
  11. package/scripts/merge_enrichment.py +272 -0
package/scripts/enrichment_netsys.py ADDED
@@ -0,0 +1,1601 @@
1
+ """
2
+ Enrichment data for Networking, System Administration, and Process Management commands.
3
+
4
+ This module provides additional educational metadata (use_cases, gotchas,
5
+ related commands, difficulty, and supplementary flags) for commands that
6
+ exist in COMMAND_DB but are missing these fields.
7
+
8
+ Sources:
9
+ - man7.org Linux man-pages: https://man7.org/linux/man-pages/dir_section_1.html
10
+ - man7.org section 8: https://man7.org/linux/man-pages/dir_section_8.html
11
+ - nmap.org: https://nmap.org/book/man.html
12
+ - OpenSSH: https://www.openssh.com/manual.html
13
+ - curl docs: https://curl.se/docs/manpage.html
14
+ """
15
+
16
+ ENRICHMENT_DATA = {
17
+ # =========================================================================
18
+ # NETWORKING - DNS & LOOKUP
19
+ # =========================================================================
20
+
21
+ "dig": {
22
+ "man_url": "https://man7.org/linux/man-pages/man1/dig.1.html",
23
+ "use_cases": [
24
+ "Query DNS records for a domain: dig example.com A",
25
+ "Look up MX records for mail troubleshooting: dig example.com MX",
26
+ "Trace the full DNS resolution path: dig +trace example.com",
27
+ ],
28
+ "gotchas": [
29
+ "Output is verbose by default; use +short for just the answer",
30
+ "dig uses system resolvers unless you specify @server explicitly",
31
+ ],
32
+ "related": ["nslookup", "host", "whois"],
33
+ "difficulty": "intermediate",
34
+ "extra_flags": {
35
+ "+short": "Show only the answer, no headers or authority sections",
36
+ "+trace": "Trace the delegation path from root servers",
37
+ "@server": "Query a specific DNS server instead of system default",
38
+ },
39
+ },
40
+
41
+ "nslookup": {
42
+ "man_url": "https://man7.org/linux/man-pages/man1/nslookup.1.html",
43
+ "use_cases": [
44
+ "Quick DNS lookup for a hostname: nslookup example.com",
45
+ "Reverse DNS lookup from an IP address: nslookup 8.8.8.8",
46
+ "Query a specific DNS server: nslookup example.com 8.8.8.8",
47
+ ],
48
+ "gotchas": [
49
+ "nslookup is considered deprecated in favor of dig on many systems",
50
+ "Interactive mode behaves differently from command-line mode",
51
+ ],
52
+ "related": ["dig", "host", "whois"],
53
+ "difficulty": "beginner",
54
+ },
55
+
56
+ "host": {
57
+ "man_url": "https://man7.org/linux/man-pages/man1/host.1.html",
58
+ "use_cases": [
59
+ "Simple DNS lookup: host example.com",
60
+ "Reverse DNS lookup: host 192.168.1.1",
61
+ "Find mail servers for a domain: host -t MX example.com",
62
+ ],
63
+ "gotchas": [
64
+ "Output format differs significantly from dig and nslookup",
65
+ "Less detailed than dig; not ideal for advanced DNS debugging",
66
+ ],
67
+ "related": ["dig", "nslookup", "whois"],
68
+ "difficulty": "beginner",
69
+ },
70
+
71
+ "whois": {
72
+ "man_url": "https://man7.org/linux/man-pages/man1/whois.1.html",
73
+ "use_cases": [
74
+ "Look up domain registration details: whois example.com",
75
+ "Check IP address ownership and ASN info: whois 8.8.8.8",
76
+ "Verify domain expiration dates for renewal planning",
77
+ ],
78
+ "gotchas": [
79
+ "Many registrars now redact personal info due to GDPR/privacy policies",
80
+ "Output format varies wildly between different TLD registries",
81
+ ],
82
+ "related": ["dig", "nslookup", "host"],
83
+ "difficulty": "beginner",
84
+ },
85
+
86
+ # =========================================================================
87
+ # NETWORKING - CONNECTIVITY & TRANSFER
88
+ # =========================================================================
89
+
90
+ "ping": {
91
+ "man_url": "https://man7.org/linux/man-pages/man8/ping.8.html",
92
+ "use_cases": [
93
+ "Test basic network connectivity to a host: ping 8.8.8.8",
94
+ "Check if a server is reachable and measure round-trip latency",
95
+ "Send a specific number of pings: ping -c 5 example.com",
96
+ ],
97
+ "gotchas": [
98
+ "Many firewalls block ICMP, so no reply does not always mean host is down",
99
+ "On Linux ping runs forever by default; use -c to limit count",
100
+ ],
101
+ "related": ["traceroute", "mtr", "tracepath"],
102
+ "difficulty": "beginner",
103
+ "extra_flags": {
104
+ "-c": "Stop after sending N packets",
105
+ "-i": "Set interval between packets in seconds",
106
+ "-W": "Set timeout for each reply in seconds",
107
+ },
108
+ },
109
+
110
+ "traceroute": {
111
+ "man_url": "https://man7.org/linux/man-pages/man8/traceroute.8.html",
112
+ "use_cases": [
113
+ "Map the network path to a destination host",
114
+ "Identify where packet loss or high latency occurs in a route",
115
+ "Debug routing issues between networks",
116
+ ],
117
+ "gotchas": [
118
+ "Uses UDP by default on Linux; some firewalls block it, use -I for ICMP or -T for TCP",
119
+ "Asterisks (*) mean the hop did not respond, not necessarily that it is down",
120
+ ],
121
+ "related": ["mtr", "tracepath", "ping"],
122
+ "difficulty": "intermediate",
123
+ "extra_flags": {
124
+ "-I": "Use ICMP ECHO instead of UDP",
125
+ "-T": "Use TCP SYN for probes (useful through firewalls)",
126
+ "-n": "Do not resolve IP addresses to hostnames",
127
+ },
128
+ },
129
+
130
+ "tracepath": {
131
+ "man_url": "https://man7.org/linux/man-pages/man8/tracepath.8.html",
132
+ "use_cases": [
133
+ "Trace the path to a host without requiring root privileges",
134
+ "Discover the MTU along the path to a destination",
135
+ "Lightweight alternative to traceroute for quick diagnostics",
136
+ ],
137
+ "gotchas": [
138
+ "Does not support as many options as traceroute",
139
+ "May not be installed by default on all distributions",
140
+ ],
141
+ "related": ["traceroute", "mtr", "ping"],
142
+ "difficulty": "beginner",
143
+ },
144
+
145
+ "mtr": {
146
+ "man_url": "https://man7.org/linux/man-pages/man8/mtr.8.html",
147
+ "use_cases": [
148
+ "Continuously monitor network path quality combining ping and traceroute",
149
+ "Identify intermittent packet loss on specific hops",
150
+ "Generate a report of network path statistics: mtr --report example.com",
151
+ ],
152
+ "gotchas": [
153
+ "Requires root/sudo for ICMP mode; use --udp for unprivileged operation",
154
+ "Interactive TUI mode can confuse new users; use --report for one-shot output",
155
+ ],
156
+ "related": ["traceroute", "ping", "tracepath"],
157
+ "difficulty": "intermediate",
158
+ "extra_flags": {
159
+ "--report": "Run in report mode and exit after N cycles",
160
+ "--udp": "Use UDP instead of ICMP",
161
+ "-c": "Number of pings to send per hop",
162
+ },
163
+ },
164
+
165
+ "curl": {
166
+ "man_url": "https://curl.se/docs/manpage.html",
167
+ "use_cases": [
168
+ "Download files from URLs: curl -O https://example.com/file.tar.gz",
169
+ "Test REST API endpoints: curl -X POST -d '{\"key\":\"val\"}' URL",
170
+ "Send form data or upload files to web services",
171
+ "Follow redirects and inspect HTTP headers: curl -LI URL",
172
+ ],
173
+ "gotchas": [
174
+ "Use -f to fail silently on HTTP errors instead of saving the error page",
175
+ "Quote URLs containing special characters like & or ? in the shell",
176
+ "Without -L, curl will not follow HTTP redirects",
177
+ ],
178
+ "related": ["wget", "http", "httpie"],
179
+ "difficulty": "intermediate",
180
+ "extra_flags": {
181
+ "-k": "Allow insecure SSL connections (skip certificate verification)",
182
+ "-L": "Follow HTTP redirects",
183
+ "-o": "Write output to a specific file instead of stdout",
184
+ "-s": "Silent mode; suppress progress meter and errors",
185
+ "-H": "Add a custom HTTP header to the request",
186
+ },
187
+ },
188
+
189
+ "wget": {
190
+ "man_url": "https://man7.org/linux/man-pages/man1/wget.1.html",
191
+ "use_cases": [
192
+ "Download a file from the web: wget https://example.com/file.tar.gz",
193
+ "Mirror an entire website recursively: wget -m https://example.com",
194
+ "Resume an interrupted download: wget -c URL",
195
+ "Download files listed in a text file: wget -i urls.txt",
196
+ ],
197
+ "gotchas": [
198
+ "Recursive downloads (-r) without depth limits can consume enormous disk space",
199
+ "wget saves to files by default while curl prints to stdout by default",
200
+ "Use --no-check-certificate cautiously; it disables SSL verification",
201
+ ],
202
+ "related": ["curl", "rsync", "scp"],
203
+ "difficulty": "beginner",
204
+ "extra_flags": {
205
+ "-c": "Continue a partially downloaded file",
206
+ "-q": "Quiet mode; suppress output",
207
+ "-b": "Run in background after startup",
208
+ "--mirror": "Shortcut for -r -N -l inf --no-remove-listing",
209
+ },
210
+ },
211
+
212
+ "http": {
213
+ "man_url": "https://httpie.io/docs/cli",
214
+ "use_cases": [
215
+ "Human-friendly HTTP requests: http GET example.com",
216
+ "Send JSON data easily: http POST api.example.com name=value",
217
+ "Inspect response headers with colorized output",
218
+ ],
219
+ "gotchas": [
220
+ "The command may be named 'http' or 'httpie' depending on installation",
221
+ "Sends JSON by default unlike curl which sends form-encoded data",
222
+ ],
223
+ "related": ["curl", "wget", "httpie"],
224
+ "difficulty": "beginner",
225
+ },
226
+
227
+ "httpie": {
228
+ "man_url": "https://httpie.io/docs/cli",
229
+ "use_cases": [
230
+ "User-friendly HTTP client with syntax highlighting",
231
+ "Quick API testing with intuitive syntax: httpie POST url key=val",
232
+ "Download files with progress bar and formatted output",
233
+ ],
234
+ "gotchas": [
235
+ "Not installed by default on most systems; install via pip or package manager",
236
+ "The actual command name is usually 'http', not 'httpie'",
237
+ ],
238
+ "related": ["curl", "wget", "http"],
239
+ "difficulty": "beginner",
240
+ },
241
+
242
+ "rsync": {
243
+ "man_url": "https://man7.org/linux/man-pages/man1/rsync.1.html",
244
+ "use_cases": [
245
+ "Sync files between local and remote systems efficiently",
246
+ "Create incremental backups: rsync -av --delete /src/ /backup/",
247
+ "Transfer large directories with compression: rsync -avz src/ host:/dest/",
248
+ "Resume interrupted transfers without re-sending completed files",
249
+ ],
250
+ "gotchas": [
251
+ "Trailing slash on source directory matters: dir/ syncs contents, dir syncs the directory itself",
252
+ "--delete removes files in destination that do not exist in source; use with caution",
253
+ "Permissions and ownership preservation requires running as root or using --no-perms",
254
+ ],
255
+ "related": ["scp", "sftp", "cp"],
256
+ "difficulty": "intermediate",
257
+ "extra_flags": {
258
+ "-a": "Archive mode; preserves permissions, timestamps, symlinks, etc.",
259
+ "-z": "Compress data during transfer",
260
+ "--progress": "Show progress during transfer",
261
+ "--dry-run": "Show what would be transferred without actually doing it",
262
+ },
263
+ },
264
+
265
+ "scp": {
266
+ "man_url": "https://man7.org/linux/man-pages/man1/scp.1.html",
267
+ "use_cases": [
268
+ "Copy files to a remote server: scp file.txt user@host:/path/",
269
+ "Copy files from a remote server to local machine",
270
+ "Recursively copy directories: scp -r dir/ user@host:/path/",
271
+ ],
272
+ "gotchas": [
273
+ "scp is considered deprecated in favor of sftp or rsync by OpenSSH",
274
+ "Does not support resuming interrupted transfers; use rsync -P instead",
275
+ ],
276
+ "related": ["rsync", "sftp", "ssh"],
277
+ "difficulty": "intermediate",
278
+ "extra_flags": {
279
+ "-r": "Recursively copy entire directories",
280
+ "-P": "Specify an alternate SSH port",
281
+ "-C": "Enable compression during transfer",
282
+ },
283
+ },
284
+
285
+ "sftp": {
286
+ "man_url": "https://man7.org/linux/man-pages/man1/sftp.1.html",
287
+ "use_cases": [
288
+ "Interactive secure file transfer session: sftp user@host",
289
+ "Transfer files securely as a replacement for FTP",
290
+ "Batch file transfers using -b option with a command file",
291
+ ],
292
+ "gotchas": [
293
+ "Uses SSH protocol, not FTP; firewall rules differ from traditional FTP",
294
+ "Interactive commands (get, put, ls) differ slightly from local shell commands",
295
+ ],
296
+ "related": ["scp", "rsync", "ftp", "ssh"],
297
+ "difficulty": "intermediate",
298
+ },
299
+
300
+ "ftp": {
301
+ "man_url": "https://man7.org/linux/man-pages/man1/ftp.1.html",
302
+ "use_cases": [
303
+ "Connect to legacy FTP servers for file transfer",
304
+ "Upload/download files on systems that only support FTP",
305
+ "Automate FTP transfers with scripted commands",
306
+ ],
307
+ "gotchas": [
308
+ "FTP transmits credentials in plain text; always prefer sftp or scp",
309
+ "Active mode FTP requires firewall rules for data connections on dynamic ports",
310
+ ],
311
+ "related": ["sftp", "scp", "curl", "wget"],
312
+ "difficulty": "beginner",
313
+ },
314
+
315
+ "tftp": {
316
+ "man_url": "https://man7.org/linux/man-pages/man1/tftp.1.html",
317
+ "use_cases": [
318
+ "Boot network devices (PXE) that use TFTP for firmware loading",
319
+ "Transfer small configuration files to embedded devices",
320
+ "Simple file transfers in environments where FTP is unavailable",
321
+ ],
322
+ "gotchas": [
323
+ "No authentication or encryption; only use on trusted networks",
324
+ "Limited to small files; no directory listing or resume support",
325
+ ],
326
+ "related": ["ftp", "sftp", "scp"],
327
+ "difficulty": "intermediate",
328
+ },
329
+
330
+ "telnet": {
331
+ "man_url": "https://man7.org/linux/man-pages/man1/telnet.1.html",
332
+ "use_cases": [
333
+ "Test if a TCP port is open on a remote host: telnet host 80",
334
+ "Debug text-based protocols like SMTP or HTTP manually",
335
+ "Quick connectivity test when nc is not available",
336
+ ],
337
+ "gotchas": [
338
+ "Never use telnet for remote login; it sends everything in plain text",
339
+ "Many modern systems do not have telnet installed by default",
340
+ ],
341
+ "related": ["ssh", "nc", "ncat"],
342
+ "difficulty": "beginner",
343
+ },
344
+
345
+ "ssh": {
346
+ "man_url": "https://man7.org/linux/man-pages/man1/ssh.1.html",
347
+ "use_cases": [
348
+ "Securely log into a remote machine: ssh user@host",
349
+ "Run a command on a remote server: ssh user@host 'ls /var/log'",
350
+ "Create SSH tunnels for port forwarding: ssh -L 8080:localhost:80 host",
351
+ "Use as a SOCKS proxy: ssh -D 1080 user@host",
352
+ ],
353
+ "gotchas": [
354
+ "Strict host key checking will reject changed host keys; update known_hosts if the server was legitimately reinstalled",
355
+ "Agent forwarding (-A) can be a security risk on untrusted intermediate hosts",
356
+ "Idle SSH connections may be killed by firewalls; use ServerAliveInterval in config",
357
+ ],
358
+ "related": ["scp", "sftp", "rsync", "ssh-keygen"],
359
+ "difficulty": "intermediate",
360
+ "extra_flags": {
361
+ "-L": "Local port forwarding: -L local_port:remote_host:remote_port",
362
+ "-R": "Remote port forwarding",
363
+ "-D": "Dynamic SOCKS proxy on local port",
364
+ "-N": "Do not execute a remote command (useful for tunnels only)",
365
+ "-J": "Jump host (proxy jump) for connecting through a bastion",
366
+ },
367
+ },
368
+
369
+ # =========================================================================
370
+ # NETWORKING - INTERFACES & ROUTING
371
+ # =========================================================================
372
+
373
+ "ip": {
374
+ "man_url": "https://man7.org/linux/man-pages/man8/ip.8.html",
375
+ "use_cases": [
376
+ "Show all network interfaces and addresses: ip addr show",
377
+ "Add or remove IP addresses from interfaces: ip addr add 10.0.0.1/24 dev eth0",
378
+ "Display and manipulate the routing table: ip route show",
379
+ "Bring interfaces up or down: ip link set eth0 up",
380
+ ],
381
+ "gotchas": [
382
+ "ip replaces the deprecated ifconfig, route, and arp commands",
383
+ "Changes made with ip are not persistent across reboots; use network config files",
384
+ "Subcommands can be abbreviated: ip a, ip r, ip l",
385
+ ],
386
+ "related": ["ifconfig", "route", "ss", "arp"],
387
+ "difficulty": "intermediate",
388
+ "extra_flags": {
389
+ "-br": "Brief output mode for concise display",
390
+ "-c": "Colorize output",
391
+ "-s": "Show statistics",
392
+ },
393
+ },
394
+
395
+ "ifconfig": {
396
+ "man_url": "https://man7.org/linux/man-pages/man8/ifconfig.8.html",
397
+ "use_cases": [
398
+ "Display all network interface configurations",
399
+ "Assign an IP address to an interface: ifconfig eth0 192.168.1.10",
400
+ "Enable or disable a network interface: ifconfig eth0 up/down",
401
+ ],
402
+ "gotchas": [
403
+ "Deprecated in favor of the ip command on modern Linux systems",
404
+ "May not be installed by default; part of net-tools package",
405
+ ],
406
+ "related": ["ip", "route", "netstat"],
407
+ "difficulty": "beginner",
408
+ },
409
+
410
+ "route": {
411
+ "man_url": "https://man7.org/linux/man-pages/man8/route.8.html",
412
+ "use_cases": [
413
+ "Display the kernel routing table: route -n",
414
+ "Add a default gateway: route add default gw 192.168.1.1",
415
+ "Add a static route to a specific network",
416
+ ],
417
+ "gotchas": [
418
+ "Deprecated in favor of ip route on modern Linux systems",
419
+ "Changes are not persistent; configure routes in network config files",
420
+ ],
421
+ "related": ["ip", "ifconfig", "netstat", "traceroute"],
422
+ "difficulty": "intermediate",
423
+ },
424
+
425
+ "arp": {
426
+ "man_url": "https://man7.org/linux/man-pages/man8/arp.8.html",
427
+ "use_cases": [
428
+ "Display the ARP cache showing IP-to-MAC mappings: arp -a",
429
+ "Manually add a static ARP entry for a host",
430
+ "Delete an ARP cache entry to force re-resolution",
431
+ ],
432
+ "gotchas": [
433
+ "Deprecated in favor of ip neigh on modern systems",
434
+ "ARP cache entries expire; stale entries can cause connectivity issues",
435
+ ],
436
+ "related": ["ip", "arping", "ifconfig", "ping"],
437
+ "difficulty": "intermediate",
438
+ },
439
+
440
+ "arping": {
441
+ "man_url": "https://man7.org/linux/man-pages/man8/arping.8.html",
442
+ "use_cases": [
443
+ "Check if an IP address is already in use on the local network",
444
+ "Resolve an IP address to a MAC address at layer 2",
445
+ "Detect duplicate IP addresses on a LAN segment",
446
+ ],
447
+ "gotchas": [
448
+ "Only works on the local network segment; cannot cross routers",
449
+ "Requires root privileges to send raw ARP packets",
450
+ ],
451
+ "related": ["arp", "ping", "ip", "nmap"],
452
+ "difficulty": "intermediate",
453
+ },
454
+
455
+ # =========================================================================
456
+ # NETWORKING - SOCKETS & PORT SCANNING
457
+ # =========================================================================
458
+
459
+ "ss": {
460
+ "man_url": "https://man7.org/linux/man-pages/man8/ss.8.html",
461
+ "use_cases": [
462
+ "List all listening TCP ports: ss -tlnp",
463
+ "Show established connections with process info: ss -tp",
464
+ "Filter connections by port or state: ss state established dport = :443",
465
+ ],
466
+ "gotchas": [
467
+ "Replaces the deprecated netstat command; syntax differs significantly",
468
+ "Process info (-p) requires root to see processes owned by other users",
469
+ ],
470
+ "related": ["netstat", "lsof", "ip"],
471
+ "difficulty": "intermediate",
472
+ "extra_flags": {
473
+ "-t": "Show TCP sockets only",
474
+ "-u": "Show UDP sockets only",
475
+ "-l": "Show only listening sockets",
476
+ "-n": "Show numeric addresses instead of resolving names",
477
+ "-p": "Show the process using each socket",
478
+ },
479
+ },
480
+
481
+ "netstat": {
482
+ "man_url": "https://man7.org/linux/man-pages/man8/netstat.8.html",
483
+ "use_cases": [
484
+ "List all listening ports: netstat -tlnp",
485
+ "Show network connections and their states",
486
+ "Display routing table: netstat -rn",
487
+ ],
488
+ "gotchas": [
489
+ "Deprecated in favor of ss on modern Linux; part of net-tools",
490
+ "Output can be very long on busy systems; use grep to filter",
491
+ ],
492
+ "related": ["ss", "lsof", "ip", "route"],
493
+ "difficulty": "intermediate",
494
+ },
495
+
496
+ "nc": {
497
+ "man_url": "https://man7.org/linux/man-pages/man1/nc.1.html",
498
+ "use_cases": [
499
+ "Test if a TCP port is open: nc -zv host 80",
500
+ "Create a simple TCP server: nc -l -p 8080",
501
+ "Transfer files between machines over the network",
502
+ "Debug network protocols by sending raw data",
503
+ ],
504
+ "gotchas": [
505
+ "Multiple implementations exist (GNU, OpenBSD, ncat); flags differ between them",
506
+ "No encryption by default; use ncat --ssl or socat for encrypted connections",
507
+ ],
508
+ "related": ["ncat", "netcat", "socat", "telnet"],
509
+ "difficulty": "intermediate",
510
+ "extra_flags": {
511
+ "-z": "Scan mode; report connection status without sending data",
512
+ "-v": "Verbose output",
513
+ "-l": "Listen mode; act as a server",
514
+ "-u": "Use UDP instead of TCP",
515
+ },
516
+ },
517
+
518
+ "ncat": {
519
+ "man_url": "https://nmap.org/ncat/guide/",
520
+ "use_cases": [
521
+ "Improved netcat with SSL support: ncat --ssl host 443",
522
+ "Create a persistent backdoor listener for authorized testing",
523
+ "Broker connections between multiple clients: ncat --broker",
524
+ ],
525
+ "gotchas": [
526
+ "Part of the nmap suite; not installed by default on all systems",
527
+ "Different from traditional nc/netcat; some flags are incompatible",
528
+ ],
529
+ "related": ["nc", "netcat", "socat", "nmap"],
530
+ "difficulty": "intermediate",
531
+ },
532
+
533
+ "netcat": {
534
+ "man_url": "https://man7.org/linux/man-pages/man1/nc.1.html",
535
+ "use_cases": [
536
+ "Often an alias for nc; used for ad-hoc TCP/UDP connections",
537
+ "Port scanning and banner grabbing on remote hosts",
538
+ "Pipe data between processes over the network",
539
+ ],
540
+ "gotchas": [
541
+ "The actual binary and flags depend on which netcat variant is installed",
542
+ "On some systems, netcat and nc are different implementations",
543
+ ],
544
+ "related": ["nc", "ncat", "socat", "telnet"],
545
+ "difficulty": "intermediate",
546
+ },
547
+
548
+ "socat": {
549
+ "man_url": "https://man7.org/linux/man-pages/man1/socat.1.html",
550
+ "use_cases": [
551
+ "Relay data between two bidirectional byte streams",
552
+ "Create encrypted tunnels: socat TCP-LISTEN:8080 OPENSSL:host:443",
553
+ "Forward Unix sockets to TCP or vice versa",
554
+ "Advanced port forwarding and protocol bridging",
555
+ ],
556
+ "gotchas": [
557
+ "Syntax is complex with many address types; steep learning curve",
558
+ "Not installed by default on most distributions",
559
+ ],
560
+ "related": ["nc", "ncat", "ssh", "stunnel"],
561
+ "difficulty": "advanced",
562
+ },
563
+
564
+ "lsof": {
565
+ "man_url": "https://man7.org/linux/man-pages/man8/lsof.8.html",
566
+ "use_cases": [
567
+ "Find which process is using a specific port: lsof -i :80",
568
+ "List all open files for a process: lsof -p PID",
569
+ "Find processes using a specific file: lsof /var/log/syslog",
570
+ "List all network connections: lsof -i",
571
+ ],
572
+ "gotchas": [
573
+ "Requires root to see files opened by other users' processes",
574
+ "Can be slow on systems with many open file descriptors",
575
+ ],
576
+ "related": ["ss", "fuser", "ps", "netstat"],
577
+ "difficulty": "intermediate",
578
+ "extra_flags": {
579
+ "-i": "List network connections (optionally filter by port or protocol)",
580
+ "-p": "Filter by process ID",
581
+ "-u": "Filter by username",
582
+ "+D": "Recursively list open files in a directory",
583
+ },
584
+ },
585
+
586
+ "fuser": {
587
+ "man_url": "https://man7.org/linux/man-pages/man1/fuser.1.html",
588
+ "use_cases": [
589
+ "Find which process is using a file or directory: fuser /mnt/usb",
590
+ "Kill all processes using a specific file: fuser -k /path/to/file",
591
+ "Check which process holds a port: fuser 80/tcp",
592
+ ],
593
+ "gotchas": [
594
+ "fuser -k sends SIGKILL by default which cannot be caught; use -signal to specify",
595
+ "Requires root to see processes from other users",
596
+ ],
597
+ "related": ["lsof", "ps", "kill", "ss"],
598
+ "difficulty": "intermediate",
599
+ },
600
+
601
+ # =========================================================================
602
+ # NETWORKING - SECURITY & SCANNING
603
+ # =========================================================================
604
+
605
+ "nmap": {
606
+ "man_url": "https://nmap.org/book/man.html",
607
+ "use_cases": [
608
+ "Scan a host for open ports: nmap 192.168.1.1",
609
+ "Detect services and versions: nmap -sV host",
610
+ "Perform OS detection: nmap -O host",
611
+ "Scan an entire subnet: nmap 192.168.1.0/24",
612
+ ],
613
+ "gotchas": [
614
+ "Scanning without authorization may be illegal; always get written permission",
615
+ "SYN scans (-sS) require root privileges",
616
+ "Aggressive scans (-A) are noisy and easily detected by IDS",
617
+ ],
618
+ "related": ["masscan", "nc", "ss", "nikto"],
619
+ "difficulty": "advanced",
620
+ "extra_flags": {
621
+ "-sS": "TCP SYN scan (stealth scan, requires root)",
622
+ "-sV": "Probe open ports to determine service/version info",
623
+ "-O": "Enable OS detection",
624
+ "-A": "Aggressive scan: OS detection, version, scripts, traceroute",
625
+ "-p": "Specify port range: -p 1-1000 or -p- for all ports",
626
+ },
627
+ },
628
+
629
+ "masscan": {
630
+ "man_url": "https://github.com/robertdavidgraham/masscan",
631
+ "use_cases": [
632
+ "Rapidly scan large IP ranges for open ports at scale",
633
+ "Internet-wide surveys of specific services",
634
+ "Fast alternative to nmap for initial port discovery",
635
+ ],
636
+ "gotchas": [
637
+ "Extremely fast scanning can overwhelm networks and trigger IDS alerts",
638
+ "Does not do service version detection; pair with nmap for follow-up",
639
+ "Requires root and uses its own TCP stack bypassing the kernel",
640
+ ],
641
+ "related": ["nmap", "nc", "ss"],
642
+ "difficulty": "advanced",
643
+ },
644
+
645
+ "nikto": {
646
+ "man_url": "https://github.com/sullo/nikto/wiki",
647
+ "use_cases": [
648
+ "Scan web servers for known vulnerabilities and misconfigurations",
649
+ "Check for outdated server software and dangerous default files",
650
+ "Automated web security assessment during penetration tests",
651
+ ],
652
+ "gotchas": [
653
+ "Very noisy; easily detected by IDS/WAF and logged by web servers",
654
+ "Only use against systems you have explicit permission to test",
655
+ ],
656
+ "related": ["nmap", "curl", "openssl"],
657
+ "difficulty": "advanced",
658
+ },
659
+
660
+ "openssl": {
661
+ "man_url": "https://man7.org/linux/man-pages/man1/openssl.1ssl.html",
662
+ "use_cases": [
663
+ "Test SSL/TLS connections: openssl s_client -connect host:443",
664
+ "Generate self-signed certificates for development",
665
+ "Check certificate expiration dates and details",
666
+ "Encrypt/decrypt files: openssl enc -aes-256-cbc -in file -out file.enc",
667
+ ],
668
+ "gotchas": [
669
+ "The command-line interface has many subcommands with inconsistent syntax",
670
+ "Default cipher choices may be weak in older versions; specify explicitly",
671
+ "s_client does not verify server certificates by default; use -verify_return_error",
672
+ ],
673
+ "related": ["ssh", "curl", "nc"],
674
+ "difficulty": "advanced",
675
+ "extra_flags": {
676
+ "s_client": "Test SSL/TLS client connections",
677
+ "req": "Create certificate signing requests",
678
+ "x509": "Display and manipulate X.509 certificates",
679
+ "genrsa": "Generate RSA private keys",
680
+ },
681
+ },
682
+
683
+ # =========================================================================
684
+ # NETWORKING - FIREWALLS
685
+ # =========================================================================
686
+
687
+ "iptables": {
688
+ "man_url": "https://man7.org/linux/man-pages/man8/iptables.8.html",
689
+ "use_cases": [
690
+ "List current firewall rules: iptables -L -n -v",
691
+ "Block an IP address: iptables -A INPUT -s IP -j DROP",
692
+ "Allow traffic on a specific port: iptables -A INPUT -p tcp --dport 80 -j ACCEPT",
693
+ "Set up NAT/masquerading for network address translation",
694
+ ],
695
+ "gotchas": [
696
+ "Rules are evaluated in order; a DROP before an ACCEPT will block matching traffic",
697
+ "Rules are lost on reboot unless saved with iptables-save or a persistence mechanism",
698
+ "Locking yourself out is easy on remote servers; always allow SSH first",
699
+ ],
700
+ "related": ["nft", "ufw", "firewall-cmd"],
701
+ "difficulty": "advanced",
702
+ "extra_flags": {
703
+ "-A": "Append a rule to the end of a chain",
704
+ "-D": "Delete a rule from a chain",
705
+ "-I": "Insert a rule at a specific position in a chain",
706
+ "-F": "Flush (delete) all rules in a chain",
707
+ },
708
+ },
709
+
710
+ "nft": {
711
+ "man_url": "https://man7.org/linux/man-pages/man8/nft.8.html",
712
+ "use_cases": [
713
+ "Modern replacement for iptables using nftables framework",
714
+ "List all rules: nft list ruleset",
715
+ "Create firewall rules with a cleaner syntax than iptables",
716
+ ],
717
+ "gotchas": [
718
+ "Syntax is different from iptables; existing scripts need rewriting",
719
+ "Not all distributions default to nftables yet; check which backend is active",
720
+ ],
721
+ "related": ["iptables", "ufw", "firewall-cmd"],
722
+ "difficulty": "advanced",
723
+ },
724
+
725
+ "ufw": {
726
+ "man_url": "https://man7.org/linux/man-pages/man8/ufw.8.html",
727
+ "use_cases": [
728
+ "Simple firewall management: ufw allow 22/tcp",
729
+ "Enable/disable firewall quickly: ufw enable / ufw disable",
730
+ "Check firewall status and rules: ufw status verbose",
731
+ ],
732
+ "gotchas": [
733
+ "ufw is a frontend to iptables; raw iptables rules may conflict",
734
+ "Enabling ufw on a remote server without allowing SSH first will lock you out",
735
+ ],
736
+ "related": ["iptables", "nft", "firewall-cmd"],
737
+ "difficulty": "beginner",
738
+ },
739
+
740
+ "firewall-cmd": {
741
+ "man_url": "https://firewalld.org/documentation/man-pages/firewall-cmd.html",
742
+ "use_cases": [
743
+ "Manage firewalld zones and services on RHEL/CentOS/Fedora",
744
+ "Open a port permanently: firewall-cmd --permanent --add-port=80/tcp",
745
+ "List active rules: firewall-cmd --list-all",
746
+ ],
747
+ "gotchas": [
748
+ "Changes without --permanent are lost on reload or reboot",
749
+ "Must run firewall-cmd --reload after permanent changes to activate them",
750
+ ],
751
+ "related": ["iptables", "ufw", "nft"],
752
+ "difficulty": "intermediate",
753
+ },
754
+
755
+ # =========================================================================
756
+ # NETWORKING - PACKET CAPTURE & ANALYSIS
757
+ # =========================================================================
758
+
759
+ "tcpdump": {
760
+ "man_url": "https://man7.org/linux/man-pages/man8/tcpdump.8.html",
761
+ "use_cases": [
762
+ "Capture packets on an interface: tcpdump -i eth0",
763
+ "Filter traffic by host or port: tcpdump host 10.0.0.1 and port 80",
764
+ "Save capture to file for analysis: tcpdump -w capture.pcap",
765
+ "Debug network connectivity and protocol issues in real time",
766
+ ],
767
+ "gotchas": [
768
+ "Requires root privileges to capture packets",
769
+ "High-traffic captures can fill disk quickly; use -c to limit packet count",
770
+ "Output can be overwhelming; use specific filters to narrow down traffic",
771
+ ],
772
+ "related": ["wireshark", "nmap", "ss", "nc"],
773
+ "difficulty": "advanced",
774
+ "extra_flags": {
775
+ "-i": "Specify the network interface to capture on",
776
+ "-w": "Write raw packets to a file (pcap format)",
777
+ "-r": "Read packets from a previously saved file",
778
+ "-c": "Capture only N packets then stop",
779
+ "-n": "Do not resolve hostnames",
780
+ },
781
+ },
782
+
783
+ "wireshark": {
784
+ "man_url": "https://www.wireshark.org/docs/man-pages/wireshark.html",
785
+ "use_cases": [
786
+ "Analyze network traffic with a graphical interface",
787
+ "Inspect packet details and protocol dissection",
788
+ "Open pcap files captured by tcpdump for deeper analysis",
789
+ ],
790
+ "gotchas": [
791
+ "GUI application; use tshark for command-line packet analysis",
792
+ "Capturing on remote servers requires SSH tunneling or tshark",
793
+ ],
794
+ "related": ["tcpdump", "nmap", "ss"],
795
+ "difficulty": "advanced",
796
+ },
797
+
798
+ # =========================================================================
799
+ # PROCESS MANAGEMENT
800
+ # =========================================================================
801
+
802
+ "ps": {
803
+ "man_url": "https://man7.org/linux/man-pages/man1/ps.1.html",
804
+ "use_cases": [
805
+ "List all running processes: ps aux",
806
+ "Show process tree: ps auxf or ps --forest",
807
+ "Find a specific process: ps aux | grep nginx",
808
+ ],
809
+ "gotchas": [
810
+ "BSD-style (aux) and UNIX-style (-ef) options produce different output formats",
811
+ "ps shows a snapshot; use top or htop for real-time monitoring",
812
+ ],
813
+ "related": ["top", "htop", "kill", "pgrep"],
814
+ "difficulty": "beginner",
815
+ "extra_flags": {
816
+ "aux": "Show all processes with user-oriented format (BSD style)",
817
+ "-ef": "Show all processes with full format (UNIX style)",
818
+ "--forest": "Show process tree hierarchy",
819
+ "-o": "Custom output format: ps -o pid,user,%cpu,%mem,cmd",
820
+ },
821
+ },
822
+
823
+ "top": {
824
+ "man_url": "https://man7.org/linux/man-pages/man1/top.1.html",
825
+ "use_cases": [
826
+ "Monitor system resource usage in real time",
827
+ "Identify processes consuming the most CPU or memory",
828
+ "Batch mode for scripting: top -bn1 | head -20",
829
+ ],
830
+ "gotchas": [
831
+ "Default refresh rate can cause high CPU use on slow systems; press d to change interval",
832
+ "Memory values shown may be misleading; RES is actual RAM used, VIRT includes mapped files",
833
+ ],
834
+ "related": ["htop", "btop", "atop", "ps"],
835
+ "difficulty": "beginner",
836
+ "extra_flags": {
837
+ "-b": "Batch mode; useful for piping output to other commands",
838
+ "-n": "Number of iterations in batch mode",
839
+ "-p": "Monitor only specific PIDs",
840
+ "-u": "Show only processes owned by a specific user",
841
+ },
842
+ },
843
+
844
+ "htop": {
845
+ "man_url": "https://man7.org/linux/man-pages/man1/htop.1.html",
846
+ "use_cases": [
847
+ "Interactive process viewer with color and mouse support",
848
+ "Sort processes by CPU, memory, or other fields interactively",
849
+ "Send signals to processes directly from the interface",
850
+ ],
851
+ "gotchas": [
852
+ "Not installed by default on all systems; install via package manager",
853
+ "Tree view (F5) can be confusing if processes reparent frequently",
854
+ ],
855
+ "related": ["top", "btop", "atop", "ps"],
856
+ "difficulty": "beginner",
857
+ },
858
+
859
+ "btop": {
860
+ "man_url": "https://github.com/aristocratos/btop",
861
+ "use_cases": [
862
+ "Modern resource monitor with rich TUI showing CPU, memory, disks, and network",
863
+ "Visual process management with graphs and detailed stats",
864
+ "Monitor system performance with a clean, colorful interface",
865
+ ],
866
+ "gotchas": [
867
+ "Requires a terminal with true color support for full visual fidelity",
868
+ "Not installed by default; must be installed separately",
869
+ ],
870
+ "related": ["htop", "top", "atop", "vmstat"],
871
+ "difficulty": "beginner",
872
+ },
873
+
874
+ "atop": {
875
+ "man_url": "https://man7.org/linux/man-pages/man1/atop.1.html",
876
+ "use_cases": [
877
+ "Advanced system and process monitor with historical logging",
878
+ "Analyze past system performance from atop log files",
879
+ "Monitor disk I/O, network, and CPU at the process level",
880
+ ],
881
+ "gotchas": [
882
+ "Logging daemon must be running to capture historical data",
883
+ "Output is dense; takes time to learn which metrics matter",
884
+ ],
885
+ "related": ["top", "htop", "sar", "vmstat"],
886
+ "difficulty": "intermediate",
887
+ },
888
+
889
+ "kill": {
890
+ "man_url": "https://man7.org/linux/man-pages/man1/kill.1.html",
891
+ "use_cases": [
892
+ "Terminate a process by PID: kill 1234",
893
+ "Send a specific signal: kill -9 PID (SIGKILL) or kill -HUP PID",
894
+ "Gracefully stop a process: kill -TERM PID",
895
+ ],
896
+ "gotchas": [
897
+ "kill without a signal sends SIGTERM (15), not SIGKILL (9); the process can catch it",
898
+ "SIGKILL (-9) cannot be caught or ignored and may leave resources in a bad state",
899
+ "You can only kill processes you own unless you are root",
900
+ ],
901
+ "related": ["killall", "pkill", "pgrep", "ps"],
902
+ "difficulty": "beginner",
903
+ "extra_flags": {
904
+ "-9": "Send SIGKILL (force kill, cannot be caught)",
905
+ "-15": "Send SIGTERM (graceful termination, default)",
906
+ "-l": "List all available signal names",
907
+ "-HUP": "Send SIGHUP (often used to reload configuration)",
908
+ },
909
+ },
910
+
911
+ "killall": {
912
+ "man_url": "https://man7.org/linux/man-pages/man1/killall.1.html",
913
+ "use_cases": [
914
+ "Kill all processes by name: killall nginx",
915
+ "Send a signal to all instances of a program: killall -HUP sshd",
916
+ "Interactively confirm before killing: killall -i processname",
917
+ ],
918
+ "gotchas": [
919
+ "On Solaris, killall without args kills ALL processes; Linux version is safe",
920
+ "Matches by exact process name; use pkill for partial or regex matching",
921
+ ],
922
+ "related": ["kill", "pkill", "pgrep", "ps"],
923
+ "difficulty": "beginner",
924
+ },
925
+
926
+ "pgrep": {
927
+ "man_url": "https://man7.org/linux/man-pages/man1/pgrep.1.html",
928
+ "use_cases": [
929
+ "Find PIDs matching a process name: pgrep nginx",
930
+ "List processes by user: pgrep -u www-data",
931
+ "Show full command line of matched processes: pgrep -a sshd",
932
+ ],
933
+ "gotchas": [
934
+ "Matches against process name by default, not the full command line; use -f for full match",
935
+ "Returns exit code 1 if no processes match, useful for scripting",
936
+ ],
937
+ "related": ["pkill", "kill", "ps", "pidof"],
938
+ "difficulty": "beginner",
939
+ },
940
+
941
+ "pkill": {
942
+ "man_url": "https://man7.org/linux/man-pages/man1/pkill.1.html",
943
+ "use_cases": [
944
+ "Kill processes by name pattern: pkill -f 'python my_script'",
945
+ "Send signals to processes matching a pattern: pkill -HUP nginx",
946
+ "Kill all processes for a specific user: pkill -u username",
947
+ ],
948
+ "gotchas": [
949
+ "Without -f, matches only the process name, not arguments",
950
+ "Be careful with broad patterns; pkill java kills ALL Java processes",
951
+ ],
952
+ "related": ["pgrep", "kill", "killall", "ps"],
953
+ "difficulty": "beginner",
954
+ },
955
+
956
+ "nice": {
957
+ "man_url": "https://man7.org/linux/man-pages/man1/nice.1.html",
958
+ "use_cases": [
959
+ "Start a process with lower priority: nice -n 19 long_task",
960
+ "Run CPU-intensive tasks without impacting interactive performance",
961
+ "Launch background jobs at reduced scheduling priority",
962
+ ],
963
+ "gotchas": [
964
+ "Only root can set negative nice values (higher priority)",
965
+ "Nice values range from -20 (highest priority) to 19 (lowest priority)",
966
+ ],
967
+ "related": ["renice", "ps", "top", "ionice"],
968
+ "difficulty": "intermediate",
969
+ },
970
+
971
+ "renice": {
972
+ "man_url": "https://man7.org/linux/man-pages/man1/renice.1.html",
973
+ "use_cases": [
974
+ "Change the priority of a running process: renice 10 -p PID",
975
+ "Lower priority of a CPU-hogging process without restarting it",
976
+ "Adjust priority for all processes of a user: renice 5 -u username",
977
+ ],
978
+ "gotchas": [
979
+ "Non-root users can only increase nice value (lower priority), never decrease it",
980
+ "Affects CPU scheduling only; for I/O priority use ionice",
981
+ ],
982
+ "related": ["nice", "kill", "top", "ps"],
983
+ "difficulty": "intermediate",
984
+ },
985
+
986
+ # =========================================================================
987
+ # JOB CONTROL
988
+ # =========================================================================
989
+
990
+ "jobs": {
991
+ "man_url": "https://man7.org/linux/man-pages/man1/jobs.1p.html",
992
+ "use_cases": [
993
+ "List all background and suspended jobs in the current shell",
994
+ "Check the status of a backgrounded process: jobs -l",
995
+ "Identify job numbers for use with fg and bg commands",
996
+ ],
997
+ "gotchas": [
998
+ "Jobs are per-shell; you cannot see jobs from other terminal sessions",
999
+ "Job numbers (%1, %2) are different from PIDs",
1000
+ ],
1001
+ "related": ["bg", "fg", "disown", "nohup"],
1002
+ "difficulty": "beginner",
1003
+ },
1004
+
1005
+ "bg": {
1006
+ "man_url": "https://man7.org/linux/man-pages/man1/bg.1p.html",
1007
+ "use_cases": [
1008
+ "Resume a suspended job in the background: bg %1",
1009
+ "Continue a Ctrl+Z stopped process without bringing it to the foreground",
1010
+ "Convert an accidentally foreground process to background execution",
1011
+ ],
1012
+ "gotchas": [
1013
+ "The process will still be killed if the terminal closes; use disown or nohup",
1014
+ "If the background job tries to read from the terminal, it will be stopped again",
1015
+ ],
1016
+ "related": ["fg", "jobs", "disown", "nohup"],
1017
+ "difficulty": "beginner",
1018
+ },
1019
+
1020
+ "fg": {
1021
+ "man_url": "https://man7.org/linux/man-pages/man1/fg.1p.html",
1022
+ "use_cases": [
1023
+ "Bring a background job to the foreground: fg %1",
1024
+ "Resume interaction with a previously backgrounded process",
1025
+ "Switch between multiple running jobs in a shell session",
1026
+ ],
1027
+ "gotchas": [
1028
+ "Without arguments, fg brings the most recently backgrounded job forward",
1029
+ "If the job has finished, fg will report an error",
1030
+ ],
1031
+ "related": ["bg", "jobs", "disown", "kill"],
1032
+ "difficulty": "beginner",
1033
+ },
1034
+
1035
+ "disown": {
1036
+ "man_url": "https://www.gnu.org/software/bash/manual/html_node/Job-Control-Builtins.html",
1037
+ "use_cases": [
1038
+ "Detach a background job from the shell so it survives logout: disown %1",
1039
+ "Prevent SIGHUP from killing background processes when closing the terminal",
1040
+ "Remove a job from the shell's job table: disown -h %1",
1041
+ ],
1042
+ "gotchas": [
1043
+ "disown is a bash built-in; not available in all shells",
1044
+ "The process output still goes to the terminal unless redirected",
1045
+ ],
1046
+ "related": ["nohup", "bg", "jobs", "screen"],
1047
+ "difficulty": "intermediate",
1048
+ },
1049
+
1050
+ "nohup": {
1051
+ "man_url": "https://man7.org/linux/man-pages/man1/nohup.1.html",
1052
+ "use_cases": [
1053
+ "Run a command immune to hangups: nohup ./script.sh &",
1054
+ "Start a long-running process that survives terminal disconnection",
1055
+ "Redirect output to nohup.out automatically for later review",
1056
+ ],
1057
+ "gotchas": [
1058
+ "Output goes to nohup.out in the current directory if stdout is a terminal",
1059
+ "nohup does not background the process; append & to do so",
1060
+ ],
1061
+ "related": ["disown", "screen", "tmux", "bg"],
1062
+ "difficulty": "beginner",
1063
+ },
1064
+
1065
+ "timeout": {
1066
+ "man_url": "https://man7.org/linux/man-pages/man1/timeout.1.html",
1067
+ "use_cases": [
1068
+ "Run a command with a time limit: timeout 30s wget URL",
1069
+ "Prevent hung processes in scripts: timeout 5m backup.sh",
1070
+ "Set a hard kill after a grace period: timeout --kill-after=10s 60s cmd",
1071
+ ],
1072
+ "gotchas": [
1073
+ "Sends SIGTERM by default; the process might catch it and not exit",
1074
+ "Exit status is 124 when the command times out, which can be checked in scripts",
1075
+ ],
1076
+ "related": ["kill", "watch", "sleep"],
1077
+ "difficulty": "beginner",
1078
+ },
1079
+
1080
+ # =========================================================================
1081
+ # TERMINAL MULTIPLEXERS
1082
+ # =========================================================================
1083
+
1084
+ "tmux": {
1085
+ "man_url": "https://man7.org/linux/man-pages/man1/tmux.1.html",
1086
+ "use_cases": [
1087
+ "Persist terminal sessions across SSH disconnections",
1088
+ "Split the terminal into multiple panes: tmux split-window",
1089
+ "Manage multiple terminal windows in a single connection",
1090
+ "Share a terminal session with another user for pair programming",
1091
+ ],
1092
+ "gotchas": [
1093
+ "Prefix key is Ctrl+b by default; many users remap it to Ctrl+a",
1094
+ "Nested tmux sessions can cause confusing prefix key behavior",
1095
+ "Copy mode uses different keybindings depending on vi/emacs setting",
1096
+ ],
1097
+ "related": ["screen", "byobu", "nohup"],
1098
+ "difficulty": "intermediate",
1099
+ "extra_flags": {
1100
+ "new -s": "Create a new named session: tmux new -s mysession",
1101
+ "attach -t": "Attach to an existing session: tmux attach -t mysession",
1102
+ "ls": "List all active sessions",
1103
+ "kill-session -t": "Kill a specific session",
1104
+ },
1105
+ },
1106
+
1107
+ "screen": {
1108
+ "man_url": "https://man7.org/linux/man-pages/man1/screen.1.html",
1109
+ "use_cases": [
1110
+ "Keep processes running after SSH disconnection: screen -S session_name",
1111
+ "Reattach to a detached session: screen -r session_name",
1112
+ "Run long-running tasks on remote servers safely",
1113
+ ],
1114
+ "gotchas": [
1115
+ "Prefix key is Ctrl+a which conflicts with readline beginning-of-line",
1116
+ "screen is being replaced by tmux on many systems but remains widely available",
1117
+ ],
1118
+ "related": ["tmux", "byobu", "nohup"],
1119
+ "difficulty": "intermediate",
1120
+ },
1121
+
1122
+ "byobu": {
1123
+ "man_url": "https://www.byobu.org/documentation",
1124
+ "use_cases": [
1125
+ "User-friendly wrapper around tmux/screen with status bar",
1126
+ "Enhanced terminal multiplexer with keybinding help (F1-F12)",
1127
+ "Easy session management with sensible defaults",
1128
+ ],
1129
+ "gotchas": [
1130
+ "Uses tmux or screen as backend; behavior depends on which is configured",
1131
+ "F-key bindings may conflict with other applications or terminal emulators",
1132
+ ],
1133
+ "related": ["tmux", "screen", "nohup"],
1134
+ "difficulty": "beginner",
1135
+ },
1136
+
1137
+ # =========================================================================
1138
+ # SYSTEM MONITORING & PERFORMANCE
1139
+ # =========================================================================
1140
+
1141
+ "vmstat": {
1142
+ "man_url": "https://man7.org/linux/man-pages/man8/vmstat.8.html",
1143
+ "use_cases": [
1144
+ "Report virtual memory statistics: vmstat 1 5 (every 1s, 5 times)",
1145
+ "Check for memory pressure, swapping, and CPU utilization",
1146
+ "Monitor system performance trends over short intervals",
1147
+ ],
1148
+ "gotchas": [
1149
+ "First line of output shows averages since boot, not current values",
1150
+ "High si/so (swap in/out) values indicate memory pressure",
1151
+ ],
1152
+ "related": ["iostat", "mpstat", "sar", "free"],
1153
+ "difficulty": "intermediate",
1154
+ },
1155
+
1156
+ "iostat": {
1157
+ "man_url": "https://man7.org/linux/man-pages/man1/iostat.1.html",
1158
+ "use_cases": [
1159
+ "Monitor disk I/O statistics: iostat -x 1",
1160
+ "Identify disk bottlenecks by checking utilization and wait times",
1161
+ "Report CPU utilization alongside disk activity",
1162
+ ],
1163
+ "gotchas": [
1164
+ "First report shows statistics since boot; subsequent reports show interval data",
1165
+ "Part of the sysstat package; may need to be installed separately",
1166
+ ],
1167
+ "related": ["vmstat", "mpstat", "sar", "iotop"],
1168
+ "difficulty": "intermediate",
1169
+ },
1170
+
1171
+ "mpstat": {
1172
+ "man_url": "https://man7.org/linux/man-pages/man1/mpstat.1.html",
1173
+ "use_cases": [
1174
+ "Show per-CPU utilization: mpstat -P ALL 1",
1175
+ "Identify CPU imbalance in multi-core systems",
1176
+ "Monitor interrupt and softirq distribution across CPUs",
1177
+ ],
1178
+ "gotchas": [
1179
+ "Part of the sysstat package; not installed by default on all systems",
1180
+ "First report shows averages since boot like vmstat and iostat",
1181
+ ],
1182
+ "related": ["vmstat", "iostat", "sar", "top"],
1183
+ "difficulty": "intermediate",
1184
+ },
1185
+
1186
+ "sar": {
1187
+ "man_url": "https://man7.org/linux/man-pages/man1/sar.1.html",
1188
+ "use_cases": [
1189
+ "Collect and report system activity data over time",
1190
+ "Review historical CPU/memory/disk usage: sar -u -f /var/log/sysstat/sa01",
1191
+ "Generate reports for capacity planning: sar -r (memory), sar -b (I/O)",
1192
+ ],
1193
+ "gotchas": [
1194
+ "Requires sysstat data collection daemon (sadc) to be enabled for historical data",
1195
+ "Without -f, sar shows today's data; archived data is in /var/log/sysstat/",
1196
+ ],
1197
+ "related": ["vmstat", "iostat", "mpstat", "atop"],
1198
+ "difficulty": "advanced",
1199
+ },
1200
+
1201
+ "dmesg": {
1202
+ "man_url": "https://man7.org/linux/man-pages/man1/dmesg.1.html",
1203
+ "use_cases": [
1204
+ "View kernel ring buffer messages: dmesg | tail",
1205
+ "Diagnose hardware issues and driver errors after boot",
1206
+ "Check for disk errors, USB device events, or OOM killer activity",
1207
+ ],
1208
+ "gotchas": [
1209
+ "Requires root on some systems due to dmesg_restrict sysctl setting",
1210
+ "Ring buffer has a fixed size; old messages are overwritten on busy systems",
1211
+ ],
1212
+ "related": ["journalctl", "syslog", "lsblk"],
1213
+ "difficulty": "intermediate",
1214
+ "extra_flags": {
1215
+ "-T": "Show human-readable timestamps instead of seconds since boot",
1216
+ "-w": "Follow new messages in real time (like tail -f)",
1217
+ "--level": "Filter by log level: --level=err,warn",
1218
+ },
1219
+ },
1220
+
1221
+ "journalctl": {
1222
+ "man_url": "https://man7.org/linux/man-pages/man1/journalctl.1.html",
1223
+ "use_cases": [
1224
+ "View systemd journal logs: journalctl -xe",
1225
+ "Follow logs in real time: journalctl -f",
1226
+ "Filter logs by service: journalctl -u nginx.service",
1227
+ "View logs since last boot: journalctl -b",
1228
+ ],
1229
+ "gotchas": [
1230
+ "Journal may not persist across reboots unless /var/log/journal/ directory exists",
1231
+ "Non-root users may only see their own logs depending on configuration",
1232
+ ],
1233
+ "related": ["systemctl", "dmesg", "service"],
1234
+ "difficulty": "intermediate",
1235
+ "extra_flags": {
1236
+ "-f": "Follow new log entries in real time",
1237
+ "-u": "Show logs for a specific systemd unit",
1238
+ "-b": "Show logs from current boot only",
1239
+ "--since": "Show logs since a timestamp: --since '2024-01-01 00:00'",
1240
+ "-p": "Filter by priority level (emerg, alert, crit, err, warning, notice, info, debug)",
1241
+ },
1242
+ },
1243
+
1244
+ # =========================================================================
1245
+ # SYSTEM SERVICES & INIT
1246
+ # =========================================================================
1247
+
1248
+ "systemctl": {
1249
+ "man_url": "https://man7.org/linux/man-pages/man1/systemctl.1.html",
1250
+ "use_cases": [
1251
+ "Start/stop/restart services: systemctl restart nginx",
1252
+ "Enable a service to start at boot: systemctl enable sshd",
1253
+ "Check service status: systemctl status nginx",
1254
+ "List all active services: systemctl list-units --type=service",
1255
+ ],
1256
+ "gotchas": [
1257
+ "enable does not start the service immediately; use enable --now for both",
1258
+ "Masking a service (systemctl mask) prevents it from starting even manually",
1259
+ "User services use --user flag and run in user scope, not system scope",
1260
+ ],
1261
+ "related": ["service", "journalctl", "init"],
1262
+ "difficulty": "intermediate",
1263
+ "extra_flags": {
1264
+ "enable --now": "Enable and start a service in one command",
1265
+ "is-active": "Check if a service is running (useful in scripts)",
1266
+ "daemon-reload": "Reload systemd after editing unit files",
1267
+ "list-timers": "Show all active systemd timers",
1268
+ },
1269
+ },
1270
+
1271
+ "service": {
1272
+ "man_url": "https://man7.org/linux/man-pages/man8/service.8.html",
1273
+ "use_cases": [
1274
+ "Start/stop/restart services on SysV init systems: service nginx restart",
1275
+ "Check service status: service sshd status",
1276
+ "Compatibility wrapper that works on both SysV and systemd systems",
1277
+ ],
1278
+ "gotchas": [
1279
+ "On systemd systems, service redirects to systemctl; use systemctl directly",
1280
+ "Does not support enable/disable; use chkconfig (SysV) or systemctl (systemd)",
1281
+ ],
1282
+ "related": ["systemctl", "init", "journalctl"],
1283
+ "difficulty": "beginner",
1284
+ },
1285
+
1286
+ "init": {
1287
+ "man_url": "https://man7.org/linux/man-pages/man1/init.1.html",
1288
+ "use_cases": [
1289
+ "The first process started by the kernel (PID 1)",
1290
+ "Change runlevel on SysV systems: init 3 (multi-user), init 5 (graphical)",
1291
+ "Halt the system: init 0, or reboot: init 6",
1292
+ ],
1293
+ "gotchas": [
1294
+ "On systemd systems, init is symlinked to systemd; runlevel commands still work",
1295
+ "Directly calling init to change runlevel is disruptive; prefer systemctl",
1296
+ ],
1297
+ "related": ["systemctl", "runlevel", "shutdown", "reboot"],
1298
+ "difficulty": "advanced",
1299
+ },
1300
+
1301
+ "runlevel": {
1302
+ "man_url": "https://man7.org/linux/man-pages/man8/runlevel.8.html",
1303
+ "use_cases": [
1304
+ "Display the current and previous system runlevel",
1305
+ "Verify the system is in the expected runlevel for troubleshooting",
1306
+ "Script checks for runlevel-dependent behavior",
1307
+ ],
1308
+ "gotchas": [
1309
+ "On systemd systems, runlevel is a compatibility wrapper; use systemctl get-default",
1310
+ "Output format is 'previous current' where N means no previous runlevel known",
1311
+ ],
1312
+ "related": ["init", "systemctl", "shutdown"],
1313
+ "difficulty": "intermediate",
1314
+ },
1315
+
1316
+ # =========================================================================
1317
+ # SYSTEM - HOSTNAME & LOCALE & TIME
1318
+ # =========================================================================
1319
+
1320
+ "hostnamectl": {
1321
+ "man_url": "https://man7.org/linux/man-pages/man1/hostnamectl.1.html",
1322
+ "use_cases": [
1323
+ "View current hostname and OS info: hostnamectl status",
1324
+ "Set the system hostname: hostnamectl set-hostname myserver",
1325
+ "Check machine ID, boot ID, and virtualization type",
1326
+ ],
1327
+ "gotchas": [
1328
+ "Only works on systemd-based systems",
1329
+ "Setting hostname may not update /etc/hosts; update it manually",
1330
+ ],
1331
+ "related": ["timedatectl", "localectl", "systemctl"],
1332
+ "difficulty": "beginner",
1333
+ },
1334
+
1335
+ "localectl": {
1336
+ "man_url": "https://man7.org/linux/man-pages/man1/localectl.1.html",
1337
+ "use_cases": [
1338
+ "View current locale settings: localectl status",
1339
+ "Set system locale: localectl set-locale LANG=en_US.UTF-8",
1340
+ "Configure keyboard layout: localectl set-keymap us",
1341
+ ],
1342
+ "gotchas": [
1343
+ "Changes may require re-login or service restart to take effect",
1344
+ "Only works on systemd-based systems",
1345
+ ],
1346
+ "related": ["hostnamectl", "timedatectl", "systemctl"],
1347
+ "difficulty": "beginner",
1348
+ },
1349
+
1350
+ "timedatectl": {
1351
+ "man_url": "https://man7.org/linux/man-pages/man1/timedatectl.1.html",
1352
+ "use_cases": [
1353
+ "View current time and timezone: timedatectl status",
1354
+ "Set the system timezone: timedatectl set-timezone America/New_York",
1355
+ "Enable/disable NTP synchronization: timedatectl set-ntp true",
1356
+ ],
1357
+ "gotchas": [
1358
+ "Only works on systemd-based systems; use date/hwclock on others",
1359
+ "Changing timezone does not change the hardware clock (UTC by default)",
1360
+ ],
1361
+ "related": ["hostnamectl", "localectl", "systemctl"],
1362
+ "difficulty": "beginner",
1363
+ },
1364
+
1365
+ # =========================================================================
1366
+ # SYSTEM - POWER & SHUTDOWN
1367
+ # =========================================================================
1368
+
1369
+ "shutdown": {
1370
+ "man_url": "https://man7.org/linux/man-pages/man8/shutdown.8.html",
1371
+ "use_cases": [
1372
+ "Schedule system shutdown: shutdown -h +10 (in 10 minutes)",
1373
+ "Shutdown immediately: shutdown -h now",
1374
+ "Reboot the system: shutdown -r now",
1375
+ "Cancel a pending shutdown: shutdown -c",
1376
+ ],
1377
+ "gotchas": [
1378
+ "Without a time argument, shutdown defaults to +1 (one minute), not immediately",
1379
+ "Sends wall message to all logged-in users before shutting down",
1380
+ ],
1381
+ "related": ["reboot", "halt", "poweroff", "init"],
1382
+ "difficulty": "beginner",
1383
+ },
1384
+
1385
+ "reboot": {
1386
+ "man_url": "https://man7.org/linux/man-pages/man8/reboot.8.html",
1387
+ "use_cases": [
1388
+ "Reboot the system immediately: reboot",
1389
+ "Force an immediate reboot without syncing: reboot -f",
1390
+ "Schedule a reboot via shutdown -r for a specific time",
1391
+ ],
1392
+ "gotchas": [
1393
+ "reboot -f skips shutdown scripts and can cause data loss",
1394
+ "Requires root privileges; non-root users must use sudo",
1395
+ ],
1396
+ "related": ["shutdown", "halt", "poweroff", "systemctl"],
1397
+ "difficulty": "beginner",
1398
+ },
1399
+
1400
+ "halt": {
1401
+ "man_url": "https://man7.org/linux/man-pages/man8/halt.8.html",
1402
+ "use_cases": [
1403
+ "Halt the system (stop the CPU but may not power off)",
1404
+ "Used in scripts for clean system shutdown procedures",
1405
+ "On systemd systems, equivalent to systemctl halt",
1406
+ ],
1407
+ "gotchas": [
1408
+ "halt stops the system but may not power off the machine; use poweroff instead",
1409
+ "Behavior varies between SysV init and systemd systems",
1410
+ ],
1411
+ "related": ["poweroff", "shutdown", "reboot", "init"],
1412
+ "difficulty": "beginner",
1413
+ },
1414
+
1415
+ "poweroff": {
1416
+ "man_url": "https://man7.org/linux/man-pages/man8/poweroff.8.html",
1417
+ "use_cases": [
1418
+ "Power off the machine immediately",
1419
+ "Clean shutdown with power-off: equivalent to shutdown -h now",
1420
+ "Used in automated scripts to power down systems",
1421
+ ],
1422
+ "gotchas": [
1423
+ "Requires root; non-root users need sudo or polkit authorization",
1424
+ "On systemd, equivalent to systemctl poweroff",
1425
+ ],
1426
+ "related": ["halt", "shutdown", "reboot", "init"],
1427
+ "difficulty": "beginner",
1428
+ },
1429
+
1430
+ # =========================================================================
1431
+ # DISK & FILESYSTEM
1432
+ # =========================================================================
1433
+
1434
+ "mount": {
1435
+ "man_url": "https://man7.org/linux/man-pages/man8/mount.8.html",
1436
+ "use_cases": [
1437
+ "Mount a filesystem: mount /dev/sdb1 /mnt/usb",
1438
+ "List all mounted filesystems: mount | column -t",
1439
+ "Mount with specific options: mount -o ro,noexec /dev/sda1 /mnt",
1440
+ ],
1441
+ "gotchas": [
1442
+ "Mounting requires root unless the filesystem is listed in /etc/fstab with user option",
1443
+ "Mount points must be empty directories; existing contents are hidden while mounted",
1444
+ ],
1445
+ "related": ["umount", "lsblk", "fdisk", "blkid"],
1446
+ "difficulty": "intermediate",
1447
+ "extra_flags": {
1448
+ "-o": "Mount options (ro, rw, noexec, nosuid, etc.)",
1449
+ "-t": "Specify filesystem type (ext4, ntfs, vfat, etc.)",
1450
+ "-a": "Mount all filesystems listed in /etc/fstab",
1451
+ },
1452
+ },
1453
+
1454
+ "umount": {
1455
+ "man_url": "https://man7.org/linux/man-pages/man8/umount.8.html",
1456
+ "use_cases": [
1457
+ "Unmount a filesystem: umount /mnt/usb",
1458
+ "Force unmount a busy filesystem: umount -f /mnt/stuck",
1459
+ "Lazy unmount that detaches when no longer busy: umount -l /mnt/busy",
1460
+ ],
1461
+ "gotchas": [
1462
+ "Cannot unmount if any process has open files on it; use lsof or fuser to find them",
1463
+ "Lazy unmount (-l) hides the mount immediately but data may not be flushed yet",
1464
+ ],
1465
+ "related": ["mount", "lsof", "fuser", "lsblk"],
1466
+ "difficulty": "intermediate",
1467
+ },
1468
+
1469
+ "lsblk": {
1470
+ "man_url": "https://man7.org/linux/man-pages/man8/lsblk.8.html",
1471
+ "use_cases": [
1472
+ "List all block devices and their mount points: lsblk",
1473
+ "Show filesystem type and size: lsblk -f",
1474
+ "Identify disk partitions and their hierarchy",
1475
+ ],
1476
+ "gotchas": [
1477
+ "Does not show unpartitioned space; use fdisk -l for that",
1478
+ "Loop devices from snap packages can clutter the output",
1479
+ ],
1480
+ "related": ["blkid", "fdisk", "mount", "df"],
1481
+ "difficulty": "beginner",
1482
+ },
1483
+
1484
+ "blkid": {
1485
+ "man_url": "https://man7.org/linux/man-pages/man8/blkid.8.html",
1486
+ "use_cases": [
1487
+ "Show UUIDs and filesystem types for all block devices: blkid",
1488
+ "Find the UUID of a partition for use in /etc/fstab",
1489
+ "Identify filesystem type on a specific device: blkid /dev/sda1",
1490
+ ],
1491
+ "gotchas": [
1492
+ "Requires root to probe all devices; non-root sees limited info",
1493
+ "Cached results may be stale; use -p to force fresh probing",
1494
+ ],
1495
+ "related": ["lsblk", "fdisk", "mount"],
1496
+ "difficulty": "intermediate",
1497
+ },
1498
+
1499
+ "fdisk": {
1500
+ "man_url": "https://man7.org/linux/man-pages/man8/fdisk.8.html",
1501
+ "use_cases": [
1502
+ "List all disk partitions: fdisk -l",
1503
+ "Create, delete, and modify disk partitions interactively",
1504
+ "View partition table details for a specific disk: fdisk -l /dev/sda",
1505
+ ],
1506
+ "gotchas": [
1507
+ "Destructive operations; wrong disk selection can destroy all data",
1508
+ "Changes are not written until you explicitly press 'w' in interactive mode",
1509
+ "Does not support GPT well; use gdisk or parted for GPT disks",
1510
+ ],
1511
+ "related": ["lsblk", "blkid", "mkfs", "mount"],
1512
+ "difficulty": "advanced",
1513
+ },
1514
+
1515
+ "mkfs": {
1516
+ "man_url": "https://man7.org/linux/man-pages/man8/mkfs.8.html",
1517
+ "use_cases": [
1518
+ "Create a new filesystem: mkfs.ext4 /dev/sdb1",
1519
+ "Format a USB drive: mkfs.vfat /dev/sdc1",
1520
+ "Initialize a partition with a specific filesystem type",
1521
+ ],
1522
+ "gotchas": [
1523
+ "Destroys all data on the target partition; double-check the device name",
1524
+ "Use mkfs.TYPE (e.g., mkfs.ext4, mkfs.xfs) for specific filesystem types",
1525
+ ],
1526
+ "related": ["fdisk", "mount", "lsblk", "fsck"],
1527
+ "difficulty": "advanced",
1528
+ },
1529
+
1530
+ "fsck": {
1531
+ "man_url": "https://man7.org/linux/man-pages/man8/fsck.8.html",
1532
+ "use_cases": [
1533
+ "Check and repair a filesystem: fsck /dev/sda1",
1534
+ "Force check even if filesystem appears clean: fsck -f /dev/sda1",
1535
+ "Automatically fix errors: fsck -y /dev/sda1",
1536
+ ],
1537
+ "gotchas": [
1538
+ "Never run fsck on a mounted filesystem; it can cause data corruption",
1539
+ "Running fsck on the root filesystem requires booting into recovery mode",
1540
+ ],
1541
+ "related": ["mkfs", "mount", "lsblk", "fdisk"],
1542
+ "difficulty": "advanced",
1543
+ },
1544
+
1545
+ # =========================================================================
1546
+ # SYSTEM - MISCELLANEOUS
1547
+ # =========================================================================
1548
+
1549
+ "sort": {
1550
+ "man_url": "https://man7.org/linux/man-pages/man1/sort.1.html",
1551
+ "use_cases": [
1552
+ "Sort file contents alphabetically: sort file.txt",
1553
+ "Sort numerically: sort -n numbers.txt",
1554
+ "Sort by a specific column: sort -k2 -t: /etc/passwd",
1555
+ "Remove duplicate lines while sorting: sort -u file.txt",
1556
+ ],
1557
+ "gotchas": [
1558
+ "Default sort is lexicographic; use -n for numeric, -V for version strings",
1559
+ "Locale affects sort order; use LC_ALL=C for byte-value sorting",
1560
+ ],
1561
+ "related": ["uniq", "cut", "awk", "wc"],
1562
+ "difficulty": "beginner",
1563
+ "extra_flags": {
1564
+ "-n": "Sort numerically instead of lexicographically",
1565
+ "-r": "Reverse the sort order",
1566
+ "-k": "Sort by a specific field/column",
1567
+ "-u": "Output only unique lines (like sort | uniq)",
1568
+ "-h": "Sort human-readable numbers (1K, 2M, 3G)",
1569
+ },
1570
+ },
1571
+
1572
+ "plocate": {
1573
+ "man_url": "https://man7.org/linux/man-pages/man1/plocate.1.html",
1574
+ "use_cases": [
1575
+ "Find files by name instantly using a pre-built database: plocate myfile.txt",
1576
+ "Much faster than find for filename searches across the whole filesystem",
1577
+ "Search with patterns: plocate '*.conf'",
1578
+ ],
1579
+ "gotchas": [
1580
+ "Database must be updated regularly (updatedb) to find newly created files",
1581
+ "Does not find files created since the last database update",
1582
+ ],
1583
+ "related": ["find", "locate", "which", "whereis"],
1584
+ "difficulty": "beginner",
1585
+ },
1586
+
1587
+ "finger": {
1588
+ "man_url": "https://man7.org/linux/man-pages/man1/finger.1.html",
1589
+ "use_cases": [
1590
+ "Display user information: finger username",
1591
+ "Show who is logged in and their idle time",
1592
+ "View a user's plan and project files (.plan, .project)",
1593
+ ],
1594
+ "gotchas": [
1595
+ "finger daemon is a security risk and disabled on most modern systems",
1596
+ "Remote finger queries (finger @host) are rarely supported anymore",
1597
+ ],
1598
+ "related": ["who", "w", "last", "id"],
1599
+ "difficulty": "beginner",
1600
+ },
1601
+ }