J003-Content-The-Top-26-Cmd-line-Tools-On-My-Computer_SQ1In today’s post we’re going to take a closer look at 23 cmd-line tools that I find absolutely vital as a Windows sysadmin, Exchange admin, and general trouble-shooter. Each is free as in beer, many are free as in speech, and all can just sit somewhere in your path to be invoked at need.

I tried to decide whether to sort by use (too hard,) or favourite (Sophie’s choice!,) or category (too many are multitaskers,) and finally just decided that alphabetical was the way to go. So, in no particular order other than the classical Latin alphabet, here are the top 26 cmd-line tools on my computer.

1. Dig

Call me old-school on this one, but I just like dig better than I do nslookup. Maybe it’s the familiarity with it, or that it works the same on Windows and Linux, but this tool for querying DNS servers in invaluable. While I may not use it every day, I definitely use it multiple times per week. You can download dig as a part of the BIND for Windows, available at https://www.isc.org/downloads/.

2. Err

The Exchange Error Lookup Tool is not just for Exchange. Use this tool along with any hex code you get from a Windows error to see just what the heck that 0xc0ffee error might mean. It reads from the headers of all installed software, so if you run this on the server that has the error, you will get all possible references. Even running just on my workstation, I usually get enough to go on. You can download Err from http://www.microsoft.com/en-us/download/details.aspx?id=985.

3. Host

Host is another great tool for quickly checking DNS for the ip.addr to go along with a name. While dig can be used to specify a server, get more details, recurse, etc., host just queries your configured DNS server and gives you an answer. Yes, you can do this with nslookup and a lot of folks just use ping to do the same thing, but host is a little more graceful, a little less noisy, shorter to type than nslookup, and makes you look cool when you use it. Well, maybe not that last part. It too is a part of the BIND for Windows package available at  https://www.isc.org/downloads/.

4. Iperf

One of the best network throughput tools, EVAR, iperf is my go-to tool for checking to make sure all the wires and cables and little boxes of blinky lights are actually passing the bits and the bytes the way they should. Get it from https://linhost.info/2010/02/iperf-on-windows/ and check out the great tutorial they have on that page.

5. md5sum

Sometimes, I feel a little paranoid, but when someone posts a file’s MD5 hash, I actually like to check it when I download it, and that’s where md5sum comes in. There are various file integrity check tools out there, but I like this old standby, which you can download from http://etree.org/md5com.html. Of course, MD5 is old and busted, so is losing popularity quickly.

6. OpenSSL

There are lots of tools to manipulate certificate requests, certificates, and keys, but OpenSSL is the best. You can grab the Windows port from http://gnuwin32.sourceforge.net/packages/openssl.htm.

7. PsExec

One of the best of the best tools from the Sysinternals guys, PsExec lets you execute commands on remote Windows machines, of course assuming that you have admin rights and the binaries exist on the remote machine. Well, actually, with -c you can copy over the executable or script, so all you really need is rights! You can download the suite of PsTools and read more on how to use PsExec at https://technet.microsoft.com/en-us/sysinternals/psexec.aspx.

8. PsFile

Another of the Sysinternals tools, PsFile is like “net files” but doesn’t truncate names and allows you to force close open files if need be. You can download the suite of PsTools and read more on how to use PsFile at https://technet.microsoft.com/en-us/sysinternals/psfile.

9. PsInfo

I use PsInfo with PsExec to quickly check uptime, build, and other hardware details from machines without having to log onto them and run Winver plus SystemInfo and then have to do maths. Get it in the PsTools collection and read about how to use it at https://technet.microsoft.com/en-us/sysinternals/psinfo.

10. PsKill

Manes, Casper Manes. License to kill, bad processes that is. PsKill is like kill -9 or the resource kit utility kill, with the added benefit of being able to work remotely. See https://technet.microsoft.com/en-us/sysinternals/pskill for more on how to use it as well as to download the PsTools suite.

11. PsList

Yet another in the great set of PsTools, PsList lets you list (and kill) processes running on remote computers, as well as to gather details on them like you would with Perfmon. See https://technet.microsoft.com/en-us/sysinternals/pslist for all that it can do, or for yet another link to download the PsTools.

12. PsPing

Combining both ICMP, TCP, and UDP ping capabilities, as well as tests for latency and bandwidth, this great network tool in the PsTools is fantastic for troubleshooting networks. Read all about it at https://technet.microsoft.com/en-us/sysinternals/psping.aspx.

13. PsService

PsService lets you view and manipulate services on both local and remote systems. Need to restart the DNS service on a DC without first logging on to it? Run a script to check the status of the BITS service on all systems? PsService is for you. Read all about it at https://technet.microsoft.com/en-us/sysinternals/psservice.

14. PsShutdown

Like shutdown on steroids, PsShutdown can also force log offs or just lock the console too. There’s a ton of switches documented at https://technet.microsoft.com/en-us/sysinternals/psshutdown.

15. PsSuspend

Not the last of the PsTools, but the last one in this article, PsSuspend can simply pause, or suspend, a process that you need to let finish, later. You know where to get it, and here’s where to read about it https://technet.microsoft.com/en-us/sysinternals/pssuspend.

16. Putty

Sure, PuTTy is more of a GUI than a cmd-line tool, but since you usually use the GUI to launch a terminal session to another host, skip the middle-man and just go straight to it. Use putty.exe with switches for -ssh, -telnet, -rlogin, or -raw and specify the remote host to get right into it. You can download PuTTy from http://www.chiark.greenend.org.uk/~sgtatham/putty/.

17. restart.cmd

A simple batch file I put on pretty much any server I use frequently; this just restarts whatever service I need to bounce. Syntax is simple.
net stop %1 && net start %1
For example, to restart the DNS server, I would just type at the cmd-line
restart dns

18. Rsh

Rsh is the remote shell, a clear-text cmd line shell that can connect to RSH services on Windows and Linux hosts. Like telnet but faster, and ssh without encryption, or even PsExec, it only comes in handy when connecting to a legacy Remote Shell service, but those pop up often enough to keep this close. Download it from http://www.ccs.neu.edu/home/bchafy/rsh_vista.html.

19. sha1sum

Like its MD5 cousin above, but more useful, since SHA checksums are often used to prove not only integrity of single files, but also entire images. You can grab this at ftp://ftp.gnupg.org/gcrypt/binary/sha1sum.exe.

20. Tcping

While perhaps not as fully featured as PsPing, I still prefer tcping because it has the ability to beep on up or down, which is dead useful when I bounce a server and need to know when I can finally log back into it, but also don’t feel like keeping an eye on it. Not that I would ever do that, say, during production hours! http://www.elifulkerson.com/projects/tcping.php for the down low, erm, download I mean.

21. Tcproute

When routers and firewalls block ICMP, they make me cry. If I need to learn a path but can’t use simple ICMP traceroute, tcproute does the trick. It’s also by Eli Fulkerson and available at http://www.elifulkerson.com/projects/tcproute.php.

22. Wget

Wget is a great tool for fetching content from websites…like, all the content. It can mirror a complete site, including all graphics, links, etc. and can be dead useful for grabbing a copy for later analysis or before it’s all gone.

23. Whois

Yet another great tool from the Sysinternals guys, whois lets you look up domain names and ip.addrs to get information about the owners. Use the -H switch to leave out a lot of the legal mumbo-jumbo. You can download whois from https://technet.microsoft.com/en-us/sysinternals/whois.


What cmd-line tools and utilities do you love most? Maybe you can help me fill in the blanks by leaving a comment with your personal favourites. Which cmd-line tools did I leave out, miss, or overlook and that you consider must-haves on any system you use?

Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.