One developers 5 favourite command-line tools

This post is for the tech-savvy people, so if you’re easily torn apart by terms such as “man page” “server side operations” and “cli”, you should probably stop reading now..

Continueing on.. find any developer/it-specialist out there, and there’s a good chance that he (or she?) has their own favourite collection of what that individual finds the best command line tools.
And well… So do I.

The following list is all tools I find myself using on a regular basis, either at work or at home.
some of them you may already find installed on your *nix distrobution of choice, others not, but you may have luck finding them in a package manager such as synaptic or homebrew.


rsync — a fast, versatile, remote (and local) file-copying tool.

rsync -ravez "ssh -p 222 -i id_rsa" user@host.tld:public_html/ ./ That’s all it would take to get a full mirrored clone, preserving timestamps, compressing content before transferring to save bandwidth,  of the files residing within the public_html/ folder on a remote server through an SSH tunnel.

Well basically, rsync is just a glorified version of the scp command.
And here’s the main reason why i prefer rsync over scp.

scp basically reads the source file and writes it to the destination. It performs a plain linear copy, locally, or over a network.

rsync also copies files locally or over a network. But it employs a special delta transfer algorithm and a few optimizations to make the operation a lot faster.

Both tools can be set to verify the integrity of the transfer as guaranteed by the cryptographic channel protocol. so if speed is none of your concern, either tool it fine.

get rsyncrsync man page (documentation)



HTtrack – website copier.

When an rsync mirror, and mysqldump just doesn’t cut it. One too many time i’ve been in the situation where i needed a recursive mirror-copy of a website with /a/hella/annoying/and/unrealistic/hireachical/structure.aspx. turns out it always turns out to be some proprietary CMS where FTP/SSH access cannot be granted to thirdparty  i’m looking at you dandomain

HTtrack basically crawls (optionally, recursively) the whole site putting all text/html content into directories locally, copying assets (images/stylesheets/javascript), and replaces source path with a configured base path prior to execution.

In short, you get a clone of the frontend for any given website, ready to upload to any domain.

This is useful, when your customer isn’t ready yet to ditch the old system, and want to keep it for a while.

download httrack



WPscan – a black box WordPress vulnerability scanner.

Staying in the realm of suspicious activity.. Sponsored by sucuri, I’d label this as an essential in your toolbox when you go ahead and perform those penetration tests.

wpscan can possibly enumerate all usernames (including administrators) find installed plugins, themes version numbers, full path disclosures and other juicy informations.

Additionally any enumerated plugin and/or theme will be checked against various vulnerability databases, such as vulndb, metasploit, exploit-db,.
Right of the batch, you’ll know whether or not a that site with “revolution slider” or “visual composer” (*cough*bloatware*cough*) installed is vulnerable.

The downside though, is wpscan can be a bit tricky to get up and running, as it requires a fairly new version of ruby and curl.
So if you don’t have kali linux or rvm installed, have fun setting up gpg keys, configuring rvm and compiling versions of ruby. 🙂

One should of course not put all his eggs in one basket, combine wpscan with tools such as nmap,SQLmap and or metasploit and you’re on your way to becoming a security researcher.

get wpscan – get SQLmap – get metasploit framework – get nmap



WP-Cli – The command line interface for WordPress

Another great wordpress command line tool. If you’ve ever worked with drupal you’ll probably already know what the drush command is capable of. wpis the wordpress alternative, to drush.
In short wp-cli is just an executable .phar archive, which you can download, and create an aliascommand for.

wp can update wordpress, intall, plugins and themes.
That of course is just all the basic stuff, but just like it’s drupal counterpart it can be extended by plugins and themes, to create an automated tasks.

Not that you wouldn’t be achieve the exact same with wordpress’ built-in cron function, and setting up a oneliner with crontab -e but hey. it’s cool right? I guess there’s a reason this isn’t more popular.

get wp-cli



PHPUnit – The PHP Testing framework

Unit tests for PHP. Every developer should test their code, and debunk nasty-ness prior to every release.. *sigh* i’m dreaming…

If you’re a developer/programmer, and you don’t know what unit tests is, shame on you, rtfm. otherwise you may be excused.

In short unit testing is an automated method of testing small pieces of code, within greater projects, by writing chunks functions that bombards that piece with different approaches and parameters, to assert whether it fails at the task given, or completes without error.

Combine phpunit with xdebug and you, may have a solid setup for killing those bugs before your next release.

Just like WP-cli, PHPUnit is just an executeable .phar file, so donwload it alias it, and run it.

get phpunit – get xdebug



Last but not least, executing the cowsay command as root was more fun than it should have been

install cowsay apt-get install cowsay and execute this for i in $(cowsay -l); do cowsay -f $i "$i"; sleep 2; done to view all cowsay figures.