As it concerns the CLI, I converted the page content to a suitable format (<80 column text, except for URLs); and I'm posting it here in case someone else finds it useful. And if you find some other tools ought to be included, just post them below.
# denotes Headers;
> precedes the command name (and if followed be !int, indicates it's an internal windows command);
An URL below the command points to an external command webpage; if the URL is at the end of the entry, then it's a command information page.
Code: Select all
The Command Line Toolkit For Windows
http://www.bleepingcomputer.com/tutorials/command-line-toolkit-for-windows/
# ADMINISTRATION AND TROUBLESHOOTING PROGRAMS
>AccessChk
http://technet.microsoft.com/en-us/sysinternals/bb664922
AccessChk lists the kind of permissions specific users or groups have to
resources including files, directories, Registry keys, global objects and
Windows services
>at !int
The AT command schedules commands and programs to run on a computer at a
specified time and date. The Schedule service must be running to use the AT
command.
>CoreInfo
http://technet.microsoft.com/en-us/sysinternals/cc835722
Coreinfo is a command-line utility that shows you the mapping between
logical processors and the physical processor, NUMA node, and socket on
which they reside, as well as the cache’s assigned to each logical
processor.
>driverquery !int
Displays a list of installed device drivers.
>MpCmdRun.exe !int
A command-line interface for Windows Defender. To execute this program you
must use the full path: %ProgramFiles%\Windows Defender\MpCmdRun.exe
>net !int
Various Windows management commands. More information can be found here.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/net_subcmds.mspx
>netsh !int
Netsh is a command-line scripting utility that allows you to, either locally
or remotely, display or modify the network configuration of a computer that
is currently running. More information can be found here.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/netsh.mspx
>powershell !int
Windows PowerShell is a task-based command-line shell and scripting language
designed especially for system administration. More information can be found
here.
http://msdn.microsoft.com/en-us/library/windows/desktop/dd835506%28v=vs.85%29.aspx
>PsLogList
http://technet.microsoft.com/en-us/sysinternals/bb897544
Allows you to list the contents of local or remote computer's Windows Event
Log.
>PsPasswd
http://technet.microsoft.com/en-us/sysinternals/bb897543
PsPasswd is a tool that lets you change an account password on the local or
remote systems.
>PsService
http://technet.microsoft.com/en-us/sysinternals/bb897542
Allows you to list and configure Windows services.
>runas !int
Run a program as another user.
>rundll32 !int
Execute functions exported in a DLL file.
>sc !int
Manage Windows Services.
>shutdown !int
Shutdown a local or remote computer.
>SigCheck
http://technet.microsoft.com/en-us/sysinternals/bb897441
Verify that images are digitally signed and dumps version information
contained within the file.
>UnixUtils
http://sourceforge.net/projects/unxutils/
A collection of Unix utilities that have been ported to Windows. These
utilities are very useful and include programs like grep, split, tar, dir,
etc.
>wmic !int
A program that allows command-line and batch file access to Windows
Management Instrumentation. More information can be found here.
http://technet.microsoft.com/en-us/library/bb742610.aspx
>WUInstall
http://wuinstall.com/index.php/en/free
A command-line Windows Update installer and management program.
# BOOT AND WINDOWS STARTUP PROGRAMS
>bcdboot !int
The bcdboot.exe command-line tool is used to copy critical boot files to the
system partition and to create a new system BCD store. More information can
be found at:
http://technet.microsoft.com/en-us/library/dd744347%28v=ws.15%29.aspx
>bcdedit !int
The Bcdedit.exe command-line tool modifies the boot configuration data
store. The boot configuration data store contains boot configuration
parameters and controls how the operating system is booted. This tool is for
Windows Vista and later. More information can be found at:
http://technet.microsoft.com/en-us/library/cc709667%28v=ws.15%29.aspx
>bootcfg !int
More information can be found at:
http://support.microsoft.com/kb/291980
>repair-bde !int
The bootcfg command is a Microsoft Windows Server 2003 utility that modifies
the Boot.ini file. This command has a function that can scan your computer's
hard disks for Microsoft Windows NT, Microsoft Windows 2000, Microsoft
Windows XP, and Windows Server 2003 installations, and then add them to an
existing Boot.ini file or rebuild a new Boot.ini file if one does not exist.
You can use the bootcfg command to add additional Boot.ini file parameters
to existing or new entries. More information can be found at:
http://support.microsoft.com/kb/317521
# FILE COMPARISON, SEARCH, AND VIEWING PROGRAMS
>comp !int
Compares the contents of two files or sets of files.
>findstr !int
Searches for strings in files. This is a powerful tool, but contains a
limited Regular Expression functionality. If you want a string searching
tool with greater RegExp functionality, you may want to use grep that is
part of the UnixUtils package.
>fc !int
Compares two files or sets of files and displays the differences between
them.
>more !int
Displays a file one page at a time.
>sort !int
Reads input, sorts data, and writes the results to the screen, to a file, or
to another device. More information about sort can be found at:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sort.mspx
>type !int
Displays the entire file to the screen.
# FILE PERMISSION AND MANAGEMENT PROGRAMS
>7Zip
http://www.7-zip.org/
Full featured archive program that can work with almost any archive type.
When adding this to your command-line folder, be sure to copy both 7z.exe &
7z.dll for it to work properly.
>attrib !int
Displays, sets, or removes the read-only, archive, system, and hidden
attributes assigned to files or directories. Used without parameters, attrib
displays attributes of all files in the current directory. More information
can be found at:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/attrib.mspx
>cd !int
Changes the current working directory.
>copy !int
Copy a file to another name or to a different folder.
>dir !int
List the files in a folder.
>File Checksum Integrity Verifier
http://support.microsoft.com/kb/841290
The File Checksum Integrity Verifier (FCIV) utility can generate MD5 or
SHA-1 hash values for files to compare the values against a known good
value. FCIV can compare hash values to make sure that the files have not
been changed.
>forfiles !int
Selects a file (or set of files) and executes a command on that file.
>Handle
http://technet.microsoft.com/en-us/sysinternals/bb896655
Handle is a utility that displays information about open handles for any
process in the system. You can use it to see the programs that have a file
open, or to see the object types and names of all the handles of a program.
>icacls !int
Displays or modifies discretionary access control lists (DACLs) on specified
files, and applies stored DACLs to files in specified directories. More
information about icacls can be found here.
>Junction
http://technet.microsoft.com/en-us/sysinternals/bb896768
Allows you to create, list, or delete Junctions in Windows.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa365006%28v=vs.85%29.aspx
>LADS
http://www.heysoft.de/en/software/lads.php?lang=EN
LADS will display a list of all alternate data streams found in a particular
folder.
>md5sum
http://www.etree.org/md5com.html
Lists the md5 has for a particular file or numerous files in a folder.
>move !int
Move a file or folder to another location.
>ren !int
Rename a file or folder.
>Sdelete
http://technet.microsoft.com/en-us/sysinternals/bb897443
You can use SDelete both to securely delete existing files, as well as to
securely erase any file data that exists in the unallocated portions of a
disk (including files that you have already deleted or encrypted). SDelete
implements the Department of Defense clearing and sanitizing standard DOD
5220.22-M, to give you confidence that once deleted with SDelete, your file
data is gone forever.
>sfc !int
Scans the integrity of all protected system files and replaces incorrect
versions with correct Microsoft versions.
>Strings
http://technet.microsoft.com/en-us/sysinternals/bb897439
Displays strings found within a file.
>xcopy !int
Copies files and directories, including subdirectories.
# FILESYSTEM MANAGEMENT PROGRAMS
>chkdsk !int
Checks a disk and displays a status report.
>defrag !int
Locates and consolidates fragmented files on local volumes to improve system
performance.
>diskpart !int
Diskpart allows you to manage and modify disk partitions. More information
about diskpart can be found at:
http://support.microsoft.com/kb/300415
>FixMBR !int
Repairs the master boot record of the boot disk. The fixmbr command is only
available when you are using the Recovery Console.
>recover !int
Recovers readable information from a bad or defective disk.
>takeown !int
This tool allows an administrator to recover access to a file that was
denied by re-assigning file ownership.
# NETWORK DIAGNOSTICS & ADMINISTRATION PROGRAMS
>arp !int
Displays and modifies the IP-to-Physical address translation tables used by
address resolution protocol (ARP). Useful for finding mac addresses of other
networked devices on your network.
>cURL
http://curl.haxx.se/
cURL is a command line tool for downloading web pages, entire sites, ftp
files, etc.
>ipconfig !int
Displays all current TCP/IP network configuration values and refreshes
Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS)
settings. Used without parameters, ipconfig displays the IP address, subnet
mask, and default gateway for all adapters. More information can be found at:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ipconfig.mspx
>Netcat
http://netcat.sourceforge.net/
Netcat is a featured networking utility which reads and writes data across
network connections, using the TCP/IP protocol. This is a very useful tool
for diagnosing network connections, open firewall ports, or for sending the
output of a local command to a remote computer.
>netstat !int
Displays protocol statistics and current TCP/IP network connections.
>Nmap
http://nmap.org/
Nmap ("Network Mapper") is a utility for network discovery and security
auditing. This program can quickly perform a TCP/IP audit of your network.
>nslookup !int
Nslookup allows you to perform DNS (Domain Name Service) resolution.
>pathping !int
The PathPing tool is a route tracing tool that combines features of Ping and
Tracert with additional information that neither of those tools provides.
PathPing sends packets to each router on the way to a final destination over
a period of time, and then computes results based on the packets returned
from each hop. Since PathPing shows the degree of packet loss at any given
router or link, you can pinpoint which routers or links might be causing
network problems. More information can be found at:
http://technet.microsoft.com/en-us/library/cc958876.aspx
>ping !int
Ping is a computer network administration utility used to test if you can
reach a host on an Internet Protocol (IP) network and to measure the
round-trip time for messages sent from the originating host to a destination
computer.
>PsFile
http://technet.microsoft.com/en-us/sysinternals/bb897552
PsFile is a command-line utility that shows a list of files on a system that
are opened remotely, and it also allows you to close opened files either by
name or by a file identifier.
>PsExec
http://technet.microsoft.com/en-us/sysinternals/bb897553
PsExec is a program that lets you execute processes on other systems,
complete with full interactive use for console applications, without having
to manually install client software. Please note that some anti-virus
vendors may detect this as "Remote Admin", but it is a legitimate tool from
Microsoft.
>PsLoggedOn
http://technet.microsoft.com/en-us/sysinternals/bb897545
PsLoggedOn is an program that displays both the locally logged on users and
users logged on via resources for either the local computer, or a remote
one. If you specify a user name instead of a computer, PsLoggedOn searches
the computers in the network neighborhood and tells you if the user is
currently logged on.
>route !int
Displays and modifies the entries in the local IP routing table. Used
without parameters, route displays help. More information can be found at:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/route.mspx
>tracert !int
Displays the path taken from TCP/IP packets as they traverse from your local
computer to a remote target. More information can be found at:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/tracert.mspx
>Wget
http://www.gnu.org/software/wget/
GNU Wget is a program for retrieving files using HTTP, HTTPS and FTP, the
most widely-used Internet protocols.
# PROCESS MANAGEMENT PROGRAMS
>ListDlls
http://technet.microsoft.com/en-us/sysinternals/bb896656
ListDLLs is a utility that reports the DLLs loaded into processes. You can
use it to list all DLLs loaded into all processes, into a specific process,
or to list the processes that have a particular DLL loaded.
>PsKill
http://technet.microsoft.com/en-us/sysinternals/bb896683
Allows you to terminate processes.
>PsList
http://technet.microsoft.com/en-us/sysinternals/bb896682
Lists all running processes.
>tasklist !int
Lists all running running processes and services. This program can also be
used to list what services are running under a particular svchost process.
For more information regarding how to do that, see:
http://www.bleepingcomputer.com/tutorials/list-services-running-under-svchostexe-process/#tasklist
>taskkill !int
This tool is used to terminate tasks by process id (PID) or image name.