Skip to content

Efficient CLI Tools for DevOps



DevOps engineers are responsible for managing and automating the development and deployment processes. They need efficient tools to streamline their tasks and increase productivity. CLI tools are essential for DevOps engineers to streamline their tasks and improve efficiency. In this blog post, we will explore some of the most powerful and useful command-line interface (CLI) tools that every DevOps engineer should have in their toolkit.

CLI Tools


  • GNU Bash: - is an sh-compatible shell that incorporates useful features from the Korn shell and C shell.
  • Zsh: - is a shell designed for interactive use, although it is also a powerful scripting language.
  • tclsh: - is a very powerful cross-platform shell, suitable for a huge range of uses.
  • bash-it: - is a framework for using, developing and maintaining shell scripts and custom commands.
  • Oh My ZSH!: - is the best framework for managing your Zsh configuration.
  • Oh My Fish: - the Fishshell framework.
  • Starship: - the cross-shell prompt written in Rust.
  • powerlevel10k: - is a fast reimplementation of Powerlevel9k ZSH theme.

Shell plugins

  • z: - tracks the folder you use the most and allow you to jump, without having to type the whole path.
  • fzf: - is a general-purpose command-line fuzzy finder.
  • zsh-autosuggestions: - Fish-like autosuggestions for Zsh.
  • zsh-syntax-highlighting: - Fish shell like syntax highlighting for Zsh.
  • Awesome ZSH Plugins: - A list of frameworks, plugins, themes and tutorials for ZSH.


  • Midnight Commander: - is a visual file manager, licensed under GNU General Public License.
  • ranger: - is a VIM-inspired filemanager for the console.
  • nnn: - is a tiny, lightning fast, feature-packed file manager.
  • screen: - is a full-screen window manager that multiplexes a physical terminal.
  • tmux: - is a terminal multiplexer, lets you switch easily between several programs in one terminal.
  • tmux-cssh: - is a tool to set comfortable and easy to use functionality, clustering and synchronizing tmux-sessions.

Text editors

  • vi: - is one of the most common text editors on Unix.
  • vim: - is a highly configurable text editor.
  • emacs: - is an extensible, customizable, free/libre text editor, and more.
  • micro: - is a modern and intuitive terminal-based text editor.
  • neovim: - is a free open source, powerful, extensible and usable code editor.
  • spacemacs: - a community-driven Emacs distribution.
  • spacevim: - a community-driven vim distribution.

Files and directories

  • fd: - is a simple, fast and user-friendly alternative to find.
  • ncdu: - is an easy to use, fast disk usage analyzer.


  • PuTTY: - is an SSH and telnet client, developed originally by Simon Tatham.
  • Mosh: - is a SSH wrapper designed to keep a SSH session alive over a volatile connection.
  • Eternal Terminal: - enables mouse-scrolling and tmux commands inside the SSH session.
  • nmap: - is a free and open source (license) utility for network discovery and security auditing.
  • zmap: - is a fast single packet network scanner designed for Internet-wide network surveys.
  • Rust Scan: - to find all open ports faster than Nmap.
  • masscan: - is the fastest Internet port scanner, spews SYN packets asynchronously.
  • pbscan: - is a faster and more efficient stateless SYN scanner and banner grabber.
  • hping: - is a command-line oriented TCP/IP packet assembler/analyzer.
  • mtr: - is a tool that combines the functionality of the ‘traceroute’ and ‘ping’ programs in a single tool.
  • mylg: - utility which combines the functions of the different network probes in one diagnostic tool.
  • netcat: - utility which reads and writes data across network connections, using the TCP/IP protocol.
  • socat: - utility which transfers data between two objects.
  • tcpdump: - is a powerful command-line packet analyzer.
  • tshark: - is a tool that allows us to dump and analyze network traffic (wireshark cli).
  • Termshark: - is a simple terminal user-interface for tshark.
  • ngrep: - is like GNU grep applied to the network layer.
  • netsniff-ng: - is a Swiss army knife for your daily Linux network plumbing if you will.
  • sockdump: - dump unix domain socket traffic.
  • stenographer: - is a packet capture solution which aims to quickly spool all packets to disk.
  • tcpterm: - visualize packets in TUI.
  • bmon: - is a monitoring and debugging tool to capture networking related statistics and prepare them visually.
  • iptraf-ng: - is a console-based network monitoring program for Linux that displays information about IP traffic.
  • vnstat: - is a network traffic monitor for Linux and BSD.
  • iPerf3: - is a tool for active measurements of the maximum achievable bandwidth on IP networks.
  • ethr: - is a Network Performance Measurement Tool for TCP, UDP & HTTP.
  • Etherate: - is a Linux CLI based Ethernet and MPLS traffic testing tool.
  • echoip: - is a IP address lookup service.
  • Nemesis: - packet manipulation CLI tool; craft and inject packets of several protocols.
  • packetfu: - a mid-level packet manipulation library for Ruby.
  • Scapy: - packet manipulation library; forge, send, decode, capture packets of a wide number of protocols.
  • impacket: - is a collection of Python classes for working with network protocols.
  • ssh-audit: - is a tool for SSH server auditing.
  • aria2: - is a lightweight multi-protocol & multi-source command-line download utility.
  • iptables-tracer: - observe the path of packets through the iptables chains.
  • inception: - a highly configurable tool to check for whatever you like against any number of hosts.
  • mRemoteNG: - a fork of mRemote, multi-tabbed PuTTy on steroids!

Network (DNS)

  • dnsdiag: - is a DNS diagnostics and performance measurement tools.
  • fierce: - is a DNS reconnaissance tool for locating non-contiguous IP space.
  • subfinder: - is a subdomain discovery tool that discovers valid subdomains for websites.
  • sublist3r: - is a fast subdomains enumeration tool for penetration testers.
  • amass: - is tool that obtains subdomain names by scraping data sources, crawling web archives, and more.
  • namebench: - provides personalized DNS server recommendations based on your browsing history.
  • massdns: - is a high-performance DNS stub resolver for bulk lookups and reconnaissance.
  • knock: - is a tool to enumerate subdomains on a target domain through a wordlist.
  • dnsperf: - DNS performance testing tools.
  • dnscrypt-proxy 2: - a flexible DNS proxy, with support for encrypted DNS protocols.
  • dnsdbq: - API client providing access to passive DNS database systems.
  • grimd: - fast dns proxy, built to black-hole internet advertisements and malware servers.
  • dnstwist: - detect typosquatters, phishing attacks, fraud, and brand impersonation.

Network (HTTP)

  • curl: - is a command line tool and library for transferring data with URLs.
  • kurly: - is an alternative to the widely popular curl program, written in Golang.
  • HTTPie: - is an user-friendly HTTP client.
  • wuzz: - is an interactive cli tool for HTTP inspection.
  • h2spec: - is a conformance testing tool for HTTP/2 implementation.
  • h2t: - is a simple tool to help sysadmins to hardening their websites.
  • - is a simple Swiss Army knife for http/https troubleshooting and profiling.
  • httpstat: - is a tool that visualizes curl statistics in a way of beauty and clarity.
  • httplab: - is an interactive web server.
  • Lynx: - is a text browser for the World Wide Web.
  • Browsh: - is a fully interactive, real-time, and modern text-based browser.
  • HeadlessBrowsers: - a list of (almost) all headless web browsers in existence.
  • ab: - is a single-threaded command line tool for measuring the performance of HTTP web servers.
  • siege: - is an http load testing and benchmarking utility.
  • wrk: - is a modern HTTP benchmarking tool capable of generating significant load.
  • wrk2: - is a constant throughput, correct latency recording variant of wrk.
  • vegeta: - is a constant throughput, correct latency recording variant of wrk.
  • bombardier: - is a fast cross-platform HTTP benchmarking tool written in Go.
  • gobench: - http/https load testing and benchmarking tool.
  • hey: - HTTP load generator, ApacheBench (ab) replacement, formerly known as rakyll/boom.
  • boom: - is a script you can use to quickly smoke-test your web app deployment.
  • SlowHTTPTest: - is a tool that simulates some Application Layer Denial of Service attacks by prolonging HTTP.
  • gobuster: - is a free and open source directory/file & DNS busting tool written in Go.
  • ssllabs-scan: - command-line reference-implementation client for SSL Labs APIs.
  • http-observatory: - Mozilla HTTP Observatory cli version.
  • Hurl: - is a command line tool to run and test HTTP requests with plain text.


  • openssl: - is a robust, commercial-grade, and full-featured toolkit for the TLS and SSL protocols.
  • gnutls-cli: - client program to set up a TLS connection to some other computer.
  • sslyze
    • fast and powerful SSL/TLS server scanning library.
  • sslscan: - tests SSL/TLS enabled services to discover supported cipher suites.
  • - testing TLS/SSL encryption anywhere on any port.
  • cipherscan: - a very simple way to find out which SSL ciphersuites are supported by a target.
  • spiped: - is a utility for creating symmetrically encrypted and authenticated pipes between socket addresses.
  • Certbot: - is EFF’s tool to obtain certs from Let’s Encrypt and (optionally) auto-enable HTTPS on your server.
  • mkcert: - simple zero-config tool to make locally trusted development certificates with any names you’d like.
  • certstrap: - tools to bootstrap CAs, certificate requests, and signed certificates.
  • Sublert: - is a security and reconnaissance tool to automatically monitor new subdomains.
  • mkchain: - open source tool to help you build a valid SSL certificate chain.
  • ssl-cert-check: - SSL Certification Expiration Checker.


  • SELinux: - provides a flexible Mandatory Access Control (MAC) system built into the Linux kernel.
  • AppArmor: - proactively protects the operating system and applications from external or internal threats.
  • grapheneX: - Automated System Hardening Framework.
  • DevSec Hardening Framework: - Security + DevOps: Automatic Server Hardening.

Auditing Tools

  • ossec: - actively monitoring all aspects of system activity with file integrity monitoring.
  • auditd: - provides a way to track security-relevant information on your system.
  • Tiger: - is a security tool that can be use both as a security audit and intrusion detection system.
  • Lynis: - battle-tested security tool for systems running Linux, macOS, or Unix-based operating system.
  • LinEnum: - scripted Local Linux Enumeration & Privilege Escalation Checks.
  • Rkhunter: - scanner tool for Linux systems that scans backdoors, rootkits and local exploits on your systems.
  • PE-sieve: - is a light-weight tool that helps to detect malware running on the system.
  • PEASS: - privilege escalation tools for Windows and Linux/Unix and MacOS.

System Diagnostics/Debuggers

  • strace: - diagnostic, debugging and instructional userspace utility for Linux.
  • DTrace: - is a performance analysis and troubleshooting tool.
  • ltrace: - is a library call tracer, used to trace calls made by programs to library functions.
  • ptrace-burrito: - is a friendly wrapper around ptrace.
  • perf-tools: - performance analysis tools based on Linux perf_events (aka perf) and ftrace.
  • bpftrace: - high-level tracing language for Linux eBPF.
  • sysdig: - system exploration and troubleshooting tool with first class support for containers.
  • Valgrind: - is an instrumentation framework for building dynamic analysis tools.
  • gperftools: - high-performance multi-threaded malloc() implementation, plus some performance analysis tools.
  • glances: - cross-platform system monitoring tool written in Python.
  • htop: - interactive text-mode process viewer for Unix systems. It aims to be a better ‘top’.
  • bashtop: - Linux resource monitor written in pure Bash.
  • nmon: - a single executable for performance monitoring and data analysis.
  • atop: - ASCII performance monitor. Includes statistics for CPU, memory, disk, swap, network, and processes.
  • lsof: - displays in its output information about files that are opened by processes.
  • FlameGraph: - stack trace visualizer.
  • lsofgraph: - convert Unix lsof output to a graph showing FIFO and UNIX interprocess communication.
  • rr: - is a lightweight tool for recording, replaying and debugging execution of applications.
  • Performance Co-Pilot: - a system performance analysis toolkit.
  • hexyl: - a command-line hex viewer.
  • Austin: - Python frame stack sampler for CPython.

Log Analyzers

  • angle-grinder: - slice and dice log files on the command line.
  • lnav: - log file navigator with search and automatic refresh.
  • GoAccess: - real-time web log analyzer and interactive viewer that runs in a terminal.
  • ngxtop: - real-time metrics for nginx server.


  • usql: - universal command-line interface for SQL databases.
  • pgcli: - postgres CLI with autocompletion and syntax highlighting.
  • mycli: - terminal client for MySQL with autocompletion and syntax highlighting.
  • litecli: - SQLite CLI with autocompletion and syntax highlighting.
  • mssql-cli: - SQL Server CLI with autocompletion and syntax highlighting.
  • OSQuery: - is a SQL powered operating system instrumentation, monitoring, and analytics framework.
  • pgsync: - sync data from one Postgres database to another.
  • iredis: - a terminal client for redis with autocompletion and syntax highlighting.
  • SchemaCrawler: - generates an E-R diagram of your database.


  • Nipe: - script to make Tor Network your default gateway.
  • multitor: - a tool that lets you create multiple TOR instances with a load-balancing.

Messengers/IRC Clients

  • Irssi: - is a free open source terminal based IRC client.
  • WeeChat: - is an extremely extensible and lightweight IRC client.


  • taskwarrior: - task management system, todo list


  • sysadmin-util: - tools for Linux/Unix sysadmins.
  • incron: - is an inode-based filesystem notification technology.
  • lsyncd: - synchronizes local directories with remote targets (Live Syncing Daemon).
  • GRV: - is a terminal based interface for viewing Git repositories.
  • Tig: - text-mode interface for Git.
  • tldr: - simplified and community-driven man pages.
  • archiver: - easily create and extract .zip, .tar, .tar.gz, .tar.bz2, .tar.xz, .tar.lz4,, and .rar.
  • commander.js: - minimal CLI creator in JavaScript.
  • gron: - make JSON greppable!
  • bed: - binary editor written in Go.


Leave a message

  • Welcome to visit the knowledge base of SRE and DevOps!
  • License under CC BY-NC 4.0
  • Made with Material for MkDocs and improve writing by generative AI tools
  • Copyright issue feedback, replace # with @