Tested Commands Reference

Complete record of all commands executed and verified on 2026-02-09.

System Info

Host: modestus-razer
Kernel: 6.18.8-arch2-1
OS: Arch Linux (rolling)
User: evanusmodestus
Domain: INSIDE.DOMUSDIGITALIS.DEV
DC: home-dc01.inside.domusdigitalis.dev (10.50.1.50)

Regex & PCRE Pattern Matching

IP Address Extraction (Basic)

echo "Server at 192.168.1.201 responded, also check 10.0.0.1" | grep -oP '\b(?:\d{1,3}\.){3}\d{1,3}\b'
Output
192.168.1.201
10.0.0.1

Strict IPv4 Validation (0-255 Range Check)

printf "192.168.1.1\n256.1.1.1\n10.0.0.255\n999.999.999.999\n" | grep -P '^(?:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)\.){3}(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)$'
Output (only valid IPs pass)
192.168.1.1
10.0.0.255

Password Complexity Validation

# Must have: uppercase, lowercase, digit, special char, 12+ chars
printf "weak\nStrongPass123!\nNoSpecial123\nShort1!\n" | grep -P '^(?=.*[A-Z])(?=.*[a-z])(?=.*\d)(?=.*[!@#$%^&*]).{12,}$'
Output
StrongPass123!

The \K Trick (Reset Match Start)

echo "error: something bad happened" | grep -oP 'error: \K.*'
Output
something bad happened

Named Capture Groups with Perl

echo '192.168.1.50 - - [15/Jan/2024:10:30:00] "GET /api/users" 200' | \
  perl -ne 'print "IP: $+{ip}, Status: $+{status}\n" if /(?<ip>\d+\.\d+\.\d+\.\d+).*?"(?<method>\w+) (?<path>[^"]+)" (?<status>\d+)/'
Output
IP: 192.168.1.50, Status: 200

Recursive Balanced Parentheses (PCRE Magic)

echo "func(a, inner(b, c), d)" | grep -oP '\((?:[^()]+|(?R))*\)'
Output
(a, inner(b, c), d)

JWT Token Extraction

echo 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c' | \
  grep -oP 'eyJ[A-Za-z0-9_-]*\.eyJ[A-Za-z0-9_-]*\.[A-Za-z0-9_-]*'
Output
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

camelCase to snake_case Conversion

echo "getUserNameFromDatabase" | sed -E 's/([a-z])([A-Z])/\1_\L\2/g'
Output
get_user_name_from_database

Strip ANSI Color Codes

printf '\e[31mRED\e[0m \e[32mGREEN\e[0m \e[1;34mBOLD BLUE\e[0m' | sed 's/\x1b\[[0-9;]*m//g'
Output
RED GREEN BOLD BLUE

Semver Extraction

echo "Released v2.1.0-beta.1+build.123 and also version 1.0.0" | grep -oP '\bv?\d+\.\d+\.\d+(?:-[\w.]+)?(?:\+[\w.]+)?\b'
Output
v2.1.0-beta.1+build.123
1.0.0

Conditional Phone Number Pattern

# Matches (555)123-4567 OR 555-123-4567 based on opening paren
printf "(555)123-4567\n555-123-4567\n5551234567\n" | grep -P '(\()?\d{3}(?(1)\)|-)\d{3}-\d{4}'
Output
(555)123-4567
555-123-4567

Email Extraction

echo "Contact support@example.com or sales.team@company.co.uk for help" | grep -oE '[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}'
Output
support@example.com
sales.team@company.co.uk

MAC Address Extraction

echo "Interface eth0: 00:1a:2b:3c:4d:5e connected" | grep -ioE '([0-9a-f]{2}:){5}[0-9a-f]{2}'
Output
00:1a:2b:3c:4d:5e

JSON Value Extraction Without jq

echo '{"name": "modestus", "role": "admin", "id": 42}' | grep -oP '"name"\s*:\s*"\K[^"]+'
Output
modestus

Remove Duplicates Preserving Order

printf "apple\nbanana\napple\ncherry\nbanana\ndate\n" | awk '!seen[$0]++'
Output
apple
banana
cherry
date

Negative Lookbehind

echo "test_id user_id debug_id session_id" | grep -oP '(?<!test_)(?<!debug_)\b\w+_id\b'
Output
user_id
session_id

Heredocs & Herestrings

Heredoc with Regex Extraction

grep -oP '\d+\.\d+\.\d+\.\d+' <<'EOF'
Server 192.168.1.1 is up
Gateway at 10.0.0.1
Remote: 8.8.8.8
EOF
Output
192.168.1.1
10.0.0.1
8.8.8.8

Herestring to awk

awk -F: '{print $1, $NF}' <<< "root:x:0:0:root:/root:/bin/bash"
Output
root /bin/bash

sed Transform with Heredoc

sed -E 's/([0-9]+)/[\1]/g; s/error/ERROR/gi' <<'DATA'
Found 3 errors on line 42
error: memory at 0x7fff
DATA
Output
Found [3] ERRORs on line [42]
ERROR: memory at [0]x[7]fff

Brace Expansion in Heredoc with Command Substitution

cat <<EOF
Files: $(echo /etc/{passwd,shadow,group} 2>/dev/null | tr ' ' '\n' | xargs -I{} sh -c 'test -r {} && echo {} readable')
EOF
Output
Files: /etc/passwd readable
/etc/group readable

JSON Generation with Heredoc

cat <<JSON
{
  "hostname": "$(hostname)",
  "kernel": "$(uname -r)",
  "uptime": "$(uptime -p)",
  "ips": [$(ip -4 addr show | grep -oP 'inet \K[\d.]+' | paste -sd, | sed 's/,/", "/g; s/^/"/; s/$/"/')"]
}
JSON
Output
{
  "hostname": "",
  "kernel": "6.18.8-arch2-1",
  "uptime": "up 1 day, 3 minutes",
  "ips": ["127.0.0.1", "10.50.10.103", "192.168.122.1", "172.18.0.1", "172.19.0.1", "172.21.0.1", "172.17.0.1""]
}

sed Range Extraction

cat <<'DATA' | sed -n '/START/,/END/p'
before
START
include this
and this
END
after
DATA
Output
START
include this
and this
END

Process Substitution & Streams

Diff Two Command Outputs

diff <(echo "line1"; echo "line2") <(echo "line1"; echo "line3")
Output
2c2
< line2
---
> line3

Multi-stream Paste

paste <(seq 1 3) <(echo -e "a\nb\nc") <(echo -e "x\ny\nz")
Output
1	a	x
2	b	y
3	c	z

Tee with Multiple Process Substitutions

echo "test data" | tee >(grep -o 'test') >(wc -c) >/dev/null
Output
10
test

Custom File Descriptor with Herestring

exec 3<<< "data from fd3"
cat <&3
exec 3<&-
Output
data from fd3

Multi-stream Capture (stdout + stderr)

{ echo "stdout"; echo "stderr" >&2; } 2>&1 | grep -E 'std(out|err)'
Output
stdout
stderr

Compare Sorted Streams with comm

comm -3 <(echo -e "a\nb\nc") <(echo -e "b\nc\nd")
Output
a
	d

Paste and Column for Table Formatting

paste <(echo -e "User\nroot\nevanusmodestus") <(echo -e "UID\n0\n1000") <(echo -e "Shell\n/bin/bash\n/bin/bash") | column -t
Output
User            UID   Shell
root            0     /bin/bash
evanusmodestus  1000  /bin/bash

Parameter Expansion

var="hello.world.txt"
echo "Original: $var"
echo "Extension: ${var##*.}"
echo "Basename: ${var%.*}"
echo "First part: ${var%%.*}"
echo "Replace: ${var/world/UNIVERSE}"
Output
Original: hello.world.txt
Extension: txt
Basename: hello.world
First part: hello
Replace: hello.UNIVERSE.txt

Command Chaining & Parallel Execution

Glob + Pipe + xargs + Regex Pipeline

ls /usr/bin/[a-c]* 2>/dev/null | xargs -I{} sh -c 'file "{}" | grep -q "script" && echo "{}"' | head -5
Output (script files starting with a-c)
/usr/bin/authorindex
/usr/bin/bookshelf-listallfonts
/usr/bin/bookshelf-mkfontsel
/usr/bin/cachepic

Parallel Ping Check with xargs -P

echo -e "google.com\ngithub.com\ncloudflare.com" | xargs -P3 -I{} sh -c 'ping -c1 -W1 {} >/dev/null 2>&1 && echo "{} UP" || echo "{} DOWN"'
Output
google.com UP
cloudflare.com UP
github.com UP

Parallel Execution with Wait

{ sleep 0.1; echo "A done"; } &
{ sleep 0.05; echo "B done"; } &
wait
echo "All complete"
Output
B done
A done
All complete

Arithmetic Conditionals in Loop

for i in {1..5}; do
  ((i % 2 == 0)) && echo "$i is even" || echo "$i is odd"
done
Output
1 is odd
2 is even
3 is odd
4 is even
5 is odd

Complex Find + Format + Sort Pipeline

find /var/log -type f -size +1k 2>/dev/null | head -5 | while read f; do
  size=$(stat -c%s "$f" 2>/dev/null)
  printf "%10d %s\n" "${size:-0}" "$f"
done | sort -rn
Output
  33554432 /var/log/journal/.../system@....journal~
   8388608 /var/log/journal/.../user-1000@....journal~
    417091 /var/log/pacman.log

Bash Regex Capture Groups (BASH_REMATCH)

line="2024-01-15 ERROR: Connection failed"
if [[ $line =~ ^([0-9-]+)\ ([A-Z]+):\ (.*)$ ]]; then
  echo "Date: ${BASH_REMATCH[1]}"
  echo "Level: ${BASH_REMATCH[2]}"
  echo "Message: ${BASH_REMATCH[3]}"
fi
Output
Date: 2024-01-15
Level: ERROR
Message: Connection failed

Associative Arrays from Heredoc

declare -A ports
while IFS=: read name port; do
  ports[$name]=$port
done <<< $'ssh:22\nhttp:80\nhttps:443'
for svc in "${!ports[@]}"; do
  echo "$svc -> ${ports[$svc]}"
done
Output
ssh -> 22
https -> 443
http -> 80

Text Processing

Character Frequency Analysis

echo "hello world" | grep -o . | sort | uniq -c | sort -rn
Output
      3 l
      2 o
      1 w
      1 r
      1 h
      1 e
      1 d
      1

Printf Table Formatting

printf "%-10s %5s %8s\n" "NAME" "PID" "MEM"
printf "%-10s %5d %7.1f%%\n" "firefox" 48189 1.9
printf "%-10s %5d %7.1f%%\n" "claude" 13538 1.2
Output
NAME         PID      MEM
firefox    48189     1.9%
claude     13538     1.2%

Perl Capitalize First Letter of Each Word

echo "The quick brown fox" | perl -pe 's/\b(\w)/\U$1/g'
Output
The Quick Brown Fox

awk Parse /etc/passwd for Shells

awk -F: '/^[^#]/ && $NF ~ /sh$/ {print $1": "$NF}' /etc/passwd | head -5
Output
root: /usr/bin/bash
evanusmodestus: /bin/bash
gitea: /bin/bash

Log Hourly Aggregation with awk

journalctl --no-pager -n 50 2>/dev/null | awk '
  /^[A-Z][a-z]{2} [0-9]+ [0-9:]+/ {
    gsub(/[^0-9]/, "", $3);
    hour=substr($3,1,2);
    count[hour]++
  }
  END {
    for(h in count) printf "%02d:00 - %d msgs\n", h, count[h]
  }' | sort
Output
23:00 - 50 msgs

NetworkManager (nmcli)

List All Connections

nmcli connection show
Output
NAME                 UUID                                  TYPE      DEVICE
Domus-Secure-802.1X  8dbd3d7d-406e-4ac9-b303-be0a1b40bd86  wifi      wlan0
br-1a64fdac6aa5      b65ebe19-9e76-4889-82fc-c5b21686815f  bridge    br-1a64fdac6aa5
lo                   62e46b5e-099f-49d5-90a2-a854da4ebd59  loopback  lo
docker0              7c794102-5102-4d1b-99c9-5c2ac2e13671  bridge    docker0
virbr0               340a229e-3829-4f46-bb1b-7bb9764f1ae2  bridge    virbr0
Wired-802.1X         6730f285-c9f4-4a7d-95f3-93287dbddf35  ethernet  --
Wired-802.1X-Vault   3f9fefb8-4da8-4a45-9c86-971b20afee42  ethernet  --

Device Status

nmcli device status
Output
DEVICE           TYPE      STATE                   CONNECTION
wlan0            wifi      connected               Domus-Secure-802.1X
br-1a64fdac6aa5  bridge    connected (externally)  br-1a64fdac6aa5
lo               loopback  connected (externally)  lo
docker0          bridge    connected (externally)  docker0
virbr0           bridge    connected (externally)  virbr0
p2p-dev-wlan0    wifi-p2p  disconnected            --
enp130s0         ethernet  unavailable             --

WiFi Network List

nmcli device wifi list
Output
IN-USE  BSSID              SSID          MODE   CHAN  RATE         SIGNAL  BARS  SECURITY
        78:BC:1A:36:82:C1  Domus-Secure  Infra  6     195 Mbit/s   99      ▂▄▆█  WPA2 802.1X
        78:BC:1A:36:82:C0  Domus-IoT     Infra  6     195 Mbit/s   99      ▂▄▆█  WPA2
*       78:BC:1A:36:82:CE  Domus-Secure  Infra  52    1170 Mbit/s  83      ▂▄▆█  WPA2 802.1X
        AC:DF:9F:4F:B4:A6  TMOBILE73     Infra  6     540 Mbit/s   50      ▂▄__  WPA2 WPA3

Connection Details (802.1X)

nmcli connection show "Domus-Secure-802.1X" | grep -E "^(connection|802-1x|ipv4)" | head -15
Output
connection.id:                          Domus-Secure-802.1X
connection.uuid:                        8dbd3d7d-406e-4ac9-b303-be0a1b40bd86
connection.type:                        802-11-wireless
connection.autoconnect:                 yes
connection.timestamp:                   1770666955

Socket Statistics (ss)

Listening Ports

ss -tulnp
Output
Netid State  Recv-Q Send-Q  Local Address:Port  Peer Address:Port Process
udp   UNCONN 0      0       192.168.122.1:53         0.0.0.0:*
udp   UNCONN 0      0      0.0.0.0%virbr0:67         0.0.0.0:*
udp   UNCONN 0      0             0.0.0.0:111        0.0.0.0:*
tcp   LISTEN 0      32      192.168.122.1:53         0.0.0.0:*
tcp   LISTEN 0      4096          0.0.0.0:5433       0.0.0.0:*
tcp   LISTEN 0      128           0.0.0.0:22         0.0.0.0:*

Established Connections with Process Info

ss -tnp state established
Output
Recv-Q Send-Q Local Address:Port    Peer Address:Port Process
0      0       10.50.10.103:38320 104.17.111.184:443   users:(("firefox",pid=48189,fd=144))
0      0       10.50.10.103:44614   140.82.113.3:22    users:(("ssh",pid=2407932,fd=3))
0      0       10.50.10.103:33040     10.50.1.50:22022 users:(("ssh",pid=823783,fd=3))

IP Commands

ARP Neighbors

ip neigh show
Output
10.50.10.1 dev wlan0 lladdr 52:54:00:a2:7f:78 REACHABLE

Routing Table

ip route show
Output
default via 10.50.10.1 dev wlan0 proto dhcp src 10.50.10.103 metric 600
10.50.10.0/24 dev wlan0 proto kernel scope link src 10.50.10.103 metric 600
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-1a64fdac6aa5 proto kernel scope link src 172.18.0.1
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown

nmap Network Enumeration

Ping Sweep Local Subnet

nmap -sn 10.50.10.0/24
Output
Nmap scan report for 10.50.10.1
Host is up (0.0029s latency).
Nmap scan report for 10.50.10.103
Host is up (0.000061s latency).
Nmap scan report for 10.50.10.114
Host is up (0.098s latency).
Nmap scan report for 10.50.10.122
Host is up (0.017s latency).
Nmap scan report for 10.50.10.138
Host is up (0.073s latency).

Domain Controller Port Scan

nmap -p 53,88,389,636,445,3268,3269 10.50.10.1 --open
Output
PORT   STATE SERVICE
53/tcp open  domain

Full Port Scan of Domain Controller

nmap -sT -p- --min-rate=1000 10.50.1.50
Output
53/tcp    open  domain
88/tcp    open  kerberos-sec
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
389/tcp   open  ldap
445/tcp   open  microsoft-ds
464/tcp   open  kpasswd5
593/tcp   open  http-rpc-epmap
636/tcp   open  ldapssl
3268/tcp  open  globalcatLDAP
3269/tcp  open  globalcatLDAPssl
5985/tcp  open  wsman
9389/tcp  open  adws
22022/tcp open  unknown
47001/tcp open  winrm

Ping Sweep 192.168.1.x (Lab Network)

nmap -sn 192.168.1.0/24
Output
Nmap scan report for 192.168.1.184
Host is up (0.0027s latency).
Nmap scan report for 192.168.1.185
Host is up (0.013s latency).
Nmap scan report for 192.168.1.201
Host is up (0.010s latency).
Nmap scan report for 192.168.1.254
Host is up (0.0067s latency).

KVM Host Port Scan

nmap -p 9090,22,80,443 192.168.1.201 --open
Output
PORT     STATE SERVICE
22/tcp   open  ssh
9090/tcp open  zeus-admin

Gateway Ping Scan

nmap -sn 10.50.10.1
Output
Nmap scan report for 10.50.10.1
Host is up (0.0047s latency).

DNS Enumeration

DNS ANY Query

dig +short any inside.domusdigitalis.dev
Output
10.50.1.50
home-dc01.inside.domusdigitalis.dev.
home-dc01.inside.domusdigitalis.dev. hostmaster.inside.domusdigitalis.dev. 21 900 600 86400 3600

Zone Transfer Attempt

dig axfr inside.domusdigitalis.dev @10.50.1.50
Output
; Transfer failed.

Reverse DNS Lookups

for ip in 10.50.10.1 10.50.10.114 10.50.10.122 10.50.10.138 192.168.1.201; do
  name=$(dig +short -x $ip 2>/dev/null)
  echo "$ip -> ${name:-[no PTR]}"
done
Output
10.50.10.1 -> [no PTR]
10.50.10.114 -> [no PTR]
10.50.10.122 -> [no PTR]
10.50.10.138 -> [no PTR]
192.168.1.201 -> [no PTR]

Kerberos

List Tickets

klist
Output
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: evanusmodestus@INSIDE.DOMUSDIGITALIS.DEV

Valid starting       Expires              Service principal
02/09/2026 16:34:58  02/10/2026 02:34:58  krbtgt/INSIDE.DOMUSDIGITALIS.DEV@INSIDE.DOMUSDIGITALIS.DEV
	renew until 02/10/2026 16:34:49

Kerberos Configuration

cat /etc/krb5.conf | grep -E "^\s*(default_realm|kdc|admin_server)"
Output
      default_realm = INSIDE.DOMUSDIGITALIS.DEV
          kdc = home-dc01.inside.domusdigitalis.dev
          admin_server = home-dc01.inside.domusdigitalis.dev

LDAP Enumeration (Kerberos Authenticated)

List Domain Computers

ldapsearch -Y GSSAPI -H ldap://home-dc01.inside.domusdigitalis.dev \
  -b "dc=inside,dc=domusdigitalis,dc=dev" "(objectClass=computer)" cn
Output
dn: CN=HOME-DC01,OU=Domain Controllers,DC=inside,DC=domusdigitalis,DC=dev
cn: HOME-DC01
dn: CN=ISE-02,CN=Computers,DC=inside,DC=domusdigitalis,DC=dev
cn: ISE-02

List Domain Users

ldapsearch -Y GSSAPI -H ldap://home-dc01.inside.domusdigitalis.dev \
  -b "dc=inside,dc=domusdigitalis,dc=dev" \
  "(&(objectClass=user)(objectCategory=person))" sAMAccountName
Output
dn: CN=Administrator,CN=Users,DC=inside,DC=domusdigitalis,DC=dev
sAMAccountName: Administrator
dn: CN=Guest,CN=Users,DC=inside,DC=domusdigitalis,DC=dev
sAMAccountName: Guest
dn: CN=krbtgt,CN=Users,DC=inside,DC=domusdigitalis,DC=dev
sAMAccountName: krbtgt
dn: CN=Evan Rosado,OU=Admins,OU=User Accounts,DC=inside,DC=domusdigitalis,DC=dev
sAMAccountName: evanusmodestus

SMB Enumeration (Kerberos Authenticated)

smbclient -L //home-dc01.inside.domusdigitalis.dev -k
Output
	Sharename       Type      Comment
	---------       ----      -------
	ADMIN$          Disk      Remote Admin
	C$              Disk      Default share
	IPC$            IPC       Remote IPC
	NETLOGON        Disk      Logon server share
	SYSVOL          Disk      Logon server share
SMB1 disabled -- no workgroup available

Forensics & Security

Journal Error Log

journalctl -p err --no-pager -n 10
Output
Feb 09 23:10:38 modestus-razer ldap_child[2442465]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'MODESTUS-RAZER$@INSIDE.DOMUSDIGITALIS.DEV' not found in Kerberos database.

Error Aggregation

journalctl -p err --no-pager -b | grep -oP '(?<=\]: ).*' | sort | uniq -c | sort -rn | head -10
Output
1904 Failed to initialize credentials using keytab...
   6 pam_unix(sudo:auth): conversation failed
   6 pam_unix(sudo:auth): auth could not identify password for [evanusmodestus]
   3 src/service.c:service_accept() batt-profile profile accept failed
   2 Cannot find 'dmidecode' in path: No such file or directory
   1 Random seed file '/boot/efi/loader/random-seed' is world accessible

Failed systemd Units

systemctl --failed --no-pager
Output
  UNIT             LOAD   ACTIVE SUB    DESCRIPTION
● nftables.service loaded failed failed Netfilter Tables

1 loaded units listed.

Find SUID Binaries

find /usr/bin -perm -4000 2>/dev/null | head -10
Output
/usr/bin/ksu
/usr/bin/chage
/usr/bin/expiry
/usr/bin/gpasswd
/usr/bin/passwd
/usr/bin/sg
/usr/bin/fusermount
/usr/bin/cdda2wav
/usr/bin/cdrecord
/usr/bin/readcd

Last Logins

last -n 10
Output
evanusm* pts/4        tmux(4588).%81   Mon Feb  9 22:46 - 22:46  (00:00)
evanusm* pts/27       tmux(4588).%80   Mon Feb  9 22:35 - 22:42  (00:07)
evanusm* pts/27       tmux(4588).%79   Mon Feb  9 21:28 - 21:30  (00:02)
evanusm* pts/4        tmux(4588).%78   Mon Feb  9 21:21 - 22:43  (01:21)

wtmp begins Thu Dec 25 00:23:43 2025

Recent File Modifications

find ~ -type f -mmin -60 -not -path "*/.cache/*" 2>/dev/null | head -10
Output
/home/evanusmodestus/.local/state/nvim/shada/main.shada
/home/evanusmodestus/.local/share/nvim/undodir/...
/home/evanusmodestus/.local/share/gopass/stores/v2/.git/refs/heads/master

World-Writable Files

find /tmp /var/tmp -type f -perm -002 2>/dev/null
Output
/tmp/uv-8c121104be632557.lock
/tmp/uv-f02d7322dfe4b4fd.lock

Top Memory Processes

ps aux --sort=-%mem | head -10
Output
USER       PID %CPU %MEM    VSZ   RSS COMMAND
evanusm+ 218312  0.9  2.0 4020624 1304272 /usr/lib/firefox/firefox -contentproc...
evanusm+  48189  1.3  1.9 4555328 1253608 /usr/lib/firefox/firefox
evanusm+  13538  1.9  1.2 27555008 834504 claude
evanusm+ 1355021  1.9  1.1 27498992 774148 claude

Open Network Files (lsof)

lsof -i -n -P | grep ESTABLISHED | head -10
Output
firefox   48189 evanusmodestus  66u  IPv4 4078081  TCP 10.50.10.103:36506->10.50.1.21:443 (ESTABLISHED)
firefox   48189 evanusmodestus  97u  IPv4 4219204  TCP 10.50.10.103:35930->140.82.112.26:443 (ESTABLISHED)
firefox   48189 evanusmodestus 194u  IPv4 3843094  TCP 10.50.10.103:54892->192.168.1.201:9090 (ESTABLISHED)

SSH Daemon Logs

journalctl -u sshd --no-pager -n 5
Output
Feb 08 23:14:53 modestus-razer systemd[1]: Starting OpenSSH Daemon...
Feb 08 23:14:53 modestus-razer sshd[3577]: Server listening on 0.0.0.0 port 22.
Feb 08 23:14:53 modestus-razer sshd[3577]: Server listening on :: port 22.
Feb 08 23:14:53 modestus-razer systemd[1]: Started OpenSSH Daemon.

System Info

uname -a && cat /etc/os-release | head -5
Output
Linux modestus-razer 6.18.8-arch2-1 #1 SMP PREEMPT_DYNAMIC Fri, 06 Feb 2026 06:47:20 +0000 x86_64 GNU/Linux
NAME="Arch Linux"
PRETTY_NAME="Arch Linux"
ID=arch
BUILD_ID=rolling
ANSI_COLOR="38;2;23;147;209"

Docker

Running Containers

docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
Output
NAMES                STATUS                  PORTS
principia-postgres   Up 24 hours (healthy)   0.0.0.0:5433->5432/tcp

Tools Verification

perl-rename Dry Run

echo "test_file.TXT" | perl-rename -n 's/\.TXT$/.txt/'
Output
test_file.TXT -> test_file.txt

ripgrep Version and Test

rg --version
echo "test pattern" | rg -o 'pattern'
Output
ripgrep 15.1.0
features:+pcre2
simd(runtime):+SSE2,+SSSE3,+AVX2
PCRE2 10.45 is available (JIT is available)
---
pattern

fd Version

fd --version
Output
fd 10.3.0

fzf Version

fzf --version
Output
0.67.0 (2ab923f3)

Infrastructure Summary

Networks Discovered

Network Purpose Hosts Found

10.50.10.0/24

WiFi (Domus-Secure-802.1X)

5 hosts: .1 (gw), .103 (this), .114, .122, .138

10.50.1.0/24

Server segment

DC at .50

192.168.1.0/24

Lab network

4 hosts: .184, .185, .201 (KVM), .254

192.168.122.0/24

libvirt bridge

VMs

172.17-21.0.0/16

Docker bridges

Containers

Hosts Discovered

IP Hostname Services

10.50.1.50

home-dc01.inside.domusdigitalis.dev

DNS:53, Kerberos:88, LDAP:389/636, SMB:445, WinRM:5985, SSH:22022, ADWS:9389

192.168.1.201

KVM host

SSH:22, Cockpit:9090

10.50.10.1

Gateway

DNS:53

10.50.10.103

modestus-razer (this host)

SSH:22, Postgres:5433

Domain Information

Domain:     INSIDE.DOMUSDIGITALIS.DEV
DC:         HOME-DC01
Computers:  HOME-DC01, ISE-02
Users:      Administrator, Guest, krbtgt, evanusmodestus (Evan Rosado)
Shares:     ADMIN$, C$, IPC$, NETLOGON, SYSVOL
Kerberos:   Active ticket for evanusmodestus@INSIDE.DOMUSDIGITALIS.DEV

See Also