Welcome back to the Linux Basics For Hackers series. If you’ve been following along (and I really hope you have), then you’ve already dipped your toes into the shell with grep, pipes (|), and a bit of scripting magic. That last article was a riot, wasn’t it? All that talk about grep -i, > for redirection, and even doing some clever stuff with nano -. Proper fun.
But today, we’re going on a bit of a treasure hunt.
No, not for coffee beans (though I’d never say no to those), but for files. Because let’s face it, Linux may be powerful, but it’s easy to lose track of where stuff is. Especially when you’ve got hundreds of files and directories nested like Russian dolls.
So this article is about Finding Files, where we’ll explore two commands that every hacker must know: which and locate.
Jab File Kho Jaye — Finding Files in Linux
Have you ever installed a tool and then forgot where it went? Or maybe you’re writing a script and you’re like, “Wait… is nmap even installed?” 😵
That’s where these file-finding tools come in clutch. And trust me, when you’re diving into bug bounty recon or exploring target systems during a pentest, knowing where a binary or config file lives is gold. Let’s break it down.
1. which Command – “Kaha hai bhai command?”
You can think of the which command as your Linux metal detector. You tell it the name of the command you’re looking for, and it tells you the path where that command is stored.
which nmap
Output:
/usr/bin/nmap
Simple, right? But don’t underestimate it. In hacking, small details matter.
So how’s it different from whereis? Good question!
whichlooks through your$PATHenvironment variablewhereisshows the binary, source, and man page (we’ll cover this later)
Let’s try some variations:
which python3
which ssh
Want to find all occurrences (not just the first one in $PATH)? Use type or command -v. See the use of these commands by yourself ☺️
command -v whoami
It’s a bit like asking, “Bro, where did you keep your screwdriver?” and your system answers, “Drawer no. 2.”
Use Case in Hacking: You’re writing a reverse shell payload and need to know if nc or bash is available.
which nc
which bash
If it returns blank, toh samajh jao — not installed!
2. locate Command – “Naam batao, jagah batayenge”
While which is great for commands in $PATH, locate is for the wider search party. It can find any file on your system — super fast.
Why? Because it uses a pre-built database (kinda like a phonebook).
locate passwd
You’ll probably see tons of results:
/etc/passwd
/usr/share/doc/passwd
/var/backups/passwd.bak
⚠️ But wait: sometimes locate doesn’t find newly created files. That’s because it relies on its database, which may be outdated.
So we use:
sudo updatedb
And then try again.
It’s like refreshing your memory — or updating your “mental map” of where you left your socks (or in this case, config files).
Want to find a specific filename?
locate -b '\passwd'
The -b flag tells locate to only match against the basename — that means just the filename, not the full path.
Looking for a .conf file?
locate .conf
Bonus: Filtering Output
locate doesn’t give us fine-grained filtering like find, but we can still combine it with grep:
locate ssh | grep etc
Pretty neat, right?
Regular Expressions – Thoda Regex Bhi Chahiye
When you’re filtering filenames, especially with grep or while scripting, regular expressions (regex) are your best friend.
Want to match all .log files?
locate .log | grep '.*\.log$'
Yup, that double backslash is necessary in some shells to escape the .
Need something with “config” in the middle?
locate config | grep '/etc/.*config.*'
Regex gets deeper, but even knowing just a bit helps immensely in fine-tuning your results. (We’ll get more into regex in later episodes.)
How This All Ties In
If the last article helped you filter your data with pipes, redirection, and grep, then this one helps you find the data in the first place. Logical na?
Think of it as:
Step 1: Use
locate/whichto get file paths → Step 2: Usegrep,cat, orlessto inspect contents → Step 3: Script it with shell tools.
And guess what’s coming next? In Part-2, we’ll dive deeper with the real deal: find command — with advanced flags like -user, -exec, and combining find with the powerful file command.
That’s where the real ninja moves start. 🥷
But for now, wrap your head around today’s tools — they’re light, fast, and indispensable.
Wrap-up: Quick Recap
- Use
whichto locate commands in your$PATH - Use
locatefor blazing-fast searches across the filesystem - Don’t forget to
updatedbregularly - Combine with
grepfor filtering - Basic regex helps improve your results
Oh, and one last thing — try creating a custom tool list script like this:
#!/bin/bash
for cmd in nmap ssh nc python3 perl ruby; do
which $cmd || echo "$cmd not found"
done
Save it, make it executable, and run. Boom! You’ve got your very own toolkit checker. Ab jaake khud dekho isse run kese kare ? Sab me nahi bataunga 😂.
Next up, we’re diving into find — the Swiss army knife of file hunting.
Until then, keep exploring, keep learning… and maybe grab a cup of coffee ☕ while you’re at it.
Cheers,
FAQs
Q: Is locate better than find?
A: locate is faster because it searches a prebuilt database. But find is more powerful and accurate in real-time searches.
Q: Why doesn’t locate find my new file?
A: Run sudo updatedb to refresh the database.
Q: How do I find only files and not directories?
A: For that, you’ll need find, which we’ll cover in the next part.
Q: Can I use regex with locate?
A: Not directly, but yes, you can pipe locate into grep with regex.
