WSL for non-programming security analysts

3 minute read

I have a friend who isn’t a developer and believes that coding is beyond their grasp. They work as a security analyst and prefer using Windows as their operating system. I discovered that introducing them to the Windows Subsystem for Linux significantly enhanced their daily tasks. It allowed them to replace inefficient online tools or labor-intensive manual processes with simple command-line solutions.
I’d like to share these tricks with a wider audience.

What you’ll need

  1. Install WSL
  2. WSL introduction, especially “Run basic WSL commands”
  3. Accessing Windows files on WSL, and vice versa

How this works

Each use case serves as a demonstration of a specific tool. Given the ubiquity of these tools, you can easily find online resources to further maximize their utility.
Lines initiated with $ denote user input, while lines without it represent the computer’s responses.

Furthermore, these tools can be combined to perform more intricate tasks. For instance, you can use them to filter a list of domains and only display those registered by BestCompany. If you’re interested in learning how to harness these capabilities, you can explore bash tutorials like this one, among many others.

Who owns this domain (whois)

Instead of using random sites, get the data yourself firsthand

$ whois
   Domain Name: GOOGLE.COM
   Registry Domain ID: 2138514_DOMAIN_COM-VRSN
   Registrar WHOIS Server:
   Registrar URL:
   Updated Date: 2019-09-09T15:39:04Z
   Creation Date: 1997-09-15T04:00:00Z
   Registry Expiry Date: 2028-09-14T04:00:00Z
   Registrar: MarkMonitor Inc.
   Registrar IANA ID: 292
   Registrar Abuse Contact Email:
   Registrar Abuse Contact Phone: +1.2086851750
   Domain Status: clientDeleteProhibited
   Domain Status: clientTransferProhibited
   Domain Status: clientUpdateProhibited
   Domain Status: serverDeleteProhibited
   Domain Status: serverTransferProhibited
   Domain Status: serverUpdateProhibited
   Name Server: NS1.GOOGLE.COM
   Name Server: NS2.GOOGLE.COM
   Name Server: NS3.GOOGLE.COM
   Name Server: NS4.GOOGLE.COM
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form:
>>> Last update of whois database: 2023-09-08T15:27:09Z <<<

Search a directory for specific text (grep)

Need to search for the word “password” in a directory containing a trillion files?

$ grep -r password
page1.txt:This is my password: 1232

Just looking to list the files containing the word “password”?

$ grep -r -l password

Case insensitive match (“Password” or “pAssWoRd”)?

$ grep -r -i password
page3.txt:the SeCreT PassWord is potato
page1.txt:This is my password: 1232

What kind of file is this (file)

Looking to determine the file type of a file that lacks an extension?

$ file riddle 
riddle: Zip archive data, at least v1.0 to extract, compression method=store

Interested in determining the file types for all files in your directory, even those without extensions?

$ file *
dunno:    SQLite 3.x database, last written using SQLite version 3041002, file counter 973, database pages 2280, 1st free page 744, free pages 638, cookie 0x272, schema 4, UTF-8, version-valid-for 973
enigma:   SVG Scalable Vector Graphics image
mystery:  JSON text data
riddle:   Zip archive data, at least v1.0 to extract, compression method=store
unclear:  OpenDocument Spreadsheet
unknown:  Microsoft Word 2007+
whoknows: Composite Document File V2 Document, Little Endian, Os: Windows, Version 1.0, Code page: -535, Revision Number: 1, Total Editing Time: 00:13, Create Time/Date: Fri Sep  8 16:32:55 2023, Last Saved Time/Date: Fri Sep  8 16:33:08 2023

DNS information (host, dig)

Need a brief summary of where a specific domain is currently pointing?

$ host has address has IPv6 address 2a00:1450:4001:812::2005 mail is handled by 30 mail is handled by 10 mail is handled by 5 mail is handled by 40 mail is handled by 20

And translate an IP to a name, if available

$ host domain name pointer domain name pointer domain name pointer

For detailed answers to specific questions, you can utilize the dig command.

$ dig

; <<>> DiG 9.18.18 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17879
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 65494
;			IN	A


;; Query time: 3 msec
;; WHEN: Fri Sep 08 18:40:44 IDT 2023
;; MSG SIZE  rcvd: 54

There is more

This list is not exhaustive. Linux, which relies heavily on command-line interfaces, offers a multitude of powerful tools that are readily installable with ample documentation available. You can tap into the knowledge of Linux-savvy friends or conduct online searches to discover numerous options that can significantly simplify your life.