My Toolbox.
How-to for everyone.
The tools I actually use β from AI to remote access to DevOps to cloud. No fluff. Copy-paste and go.
What it is
Claude is Anthropic's AI. I use it to write and debug code, draft documents, run entire projects, and build tools. Claude Code (the CLI) reads your files, edits code, and runs commands β like a developer that never sleeps.
Quick start
npm install -g @anthropic-ai/claude-code claude # launch in your project folder
claude "explain this codebase" claude "fix the bug in server.js" claude "write a bash script that backs up /var/www daily" claude "what does this error mean: ..."
What it is
git tracks every change to your files so you can go back in time, collaborate with others, and ship code confidently. It's the backbone of all software development. GitHub, GitLab, and Bitbucket are websites built around git.
The daily commands
git config --global user.name "Your Name" git config --global user.email "you@email.com" git config --global init.defaultBranch main
git init # start a new repo git clone https://github.com/u/r # copy a repo down git status # what changed? git add . # stage everything git commit -m "what I did" # save a snapshot git push # send to GitHub git pull # get latest from remote git log --oneline --graph # visual history git diff # what exactly changed git stash # save work-in-progress git stash pop # bring it back git checkout -b feature # new branch git merge feature # merge branch into current git reset --hard HEAD~1 # undo last commit (careful)
git commit --amend -m "better message"What it is
curl sends HTTP requests from the terminal. Indispensable for testing APIs, downloading files, checking headers, and debugging web servers without opening a browser.
Most-used one-liners
curl https://api.example.com/data # basic GET curl -I https://example.com # headers only curl -L https://example.com # follow redirects curl -o file.zip https://example.com/f.zip # save to file curl -s https://ipinfo.io/ip # your public IP
curl -X POST -H "Content-Type: application/json" \ -d '{"key":"value"}' https://api.example.com curl -X POST -H "Authorization: Bearer TOKEN" \ https://api.example.com/endpoint curl -u user:pass https://api.example.com # basic auth
-v verbose β see full request/response -k ignore SSL cert errors -w "%{http_code}" print HTTP status code --max-time 5 timeout after 5 seconds
What it is
btop is a resource monitor β more beautiful than top, more powerful than htop. Slick color graphs for everything. Great in a tmux pane on any server you SSH into.
sudo apt install btop # Ubuntu/Debian brew install btop # Mac sudo dnf install btop # Fedora
? help q quit m memory mode p sort by CPU e expand process k kill process f filter
What it is
Renders the green falling character rain from The Matrix in your terminal. Does nothing useful. Looks amazing on a second monitor or as a screensaver. Also great for impressing people at coffee shops.
sudo apt install cmatrix # Ubuntu/Debian brew install cmatrix # Mac cmatrix # run (Ctrl+C to exit) cmatrix -b # bold β brighter cmatrix -C red # change color cmatrix -s # screensaver mode
What it is
Vim is on every server you'll ever SSH into. Neovim is the modern fork β Lua config, rich plugin ecosystem, built-in LSP. The modal approach feels foreign for 20 minutes. After that, everything else feels slow.
The daily commands
i insert mode ESC back to normal :w save :q quit :wq save & quit :q! force quit dd delete line yy copy line p paste u undo /word search n next match :s/a/b replace gg top of file
sudo apt install neovim # Ubuntu/Debian brew install neovim # Mac nvim # launch
What it is
tmux splits a terminal into panes and keeps sessions alive after you disconnect. Start a long job, SSH out, come back β it's still running. Stack btop in one pane and logs in another.
The daily commands
tmux # new session tmux new -s myapp # named session tmux attach -t myapp # reattach tmux ls # list sessions tmux kill-session -t myapp # end session
prefix % split vertical prefix " split horizontal prefix d detach prefix x kill pane prefix c new window prefix , rename window prefix ? list all shortcuts
sudo apt install tmux # Ubuntu/Debian brew install tmux # Mac
What it is
jq is a command-line JSON processor. Pipe any JSON into it and extract exactly what you need β deeply nested API responses, config files, log output. Lives in every DevOps pipeline.
The daily commands
curl api.example.com | jq '.' # pretty print jq '.name' data.json # get field jq '.users[0].email' data.json # nested jq '.users[] | .name' data.json # iterate array jq -r '.token' res.json # raw output (no quotes) jq 'select(.active == true)' # conditional filter jq '{name:.name,id:.id}' # reshape output
sudo apt install jq # Ubuntu/Debian brew install jq # Mac
What it is
fzf is an interactive fuzzy-finder. After setup, Ctrl+R becomes a searchable history list, Ctrl+T fuzzy-finds files, Alt+C fuzzy-changes directory. Pipe anything into it for instant interactive filtering.
The daily commands
Ctrl+R fuzzy search shell history Ctrl+T fuzzy find file β paste path Alt+C fuzzy cd into any directory
ls | fzf # pick a file ps aux | fzf # pick a process git branch | fzf # pick a branch
sudo apt install fzf # Ubuntu/Debian brew install fzf # Mac $(brew --prefix)/opt/fzf/install # enable shell keys
What it is
VS Code is the dominant code editor. Massive extension ecosystem, built-in Git, integrated terminal. The code CLI makes it terminal-native β open any file or folder from anywhere, diff files inline.
The daily commands
code . # open current folder code server.js # open a file code -r . # reuse existing window code --diff file1 file2 # diff two files code --install-extension ms-python.python
What it is
A Go-powered rewrite of the Matrix digital rain. Smoother rendering than cmatrix, supports custom colors, ships as a single static binary. Leave it running on a second monitor and feel like a main character.
go install github.com/GeertJohan/gomatrix@latest gomatrix # run (Ctrl+C to exit)
What it is
Bash (Bourne Again Shell) is the default shell on most Linux servers. Every server script, cron job, and deploy pipeline is probably Bash. Learning it means you can automate anything with just a text file.
The daily commands
#!/bin/bash # shebang β always first line NAME="world" # no spaces around = echo "Hello, $NAME" if [ -f /etc/hosts ]; then echo "file exists" fi for i in 1 2 3; do echo "item $i" done
$? exit code (0 = success) $@ all args $# arg count $0 script name set -euo pipefail # strict mode β use this chmod +x script.sh && ./script.sh
What it is
Zsh is the default shell on macOS since Catalina (2019). Bash-compatible with better tab completion, inline corrections, and the Oh My Zsh framework that makes it both beautiful and brutally practical. Your ~/.zshrc is your power file.
The daily commands
echo $SHELL # confirm you're on zsh sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" # ^ installs Oh My Zsh
source ~/.zshrc # reload (or: exec zsh) alias ll="ls -la" export PATH="$HOME/bin:$PATH" ZSH_THEME="agnoster" # set theme
What it is
Homebrew is the standard package manager for macOS (and Linux). Every dev tool, CLI utility, and language runtime installs through it. If you're on Mac and don't have brew, you're doing it wrong.
The daily commands
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
brew install neovim # install a formula brew install --cask iterm2 # install a GUI app brew upgrade # upgrade everything brew search postgres # find a package brew list # installed packages brew doctor # diagnose issues brew uninstall neovim
What it is
macOS runs on a BSD Unix foundation. These commands ship with every Mac and do things no Linux equivalent can β clipboard integration, Finder control, text-to-speech, display sleep management. Know them.
The daily commands
pbcopy < file.txt # copy file contents to clipboard echo "text" | pbcopy # copy text to clipboard pbpaste # stdout from clipboard pbpaste > file.txt # clipboard to file
open . # open Finder here open https://example.com # open URL in default browser open -a "TextEdit" file.txt # open with specific app say "deploy complete" # text to speech caffeinate -t 3600 # prevent sleep for 1 hour screencapture -x shot.png # screenshot to file
What it is
Tailscale builds a WireGuard mesh VPN across all your devices β Mac, Windows, Linux, iPhone, servers. Every node gets a private 100.x.x.x IP that can reach every other node from anywhere on the internet. No open ports, no router config.
One-liners
curl -fsSL https://tailscale.com/install.sh | sh sudo tailscale up # opens login link tailscale status # see all your nodes tailscale ip -4 # your IP on this machine tailscale ping hostname # test a node tailscale ssh user@hostname # SSH via Tailscale
scp file.db user@100.x.x.x:/home/user/ # send a file
What it is
SSH opens an encrypted terminal on any remote machine. Already installed on Mac, Linux, and modern Windows. Everything else builds on top of it: SCP, rsync, git, tunnels, port forwarding.
ssh user@host # connect ssh -p 2222 user@host # custom port ssh -i ~/.ssh/id_ed25519 user@host # specific key ssh-keygen -t ed25519 -C "mykey" # generate keypair ssh-copy-id user@host # install pub key scp file.txt user@host:/path/ # copy file scp -r folder/ user@host:/path/ # copy folder rsync -avz src/ user@host:/dest/ # sync (faster) ssh -L 8080:localhost:80 user@host # local tunnel ssh -N -f user@host -L 5432:db:5432 # background tunnel
Host myserver HostName 100.79.1.1 User lovesmiles IdentityFile ~/.ssh/id_ed25519 ssh myserver # now this is all you need
What it is
Free, open-source TeamViewer/AnyDesk replacement. Self-host your own relay so traffic never leaves your infrastructure. Works through NAT with no port forwarding.
docker run -d --name hbbs -p 21115-21116:21115-21116 \ rustdesk/rustdesk-server hbbs -r YOUR.SERVER.IP docker run -d --name hbbr -p 21117:21117 \ rustdesk/rustdesk-server hbbr
Then in the client: Settings β Network β ID Server β enter your server IP.
What it is
nmap ("Network Mapper") discovers hosts and services on a network. Essential for understanding what's running on your own servers, auditing your network, and basic security reconnaissance.
sudo apt install nmap # Ubuntu/Debian brew install nmap # Mac
nmap 192.168.1.1 # basic scan β open ports nmap -sV host # detect service versions nmap -sC -sV host # scripts + versions nmap -p- host # scan ALL 65535 ports nmap -sP 192.168.1.0/24 # ping scan β who's alive nmap -O host # OS detection nmap -sV -oN output.txt host # save results to file nmap -A host # aggressive β all of the above
β οΈ Only scan networks and hosts you own or have permission to test.
What it is
WireGuard is a lean, auditable VPN protocol built into the Linux kernel. Connects in milliseconds, uses modern cryptography, and is far simpler to configure than OpenVPN or IPSec. Tailscale runs on WireGuard under the hood.
The daily commands
sudo apt install wireguard # Ubuntu/Debian brew install wireguard-tools # Mac
wg genkey | tee private.key | wg pubkey > public.key sudo wg-quick up wg0 # bring up interface sudo wg-quick down wg0 # bring down sudo wg show # status and peers
What it is
Kali Linux is built for penetration testing and security research. Pre-loaded with nmap, Metasploit, Burp Suite, Wireshark, Aircrack-ng, and hundreds more. You don't have to make it your daily driver β run it in WSL or a VM.
# PowerShell as Admin: wsl --install -d kali-linux wsl -d kali-linux
sudo apt update && sudo apt upgrade sudo apt install nmap wireshark metasploit-framework sudo apt install burpsuite hydra sqlmap john
nmap -sC -sV target # service scan nikto -h http://target # web vuln scan sqlmap -u "http://target/?id=1" --dbs # SQL injection test hydra -l admin -P wordlist.txt target ssh # brute force SSH
β οΈ Only use these tools on systems you own or have written authorization to test. Unauthorized access is a crime.
What it is
fail2ban monitors log files for repeated failed login attempts and bans offending IPs via iptables/UFW. Every public-facing Linux server should have it running on SSH and anything else that faces the internet.
The daily commands
sudo apt install fail2ban sudo systemctl enable --now fail2ban sudo fail2ban-client status # all active jails sudo fail2ban-client status sshd # SSH jail detail
sudo fail2ban-client set sshd unbanip 1.2.3.4 sudo fail2ban-client set sshd banip 1.2.3.4 sudo tail -f /var/log/fail2ban.log # live ban stream
What it is
UFW (Uncomplicated Firewall) is a front-end for iptables. Default-deny approach: block everything, allow only what you need. Every Ubuntu server should have this enabled on day one.
The daily commands
sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow ssh sudo ufw allow 80,443/tcp sudo ufw enable sudo ufw status verbose
sudo ufw status numbered # see rule numbers sudo ufw delete 3 # delete rule #3 sudo ufw deny from 1.2.3.0/24 # block a subnet
What it is
Wireshark is the gold standard for network packet capture. tshark is the CLI version β useful on headless servers. Captures every packet on a network interface and lets you filter, decode, and follow TCP streams.
The daily commands
tshark -i eth0 # capture on interface tshark -i eth0 -Y "http" # filter HTTP only tshark -i eth0 -w out.pcap # write to file tshark -r out.pcap # read saved capture
sudo apt install wireshark tshark brew install --cask wireshark # GUI on Mac
What it is
Metasploit is the most widely used pen testing framework. Massive library of exploits, payloads, and post-exploitation modules. Included in Kali Linux. Use only on systems you own or have written authorization to test.
The daily commands
msfconsole # launch interactive console search eternalblue # find an exploit use exploit/windows/smb/ms17_010_eternalblue show options # required params set RHOSTS 192.168.1.50 run sessions -l # active sessions sessions -i 1 # interact with session
What it is
Docker runs apps in isolated containers β no "works on my machine" problems. Install Docker once, then run any service (databases, web servers, apps) without touching your host OS.
curl -fsSL https://get.docker.com | sh sudo usermod -aG docker $USER # run without sudo
docker ps # running containers docker ps -a # all (including stopped) docker images # local images docker run -d -p 8080:80 nginx # run nginx in background docker logs -f container_name # live logs docker exec -it container bash # shell inside container docker stop container # stop docker rm container # remove container docker rmi image_name # remove image docker system prune # clean up everything unused
docker compose up -d # start all services docker compose down # stop all docker compose logs -f # live logs all services docker compose pull # update images
What it is
Kubernetes runs and manages containers across multiple servers. When you need more than one machine, automatic scaling, self-healing restarts, and zero-downtime deploys β this is the tool.
kubectl get pods # list pods kubectl get pods -A # all namespaces kubectl get nodes # cluster nodes kubectl get services # list services kubectl apply -f deployment.yaml # deploy kubectl logs -f pod-name # live logs kubectl exec -it pod-name -- bash # shell in pod kubectl describe pod pod-name # debug kubectl rollout restart deploy/name # restart kubectl scale deploy/name --replicas=3 # scale up kubectl delete pod pod-name # delete (auto-restarts)
curl -Lo minikube https://storage.googleapis.com/.../minikube-linux-amd64 minikube start # spin up local cluster minikube dashboard # web UI
What it is
Ansible lets you describe server configuration as YAML playbooks, then apply those configs to any number of servers over SSH. No agent to install on targets β just SSH access.
pip install ansible # or: sudo apt install ansible
ansible all -i hosts.ini -m ping # test connections ansible all -i hosts.ini -m shell \ -a "df -h" # run command on all ansible-playbook -i hosts.ini site.yml # run a playbook ansible-playbook --check site.yml # dry run ansible-vault encrypt secrets.yml # encrypt secrets
What it is
Terraform lets you write your entire cloud infrastructure in code (HCL files) and version-control it. Works with AWS, Azure, GCP, DigitalOcean, and 1000+ providers. Run terraform apply and your servers exist. Run terraform destroy and they're gone.
terraform init # download providers terraform plan # preview what will change terraform apply # make it happen terraform destroy # tear it all down terraform output # show outputs (IPs, etc.) terraform state list # what's managed
What it is
GitHub Actions runs automated workflows when you push code. Typical uses: run tests, build Docker images, deploy to a server, send a Slack notification. Define it in YAML, check it in, it runs.
on: push: branches: [main] jobs: deploy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Deploy via SSH run: | ssh -o StrictHostKeyChecking=no \ user@server "cd /app && git pull && pm2 restart app"
What it is
nginx (engine-x) is a high-performance web server and reverse proxy. The standard for serving static files, proxying to Node/Python/PHP backends, and SSL termination. Apache used to run everything. nginx replaced it.
The daily commands
sudo systemctl start nginx sudo systemctl reload nginx # reload config (no downtime) sudo nginx -t # test config syntax sudo tail -f /var/log/nginx/error.log
server { listen 80; server_name example.com; location / { proxy_pass http://localhost:3000; proxy_set_header Host $host; } }
What it is
Certbot is the official Let's Encrypt client. It provisions free SSL certificates, configures nginx/Apache automatically, and sets up auto-renewal. Your site should be HTTPS. This is how you do it.
The daily commands
sudo apt install certbot python3-certbot-nginx sudo certbot --nginx -d example.com -d www.example.com sudo certbot renew --dry-run # test renewal sudo certbot certificates # list all certs
sudo certbot certonly --manual --preferred-challenges dns -d "*.example.com"
What it is
PM2 is the de-facto process manager for Node.js in production. Keeps your app running when it crashes, restarts it on server reboot, streams logs, and shows memory/CPU at a glance.
The daily commands
pm2 start app.js --name myapp # start app pm2 start app.js --watch # auto-restart on file change pm2 list # all processes pm2 logs myapp # stream logs pm2 restart myapp pm2 stop myapp pm2 save # save process list pm2 startup # generate autostart command
What it is
PostgreSQL is the most advanced open-source relational database. JSON support, full-text search, geospatial extensions, window functions β it does what enterprise databases do, for free. The right choice for new projects.
The daily commands
sudo -u postgres psql # connect as postgres user \l list databases \c mydb connect to db \dt list tables \q quit \d users describe table
createdb mydb pg_dump mydb > backup.sql # backup psql mydb < backup.sql # restore
What it is
Redis is an in-memory data structure store used for caching, session management, rate limiting, pub/sub, and job queues β all at microsecond speed. Add it between your app and database when things get slow.
The daily commands
redis-cli # connect to local Redis SET key "value" GET key DEL key EXPIRE key 300 # expire in 5 minutes KEYS "*" # list all (dev only) FLUSHDB # clear current db MONITOR # stream all commands live
sudo apt install redis-server brew install redis # Mac
Key services
- EC2 β virtual machines (like any VPS)
- S3 β object storage; store any file, serve it globally
- RDS β managed databases (Postgres, MySQL, etc.)
- Lambda β serverless functions, pay per invocation
- EKS β managed Kubernetes
- CloudFront β CDN, put your site on edge servers worldwide
- Route 53 β DNS management
aws configure # set up credentials aws s3 ls # list buckets aws s3 cp file.txt s3://mybucket/ # upload file aws s3 sync ./dist s3://mybucket/ # sync folder aws ec2 describe-instances # list EC2s aws ec2 start-instances --instance-ids i-xxx
Key services
- Virtual Machines β Windows and Linux VMs
- Azure Blob Storage β object storage like S3
- Azure SQL / Cosmos DB β managed databases
- AKS β managed Kubernetes
- Azure Functions β serverless
- Entra ID (AAD) β identity and SSO
- Azure DevOps β pipelines, repos, boards
az login # authenticate az account list --output table # list subscriptions az vm list --output table # list VMs az vm start --name myVM --resource-group myRG az storage blob upload --file f.txt \ --container-name mycontainer
Key services
- Compute Engine β VMs
- Cloud Storage β object storage
- BigQuery β serverless data warehouse; query terabytes in seconds
- GKE β managed Kubernetes (the best managed K8s)
- Cloud Run β serverless containers
- Vertex AI β ML/AI platform
- Cloud SQL β managed Postgres/MySQL
gcloud auth login gcloud config set project my-project gcloud compute instances list gcloud storage cp file.txt gs://mybucket/ gcloud run deploy myapp --image gcr.io/proj/img
What I use it for
My go-to for personal and small-project servers. Droplets (VPS) start at $6/month. Dead simple to spin up, great docs, and no surprise bills. je9.us runs on a DigitalOcean Droplet.
- Droplets β Linux VPS, pay by the hour
- Spaces β S3-compatible object storage with CDN
- Managed Databases β Postgres, MySQL, Redis
- App Platform β deploy from GitHub automatically
- Kubernetes β managed DOKS cluster
brew install doctl doctl auth init doctl compute droplet list doctl compute droplet create myserver \ --size s-1vcpu-1gb --image ubuntu-22-04-x64 \ --region nyc3
What it is
Cloudflare sits in front of your site and handles DNS, caches content at 300+ edge locations worldwide, absorbs DDoS attacks, and can run serverless code at the edge. The free tier is genuinely excellent.
- DNS β fastest DNS in the world, free
- CDN β cache and serve your site from the edge
- Tunnels β expose a local server to the internet without opening ports
- Workers β serverless JS/WASM at the edge, 100k requests/day free
- Pages β deploy static sites from GitHub for free
- R2 β S3-compatible storage with zero egress fees
brew install cloudflared # or apt install cloudflared cloudflared tunnel login cloudflared tunnel create mytunnel cloudflared tunnel run --url http://localhost:3000 mytunnel
When to use them
- Hetzner β cheapest powerful servers on the market. A 4-core 8GB server is β¬5/mo. Europe-based, great for EU projects. No free tier but absurdly cheap.
- Vultr β similar to DigitalOcean, slightly cheaper, 32 global regions. Good $200 free credit offer for new accounts.
- Linode / Akamai β Linode was acquired by Akamai. Solid, long-running VPS provider with good pricing and a generous free tier.
For most personal/hobby projects: Hetzner if you want cheap raw power, DigitalOcean if you want the best developer experience.
π¬ Get notified when new guides drop
Register and we'll email you when a new tool or how-to goes up. No spam β one email per guide.