OpenSSL

Intro

One of the most popular commands in SSL to create, convert, manage the SSL Certificates is OpenSSL. There are many cases nowadays where OpenSSL have to be used in various ways. Below are the most common commnads used for managing Certficates, ciphers, encryption, et all. OpenSSL includes tonnes of features covering a broad range of use cases, and it’s difficult to remember its syntax for all of them and quite easy to get lost. Helppages are not so helpful here, so often we just Google “openssl how to [use case here]” or look for openssl cheatsheet to recall the usage of a command and see examples.
For indept review and usercases of OpenSSL see http://fvck.in/ssl-basics/

Some of the abbreviations related to certificates.

  • SSL – Secure Socket Layer
  • CSR – Certificate Signing Request
  • TLS – Transport Layer Security
  • PEM – Privacy Enhanced Mail
  • DER – Distinguished Encoding Rules
  • SHA – Secure Hash Algorithm
  • PKCS – Public-Key Cryptography Standards

Create new Private Key and Certificate Signing Request

openssl req -out domain.csr -newkey rsa:2048 -nodes -keyout domain.key

Above command will generate CSR and 2048-bit RSA key file. If you intend to use this certificate in Apache or Nginx, then you need to send this CSR file to certificate issuer authority, and they will give you signed certificate mostly in der or pem format which you need to configure in Apache or Nginx web server.

Create a Self-Signed Certificate (default is 30 days)

openssl req -x509 -sha256 -nodes -newkey rsa:2048 -keyout domain_selfsigned.key -out domain_cert.pem

Above command will generate a self-signed certificate and key file with 2048-bit RSA. I have also included sha256 as it’s considered most secure at the moment.

Create a Self-Signed Certificate (custom, 2 years)

Tip: by default, it will generate self-signed certificate valid for only one month so you may consider defining –days parameter to extend the validity.

openssl req -x509 -sha256 -nodes -days 750 -newkey rsa:2048 -keyout  domain_selfsigned.key  -out domain_cert.pem

Verify CSR file

openssl req -noout -text -in domain.csr

Verification is essential to ensure you are sending CSR to issuer authority with required details.

Create RSA Private Key

openssl genrsa -out private.key 2048

If you just need to generate RSA private key, you can use the above command. I have included 2048 for stronger encryption.

Remove Passphrase from Key

openssl rsa -in certkey.key -out nopassphrase.key

If you are using passphrase in key file and using Apache then every time you start, you have to enter the password. If you are annoyed with entering a password, then you can use above openssl rsa -in domain.key -check to remove the passphrase key from an existing key.

Verify Private Key

openssl rsa -in certkey.key –check

If you doubt on your key file, you can use the above command to check.

Verify Certificate File

openssl x509 -in certfile.pem -text –noout

If you would like to validate certificate data like CN, OU, etc. then you can use an above command which will give you certificate details.

Verify the Certificate Signer Authority

openssl x509 -in certfile.pem -noout -issuer -issuer_hash

Certificate issuer authority signs every certificate and in case you need to check them.

Check Hash Value of A Certificate

openssl x509 -noout -hash -in domain.pem

Convert DER to PEM format

openssl x509 –inform der –in sslcert.der –out sslcert.pem

Usually, certificate authority will give you SSL cert in .der format, and if you need to use them in apache or .pem format then the above command will help you.

Convert PEM to DER format

openssl x509 –outform der –in sslcert.pem –out sslcert.der

In case you need to change .pem format to .der

Convert Certificate and Private Key to PKCS#12 format

openssl pkcs12 –export –out sslcert.pfx –inkey key.pem –in sslcert.pem

If you need to use a cert with the java application or with any other who accept only PKCS#12 format, you can use the above command, which will generate single pfx containing certificate & key file. You can also include chain certificate by passing –chain as below.

openssl pkcs12 –export –out sslcert.pfx –inkey key.pem –in sslcert.pem -chain cacert.pem

Create CSR using an existing private key

openssl req –out certificate.csr –key existing.key –new

If you don’t want to create a new private key instead using an existing one, you can go with the above command.

Check contents of PKCS12 format cert

openssl pkcs12 –info –nodes –in cert.p12

PKCS12 is binary format so you won’t be able to view the content in notepad or another editor. The above command will help you to see the contents of PKCS12 file.

Convert PKCS12 format to PEM certificate

openssl pkcs12 –in cert.p12 –out cert.pem

If you wish to use existing pkcs12 format with Apache or just in pem format, this will be useful.

Test SSL certificate of particular URL

openssl s_client -connect domain.com:443 –showcerts

I use this quite often to validate the SSL certificate of particular URL from the server. This is very handy to validate the protocol, cipher, and cert details.

Find out OpenSSL version

openssl version

If you are responsible for ensuring OpenSSL is secure then probably one of the first things you got to do is to verify the version.

18Check PEM File Certificate Expiration Date

openssl x509 -noout -in certificate.pem -dates

Useful if you are planning to put some monitoring to check the validity. It will show you date in notBefore and notAfter syntax. notAfter is one you will have to verify to confirm if a certificate is expired or still valid.

Example

[root@Chandan opt]# openssl x509 -noout -in bestflare.pem -dates
notBefore=Jul 4 14:02:45 2015 GMT
notAfter=Aug 4 09:46:42 2015 GMT

Check Certificate Expiration Date of SSL URL

openssl s_client -connect domain.com:443 2>/dev/null | openssl x509 -noout –enddate

Another useful if you are planning to monitor SSL cert expiration date remotely or particular URL.

Example:

[root@Chandan opt]# openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -enddate

notAfter=Dec 8 00:00:00 2020 GMT

Check if SSL V2 or V3 is accepted on URL

To check SSL V2

openssl s_client -connect domain.com:443 -ssl2

To Check SSL V3

openssl s_client -connect domain.com:443 –ssl3

To Check TLS 1.0

openssl s_client -connect domain.com:443 –tls1

To Check TLS 1.1

openssl s_client -connect domain.com:443 –tls1_1

To Check TLS 1.2

openssl s_client -connect domain.com:443 –tls1_2

If you are securing web server and need to validate if SSL V2/V3 is enabled or not, you can use the above command. If activated, you will get “CONNECTED” else “handshake failure.” For all risks associated with SSL vulnerabilities please visit http://fvck.in/vulerabilities/

Verify if the particular cipher is accepted on URL

openssl s_client -cipher 'ECDHE-ECDSA-AES256-SHA' -connect domiain.com:443

If you are working on security findings and pen test results show some of the weak ciphers is accepted then to validate, you can use the above command.

Of course, you will have to change the cipher and URL, which you want to test against. If the mentioned cipher is accepted, then you will get “CONNECTED” else “handshake failure.”

SPF

Myths and Legends of SPF

SPF is an abbreviation for Sender Policy Framework (SPF) for Authorizing Use of Domains in Email. Email domains use this protocol to specify which Internet hosts are authorized to use this domain in the SMTP HELO and MAIL FROM commands. You do not have to use any additional software to publish the SPF policy and therefore this procedure is extremely simple: Simply add a TXT record containing the policy to the DNS zone. An example of this type of entry is given at the end of this article. There are numerous manuals and even online constructors for working with SPF.

The first ever version of the SPF standard was approved more than 10 years ago. During this time, numerous implementations and application practices have been developed. In addition, a new version of the standard has been released. But the most surprising is that for some reason SPF, more than any other standard, has grown over 10 years with an incredible amount of myths and misconceptions that wander from article to article and with an enviable regularity pop up in discussions and answers to questions on the forums. At the same time, the protocol itself seems very simple: implementation takes only a couple minutes. Let’s try to recall and analyze the most common misconceptions.

1. Misconception: SPF will protect my domain from spoofing

Fact: SPF does not protect the sender’s address that is visible to the user.

Explanation: SPF does not work with the contents of the message that the user sees, in particular, the sender’s address. SPF authorizes and verifies addresses at the mail transport level (SMTP) between two MTAs (envelope-from, RFC5321.MailFrom aka Return-Path). These addresses are not visible to the user, and they can differ from those in the From header that the user sees (RFC5322.From). Thus, nothing prevents a message with a fake sender in the ‘From’ header from being authorized with SPF.

Use DMARC to protect visible domain name from spoofing.

2. Misconception: After implementation, SPF will improve security and combat spam

Fact: most likely, you will not see any significant changes in terms of security and spam.

Explanation: SPF is originally an altruistic protocol, so it does not provide any advantages to anyone who publishes the SPF policy. Theoretically, if you implemented SPF, this protocol could protect someone else from receiving fake emails from your domain. But in fact, even this assumption is not true, because the results of applying SPF are rarely used directly (we’ll discuss all of this later). Moreover, even if all domains published SPF, and all recipients forbade receiving messages without SPF authorization, such an approach would hardly reduce the amount of spam.

SPF does not protect against spoofing or spam directly, nevertheless, this protocol is actively and successfully used to deploy spam filtering systems, as well as to protect against counterfeit emails, since it allows you to check each message against a specific domain and its reputation.

3. Misconception: SPF negatively (positively) influences email deliverability

Fact: It all depends on the type of message, the way it is delivered and your reputation

Explanation: SPF is not meant to affect email deliverability within a standard flow, and adversely impacts the improper implementation or indirect flows of messages, when users receive such messages from a server that differs from that from which the message was sent, for example, this applies to redirected emails. But spam filtering systems and reputation-based classifiers take into account the availability of SPF and reputation of authorizing domain, and this generally gives a positive result with respect to the standard message flow. Unless, of course, you yourself are a spammer.

4. Misconception: SPF provides authorization of the email sender

Fact: SPF provides authorization of the email server that sends a message on behalf of a domain

Explanation: Firstly, SPF works only at the domain level, and not at the level of individual email addresses. Secondly, even if you are a legitimate email user of a specific domain, SPF does not allow you to send messages from anywhere that you wish. In order for your message to successfully pass SPF validation, you must send it only from an authorized server. Thirdly, if you authorized a server using SPF (for example, you could allow sending emails from your domain via any ESP or hosting provider), and this server does not impose any additional restrictions, then all users of this server are authorized to send messages on behalf of your domain. Please keep this in mind when implementing SPF and providing authentication of email messages in general.

5. Misconception: Email messages not authorized by SPF will be rejected

Fact: In general, SPF authorization or lack thereof does not have a significant impact on the delivery of email messages.

Explanation: SPF is only an authorization standard, and it explicitly indicates that actions to be applied to email messages that were not authorized are outside the scope of the standard and are governed by the recipient’s local policy. If there is a ban on receiving such messages, this leads to problems with messages going through indirect delivery routes, for example, when using redirection or mailing lists, and you should consider this fact in the local policy. In practice, it is not recommended to use a strict ban in case of an SPF authorization failure. Standard allows (but does not require) strict ban only when the domain publishes the -all (hardfail) policy in the absence of other filters. In most cases, SPF authorization is used as one of the factors in the weighted systems. At the same time, this factor will have an insignificant weight, because violation of SPF authorization is usually not a reliable indicator of spam: many spam messages successfully pass SPF authorization, and legal ones often can not do this, and it is unlikely that we will ever witness cardinal changes in this field. If we look at it this way, there is no difference between -all and ~all.

SPF authorization is not so important in terms of message delivery or spam filtering, but it allows for confirmation of the sender’s address and the relationship with the domain, as well as the use of the reputation of the domain instead of the IP reputation for this message.

DMARC policy has a much more significant influence on the decision-making on further actions in relation to handling a message that has not passed authorization. DMARC allows you to reject (or quarantine) all or part of messages that have not been authorized.

6. Misconception: SPF recommends using -all (hardfail), since it is safer than ?all or ~all

Fact: In fact, -all does not affect security in any way, but it negatively affects the delivery of messages.

Explanation: -all results in the blocking of messages that were sent through indirect routes by those few recipients who use SPF directly and block messages. At the same time, this policy will not have a significant impact on most spam and fake messages. At the moment, ~all (softfail) is considered the most appropriate policy and it is used by almost all large domains, even those that impose very strict security requirements (such as paypal.com). -all can be used for domains that are not used for sending legitimate emails. DMARC considers -, ~ and ? as equivalents.

7. Misconception: It is sufficient to configure SPF only for domains that are used to send mail

Fact: It is also necessary to configure SPF for domains that are used in HELO on mail servers. In addition, it is recommended to apply a blocking policy for MX, A records and the wildcard that are not used to send emails.

Explanation: In some cases, in particular, when delivering NDR (a non-delivery report), DSN (delivery status notification) and some auto-responses, the address of the sender in the SMTP envelope (envelope-from) will be empty. In this case, SPF checks the host name from the HELO/EHLO command. You need to check the name from this command (for example, by opening the server configuration or by sending an email to a public server and checking the headers) and enable SPF for this name.

Spammers can use not only the same domains that you use to send messages, they can send spam on behalf of any host that has an A- or MX record. Therefore, if you publish SPF from altruistic considerations, then you need to add SPF for all such records, and it is also desirable to add a wildcard (*) for nonexistent records.

8. Misconception: It’s better to add a special SPF type record to DNS (instead of TXT)

Fact: It must be a TXT record.

Explanation: According to the current version of the SPF standard (RFC 7208), SPF type DNS records are deprecated and should no longer be used.

9. Misconception: it is recommended that you include as many of the available elements in SPF as possible (a, mx, ptr, include), because this can reduce the likelihood of an error

Fact: it is necessary to minimize the SPF record and it is recommended to specify only addresses of the networks via ip4/ip6.

Explanation: There is a limit of 10 DNS queries for resolving the SPF policy. Exceeding this limit will result in a permanent policy error (permerror). Moreover, DNS is an unreliable service, so there is a probability of a failure (temperror) for each request, which increases with the number of requests. Each additional a or include record requires an additional DNS request; as for include, it is also necessary to request all elements specified in the include record. mx requires to request MX records and an additional A record request for each MX server. ptr requires an additional request, moreover, it is inherently unsafe. Only the addresses of the networks listed through ip4/ip6 do not require additional DNS requests.

10. Misconception: TTL for the SPF record should be smaller (larger)

Fact: As for most DNS records, it is better to choose TTL from the range of 1 hour to 1 day and reduce it in advance during the deployment or implementation of planned changes, or increase, when the policies are stable.

Explanation: A higher TTL reduces the likelihood of DNS errors and, as a consequence, SPF temperrors, but it increases the response time when it is necessary to make changes to the SPF record.

11. Misconception: If I don’t know which IP addresses can be used to send my messages, then it is better to publish the policy with +all

Fact: A policy with an explicit +all or an implicit rule that enables mailing on behalf of the domain name from any IP address will negatively affect the delivery of emails.

Explanation: Such a policy does not make sense, and it is often used by spammers to ensure SPF authentication of spam messages that are sent through botnets. Therefore, a domain that publishes such a policy risks being blocked.

12. Misconception: It does not make sense to use SPF

Fact: It is necessary to use SPF.

Explanation: SPF is one of the mechanisms for authorizing the sender in email and the way to identify the domain in reputation-based systems. Currently, large email service providers are gradually beginning to require the authorization of messages, and messages that do not have authorization can be subject to “penalties” in terms of delivery or display to the user. In addition, there may be no auto-responses and notifications on delivery or non-delivery for messages that have not passed SPF authorization. The reason is that such responses are usually sent exactly to the SMTP envelope address SPF authorizes and require that it is authorized. Therefore, SPF is required even if all messages are authorized by DKIM. Also, SPF is a must for IPv6 networks and cloud services: In such networks, it is almost impossible to use the reputation of IP addresses, and messages from addresses without SPF authorization will, as a rule, not be accepted. In accordance with the standard, one of the primary tasks of SPF is to use the reputation of a domain name instead of the IP reputation.

13. Misconception: SPF is self-sufficient

Fact: DKIM and DMARC are also necessary.

Explanation: DKIM is required to successfully forward email messages. DMARC is required to protect the sender’s address from spoofing. In addition, DMARC allows you to receive reports on violations of the SPF policy.

14. Misconception: Two SPF records are better than one

Fact: The record must be exactly one.

Explanation: This requirement is described in the standard. If there is more than one record, this will result in a permanent error (permerror). If it is necessary to merge several SPF records, simply publish a record with several include operators.

15. Misconception: spf1 is good, but spf2.0 is better

Fact: You should use v=spf1.

Explanation: spf2.0 does not exist. By publishing the spf2.0 record, you can expose yourself to the risk of unpredictable results. spf2.0 has never existed and it is not a standard, but it was mentioned in the experimental standard RFC 4406 (Sender ID), which was based on the assumption that such a standard would be adopted, since the corresponding discussions did take place. Sender ID, which was supposed to solve the problem of address spoofing, did not become a generally accepted standard, and you should use DMARC instead. Even if you decide to use Sender ID and publish the spf2.0 entry, it will not be a replacement for the spf1 entry.

I had almost finished writing this article, when I was suddenly intercepted by our Customer Support staff who strongly (and categorically) recommended that I recall the following nuances of SPF that they often have to deal with when solving various issues:

  1. SPF policy should end with the all or redirect directive. There should be absolutely nothing after these directives.
  2. all or redirect directives can be used in this policy exactly once, and they replace each other (that is, one policy can not include all and redirect simultaneously).
  3. The include directive does not replace all or redirect. include can be used several times, but your policy should still be terminated with the all or redirect directive. include or redirect should be used to include a valid policy terminated with all or redirect. At the same time, include does not pay attention to the rule (-all, ~all?all) that is used for all in the included policy, however, for redirect it makes a difference.
  4. include is used with colons (include:example.com), and redirect requires the sign of equality (redirect=example.com).
  5. SPF does not cover subdomains. SPF DOES NOT СOVER SUBDOMAINS . SPF. DOES. NOT. COVER. SUBDOMAINS. (And DMARC, by default, covers them). You should publish SPF for each A or MX record in DNS, if those records are used or can be used to deliver emails.

Summary

  • You should be sure that you create a policy for all MX and, preferably, all A records.
  • Add SPF policies for the names used in the HELO/EHLO of the mail server.
  • Publish the SPF policy as a TXT record with v=spf1 in DNS.
  • Try to use the addresses as ip4/ip6 networks in your policy. Specify them at the beginning of the policy to avoid unnecessary DNS requests. Minimize the use of include, try to do without a, use mx only in case of extreme and irresistible necessity, and never use ptr.
  • Specify ~all for domains that are really used to send emails, -all for unused domains and records.
  • Use small TTL during the implementation and testing period, and then increase TTL to the appropriate values. Before making any changes, reduce the TTL beforehand.
  • Be sure to validate your SPF policy, for example, here.
  • Do not limit yourself to the deployment of SPF, try to implement DKIM and always implement DMARC. DMARC protects your messages from spoofing and allows you to receive information on violations of the SPF. You will be able to detect forgery, indirect message flows and configuration errors.
  • If you read Russian (or just for fun) after implementing SPF, DKIM and/or DMARC, check them using https://postmaster.mail.ru/security/. SPF and DMARC are validated according to the current state; DKIM is checked using the statistics for the previous day only if there is correspondence with the boxes on Mail.Ru on the previous day or earlier.
  • There are good SPF BCPs from M3AAWG

Sample SPF policy: @ IN TXT “v=spf1 ip4:1.2.3.0/24 include:_spf.myesp.example.com ~all”

Create your SPF record

SPF authenticates a sender’s identity by comparing the sending mail server’s IP address to the list of authorized sending IP addresses published by the sender in the DNS record. Here’s how to create your SPF record:

  • Start with v=spf1 (version 1) tag and follow it with the IP addresses that are authorized to send mail. For example, v=spf1 ip4:1.2.3.4 ip4:2.3.4.5
  • If you use a third party to send email on behalf of the domain in question, you must add an “include” statement in your SPF record (e.g., include:thirdparty.com) to designate that third party as a legitimate sender
  • Once you have added all authorized IP addresses and include statements, end your record with an ~all or -all tag
  • An ~all tag indicates a soft SPF fail while an -all tag indicates a hard SPF fail. In the eyes of the major mailbox providers ~all and -all will both result in SPF failure. Return Path recommends an -all as it is the most secure record.
  • SPF records cannot be over 255 characters in length and cannot include more than ten include statements, also known as “lookups.” Here’s an example of what your record might look like:
  • v=spf1 ip4:1.2.3.4 ip4:2.3.4.5 include:thirdparty.com -all  
  • For your domains that do not send email, the SPF record will exclude any modifier with the exception of -all. Here’s an example record for a non-sending domain:
  • v=spf1 -all

Verify published SPF

Telnet

Intro


Telnet is a computer protocol that was built for interacting with remote computers.
The word “Telnet” also refers to the command-line utility “telnet”, available under Windows OS and Unix-like systems, including Mac, Linux, and others. We will use the term “Telnet” mostly in the context of the telnet client software.
Telnet utility allows users to test connectivity to remote machines and issue commands through the use of a keyboard. Though most users opt to work with graphical interfaces, Telnet is one of the simplest ways to check connectivity on certain ports.

Enable telnet client in Windows

Telnet is disabled by default in Window’s settings, so you need to turn it on before you can do anything. Turning it on will help you to run the required diagnostics and check if a port is open. If you try to use telnet without turning it on first, you’ll receive a message like: 

 ‘telnet’ is not recognized as an internal or external command, operable program or C:\>

Enabling telnet client through Command Prompt:
Install-WindowsFeature -name Telnet-Client

Enabling telnet client via GUI Win10:
Open Windows Start menu > Type “Control Panel” > Press Enter > “Programs” > “Programs and Features” > Turn Windows features on or off > Select “Telnet Client” > Press “OK”

Enabling telnet client via GUI WS2012+:
Open “Server Manager” > “Add roles and features” > click “Next” until reaching the “Features” step > tick “Telnet Client” > click “Install” > when the feature installation finishes, click “Close”.

Telnet Commands List

Type thisTo do this
open or oEstablish a Telnet connection with a host computer or remote server. You can use the full command, open, or abbreviate it to just o. For example,  o domain.com 25 will connect your computer to a computer named  domain.com port 25.
displayView the current settings for Telnet Client.
Type display for a list of the current operating parameters. If you are in a Telnet session (connected to a Telnet server), to modify the parameters, press Ctrl+] to leave the Telnet session. To return to the Telnet session, press Enter. The following operating parameters are available:
WILL AUTH (NTLM Authentication)
WONT AUTH
WILL TERM TYPE
WONT TERM TYPE
LOCALECHO off
LOCALECHO on
quit or qExit from Telnet.
set Set the terminal type for the connection, turn on local echo, set authentication to NTLM, set the escape character, and set up logging.
>SET NTLM turns on NTLM. While you are using NTLM authentication, if you’re connecting from a remote computer, you will not be prompted to type a logon name and password.
> SET LOCALECHO turns on local echoing.
> SET TERM {ANSI|VT100|VT52|VTNT} sets the terminal type to the appropriate terminal type.
You should use the VT100 terminal type if you are running normal command-line applications. Use the VTNT terminal type if you are running advanced command-line applications, such as .
> ESCAPE + Character sets the key sequence to use for switching from session to command mode. For example, to set Ctrl+P as your escape character, typeset escape, press Ctrl+P, and then press Enter.
> LOGFILE FileName sets the file to be used for logging Telnet activity. The log file must be on your local computer. Logging begins automatically when you set this option.
> LOGGING turns on logging. If no log file is set, an error message is displayed.
unsetTurn off local echo or set authentication for the logon or password prompt.

UNSET NLM turns off NLM.
UNSET LOCALECHO turns off local echoing.
statusMove to the Telnet command prompt from a connected session
enterGo to the connected session (if it exists)
?/helpView Help information

Parameter List

ParameterDescription
/aattempt automatic logon. Same as /l option except uses the currently logged on user s name.
/e <EscapeChar>Escape character used to enter the telnet client prompt.
/f <FileName>File name used for client side logging.
/l <UserName>Specifies the user name to log on with on the remote computer.
/t {vt100 | vt52 | ansi | vtnt}Specifies the terminal type. Supported terminal types are vt100, vt52, ansi, and vtnt.
<Host> [<Port>]Specifies the hostname or IP address of the remote computer to connect to, and optionally the TCP port to use (default is TCP port 23).
/?Displays help at the command prompt. Alternatively, you can type /h.

Check the listen port

You can use this command for check the connection of a application.

telnet IPADDRESS PORT

telnet 192.168.0.10 80       <- http
telnet 192.168.0.10 25       <- smtp
telnet 192.168.0.10 25 

Check Connection and Close Connection

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 office-serv ESMTP Sendmail 8.13 ; Mon, 28 Mar 2019 08:00:00 +0900
^]                                 <- Ctrl ]
telnet> quit
Connection closed.

Telnet to Web Server (port 8o or 443

# telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.domain.com (127.0.0.1).
Escape character is '^]'.
GET / HTTP/1.0                       <-  Enter 2 times (http://localhost/index.html)

HTTP/1.1 200 OK
Date: Wed, 29 Jul 2009 15:16:50 GMT
Server: Apache/1.3.37 (Unix) mod_fastcgi/2.4.6 mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.4.7 abbr.
Last-Modified: Mon, 05 Feb 2007 11:04:57 GMT
ETag: "1b200-b2c-45c70f59"
Accept-Ranges: bytes
Content-Length: 2860
Connection: close
Content-Type: text/html

<html>
<html>
<title>TEST</title>

abbr.

</body>
</html>
Connection closed by foreign host.
#

Telnet to Mail Server

# telnet localhost 25
Trying 127.0.0.1...
Connected to test-server.test-server (127.0.0.1).
Escape character is '^]'.
220 test-server.example-sec.local ESMTP
helo localhost
250 test-server.example-sec.local
mail from:user01@example-sec.jp
250 ok
rcpt to:user02@example-sec.jp
250 ok
502 unimplemented (#5.5.1)
data
354 go ahead
From: user01@example-sec.jp
To: user02@example-sec.jp
Subject: test
this is test.

.
250 ok 1184072108 qp 20747

502 unimplemented (#5.5.1)
quit
221 test-server.example-sec.local
Connection closed by foreign host.

  C:\>telnet hostname 25
 220 TEST.local Microsoft ESMTP MAIL Service, Version: 7.5. ready at  Thu, 01 Jul 2018 11:11:11 -0500
 helo test
 250 ESXi-DEV-WEB01.local Hello [127.0.0.1]
 mail from:none@none.com
 250 2.1.0 none@none.com….Sender OK
 rcpt to:youremail@domain.com
 250 2.1.5 youremail@domain.com
 data
 354 Start mail input; end with .
 subject:This is a test email
 This is the body of the test email sent via Telnet.
 .
 250 2.6.0  Queued mail for delivery
 quit
 221 2.0.0 TEST.local Service closing transmission channel
 Connection to host lost. 

Nano command editor

Nano is a text editor suited to working in a UNIX-based command line enviro­nment. It is not as powerful as PC window­-based editors, as it does not rely on the mouse, but still has many useful features.
Most nano commands are invoked by holding down the Ctrl key (that is, the control key), and pressing one of the other keys. In this text, the control key is referred to using ^. For example, ^X means “hold down the CTRL key and press the x key”. Most of the important commands are listed at the bottom of your screen when nano is running.

File Control in nano

nano index.php Open or create the file “index.php” with nano on command line.
Ctrl-o Y Enter Save changes.
Ctrl-r Alt-f Open a new file with a new buffer within nano.
Alt-> Switch to the next file buffer in nano.
Alt-< Switch to the previous file buffer in nano.
Ctrl-x Quit nano.

Navigating through file contents in nano

Ctrl-a Move to the beginning of the current line.
Ctrl-e Move to the end of the current line.
Ctrl-v Move down one page.
Ctrl-y Move up one page.
Alt-\ Go to the beginning of the file.
Alt-/ Go to the end of the file.
Alt-g Go to a target line number.
Alt-] Jump to matching open/close symbol.
Alt-a Alt-} Select a block and indent the block.
Alt-a Alt-{ Select a block and outden the block.

Copy and Paste in nano

Alt-a To select a block for copy or cut operation, do Alt-a again to unselect.
Alt-a Alt-^ Copy a highlighted block to the clipboard.
Alt-a Ctrl-k Cut a highlighted block to the clipboard.
Ctrl-k Cut from the current cursor position to the end of the current line.
Ctrl-u Paste the contents from the clipboard at the current cursor position.

Search and Replace in nano

Ctrl-w Search for a target string.
Alt-w Repeat the last search.
Alt-r Search and replace.

File Management
Key Action
Ctrl+G Display help text
Ctrl+X Close the current file buffer / Exit from nano
Ctrl+O Write the current file to disk
Ctrl+R Insert another file into the current one
Alt+> Switch to the next file buffer
Alt+< Switch to the previous file buffer
Search and Replace
Key Action
Ctrl+W Search for a string or a regular expression
Ctrl+\ Replace a string or a regular expression
Alt+W Repeat the last search
Navigation
Key Action
Ctrl+_ Go to line and column number
Ctrl+Y Go one screenful up
Ctrl+V Go one screenful down
Alt+\ Go to the first line of the file
Alt+/ Go to the last line of the file
Ctrl+B Go back one character
Ctrl+F Go forward one character
Alt+Space Go back one word
Ctrl+Space Go forward one word
Ctrl+A Go to beginning of current line
Ctrl+E Go to end of current line
Ctrl+P Go to previous line
Ctrl+N Go to next line
Alt+( Go to beginning of paragraph; then of previous paragraph
Alt+) Go just beyond end of paragraph; then of next paragraph
Alt+- Scroll up one line without scrolling the cursor
Alt++ Scroll down one line without scrolling the cursor
Alt+< Switch to the previous file buffer
Alt+> Switch to the next file buffer
Ctrl+C Display the position of the cursor
Alt+] Go to the matching bracket
Editing
Key Action
Alt+U Undo the last operation
Alt+E Redo the last undone operation
Alt+} Indent the current line
Alt+{ Unindent the current line
Alt+^ Copy the current line and store it in the cutbuffer
Ctrl+K Cut the current line and store it in the cutbuffer
Ctrl+U Uncut from the cutbuffer into the current line
Ctrl+J Justify the current paragraph
Ctrl+T Invoke the spell checker, if available
Alt+V Insert the next keystroke verbatim
Ctrl+I Insert a tab at the cursor position
Ctrl+M Insert a newline at the cursor position
Ctrl+D Delete the character under the cursor
Ctrl+H Delete the character to the left of the cursor
Alt+T Cut from the cursor position to the end of the file
Alt+J Justify the entire file
Alt+D Count the number of words, lines, and characters
Ctrl+^ Mark text starting from the cursor position
Settings
Key Action
Alt+X Help mode enable­/di­sable
Alt+C Constant cursor position display enable­/di­sable
Alt+O Use of one more line for editing enable­/di­sable
Alt+S Smooth scrolling enable­/di­sable
Alt+$ Soft wrapping of overlong lines enable­/di­sable
Alt+P Whitespace display enable­/di­sable
Alt+Y Color syntax highli­ghting enable­/di­sable
Alt+H Smart home key enable­/di­sable
Alt+I Auto indent enable­/di­sable
Alt+K Cut to end enable­/di­sable
Alt+L Hard wrapping of overlong lines enable­/di­sable
Alt+Q Conversion of typed tabs to spaces enable­/di­sable
Alt+B Backup files enable­/di­sable
Alt+F Reading file into separate buffer enable­/di­sable

Cryptoadvice

If you’re new to bitcoin you’re likely to be a target for scammers, scammers will offer you the following:

  1. A bot that earns bitcoin
  2. Mobile or Cloud Mining
  3. Ask you to help them recover funds
  4. Asked to deposit funds in order to withdrawl funds
  5. Ask you to deposit bitcoin to earn Interest
  6. Ask you to deposit to double your bitcoin
  7. A trading platform that will trade for you

⚠️ BEWARE:

If you lose funds you will likey be private messaged by another scammer offering to recover your funds for a fee (This is also a scam)
All of these are scams & there is NO EXCEPTION to the rule just your belief in getting rich quickly which will leave you with less money than you have now.
If you want bitcoin the only way to get it, is to buy it from a reputable exchange in your country! not from some stranger off the internet
Daily we see people get scammed, you are not an exception to the rule, be smart and read more

Learn To Trade – Here are some helpful tips to get you started

Where to Buy/Trade

Binance.com
Bitfinex.com
Bitmex.com
Bittrex.com
Coinbase.com
Coinut.com
GDAX.com
Gemini.com
Kraken.com
Etoro.com
OKCoin.com
OKCoin.cn
Poloniex.com
SimpleFX.com
TuxExchange.com
Wex.nz

Websites for Charting

BitcoinWisdom.com
CryptoWat.ch
TensorCharts.com
TradeBlock.com
TradingView.com

Training YouTube Videos

https://youtu.be/oFB2zt2bYtc [@MrJozza]
https://www.youtube.com/watch?v=e4KtUKP82mM
https://www.youtube.com/watch?v=hyELHtxTp7I
https://www.youtube.com/user/carpenoctom/videos

Crypto Trading Terms

ASHDRAKED = Lost all your money
BOGDANOFF = The market makers
BEAR/BEARISH = Price negative
BULL/BULLISH = Price positive
DILDO = Large green or red candle
DYOR = Do Your Own Research
FOMO = Fear Of Missing Out
FUD = Fear Uncertainty & Doubt
HODL = Holding a position
JOMO = Joy Of Missing Out
LONG = Margin bull position
MOON = Price will explode up
OTC = Over The Counter
SAJ CANDLE = Huge green candle
SHORT = Margin bear position
REKT = Had a bad loss
REVERSE INDICATOR = Someone who is always wrong predicting price movements.
(For complete cryptoslang see – http://fvck.in/crypto-slang/ )

Handy Websites:

Trading Communities

  • BabyPips.com (trading training)
  • BitcoinTalk.org (forum)
  • @Crypto (telegram)
  • TradingView.com (webchat)
  • For Voice Chat including Discord & Teamspeak links check the coinsole links on https://CryptoGroups.com

Security

  • Use 2FA on all accounts
  • Add pin only access to your mobile phone provider
  • 2FA on all email accounts
  • Enable 2FA on withdrawals & trades if possible

Information: Trading on others advice is the best way to lose money, yes there are respected names in the industry but even they get it wrong. If you’re new, its best to paper trade (trade without real money) if you can prove you make money consistently over time, you’re ready to trade with real money. Margin trading is for people who know what they’re doing, if you dont, its the quickest money you will ever lose.

Beware of EXPERTS that claim “I’m always right!

We see many supposed crypto “experts” or “traders”, let’s call them this way, who like to declare that they are always right. Always.

First of all, it’s mathematically impossible. No way you will be always right in the long run, even if you are the guru of TA or FA. Especially when we talk about TA. You have to realize that TA only says what’s more likely to happen. Trading is about probabilities and money management. But let’s get back to those “always winning experts”.
Don’t you make fun of them when they post their charts with two arrows up & down? We do. Especially after the price action when they say that they were right.

⚠️ Be cautious with these “experts. There are so many of them over the Telegram and Trading View! Do not follow their recommendations, because:

  • Firstly, it’s hard to figure out which direction they expect the market to go (due to their ambiguous analysis)
  • Secondly, if they give an analysis, you follow it and the market goes in the opposite direction, you will lose your money, but that “expert” will write that he was right again and predicted the move perfectly.

!Warning & Disclaimer!

  • Cloud mining sites are largely scams.
  • Pump & Dump groups are scams
  • All HYIP’s & MLM’s are scams, you will get banned from all groups if you are found participating or sharing HYIP/MLM links, dont make money out of scamming others, learn to trade.
  • There are scammers posing as well known members on telegram private messaging people asking for money, DONT SEND!
  • Dont open files posted in these groups
  • Careful about clicking on 3rd party links, these can easily be malicious.
  • All advice given here is to be taken at own risk, we have no affiliation with any exchange & exchanges can be hacked. If an exchange gets hacked, your funds could be lost with no recourse, so be careful.

Email Bounces

Email Bounces

Emails bounces – when an email can’t be delivered for one reason or another – almost like throwing a ball to a someone, only to hit a wall and the ball bounces back at you.

There are two different types of bounces when it comes to email marketing: –

  • A Soft Bounce – temporary error
  • A Hard Bounce – permanent error

A Soft bounce happens when the person who your are emailing has simply run out of space in their mailbox, the address exists but it simply can’t fit in another email until they clean it up. If this continues, then the system will change to a Hard Bounce as it begins to affect your sending reputation if these emails keep getting bounced back.

Hard Bounce means that there was a fundamental issue delivering your email which one of the following categories: –

Bounce Category: bad-domain

Explanation: The message bounced due to an invalid or non-existing domain, 5.X.X error.

Resolution: Check the spelling and format of the domain, and edit the contact’s details with the corrected domain. Once the contact has been updated, their bounce status will be reset and you can send to them again.

Bounce Category: bad-mailbox

Explanation: The message bounced due to a bad, invalid, or non-existent recipient address, 5.X.X error.

Resolution: Check the spelling and format of the contact’s email address, and edit with the corrected information. Once the contact has been updated, their bounce status will be reset and you can send to them again.

Bounce Category: inactive-mailbox

Explanation: The message bounced due to an expired, inactive, or disabled recipient address, 5.X.X error.

Resolution: Confirm with the contact if their email address is still active. Check the spelling and format of the contact’s email address, and edit with the corrected information. Once the contact has been updated, their bounce status will be reset and you can send to them again.

Bounce Category: message-expired

Explanation: The message bounced due to not being delivered before the two day window in which the system continues to attempt delivery, 4.X.X error.

Resolution: Confirm with the contact if their email address is still valid, and edit the contact’s email address with any updated information. If the email address has not changed, ask the contact to whitelist. Once that has been done, reset the contact’s delivery status and you will be able to send to them again.

Bounce Category: no-answer-from-host

Explanation: The message bounced due to receiving no response from the recipient’s server after connecting, 4.X.X or 5.X.X error.

Resolution: The recipient’s mail server is offline or has an issue in its configuration. Ask the recipient to investigate if there is an issue with their mail server. Once that has been done, reset the contact’s delivery status and you will be able to send to them again.

Bounce Category: other messages

Explanation: The message bounced due to other reasons, 4.X.X or 5.X.X error.

Resolution: The system did not receive any detailed message back from the recipient’s mail server. Ask the contact to whitelist. Once that has been done, reset the contact’s delivery status and you will be able to send to them again.

Bounce Category: policy-related

Explanation: The message bounced due to a policy reason on a recipient address or domain, 5.X.X error.

Resolution: This is usually due to a message being classified as spam by a recipient’s mail server or due to some type of limit restriction in place on the recipient’s side. Ask the contact to whitelist. Once that has been done, reset the contact’s delivery status and you will be able to send to them again.

Bounce Category: quota-issues

Explanation: The message bounced due to the recipient’s mailbox being over its limit, 4.X.X or 5.X.X error.

Resolution: Confirm with the contact if they are able to receive email. Once that issue has been resolved on their side, reset the contact’s delivery status and you will be able to send to them again.

Bounce Category: routing-errors

Explanation: The message bounced due to mail routing issues for a recipient domain, 5.X.X error.

Resolution: This is usually due to an invalid configuration in the DNS records on the recipient’s mail server. Ask the recipient to investigate if there is an issue with their mail server. Once that has been done, reset the contact’s delivery status and you will be able to send to them again.

Bounce Category: spam-related

Explanation: The message bounced due to spam related reasons, 5.X.X error.

Resolution: This is usually due to a message being classified as spam by a recipient’s mail server. Ask the contact to whitelist. Once that has been done, reset the contact’s delivery status and you will be able to send to them again.

Error overview

Error CodeError Message Recommended actions
 bad-configurationMessages were rejected due to problems in the remote server configuration. This is a problem on the recipient’s server that has an error in the settings and is not allowing new messages. You will need to contact the subscriber by phone to talk to the system administrator to try to solve the problem. When the administrator notify that the issue has been solved, you should contact the Mailrelay technical staff.
bad-connection Messages were rejected due to connection problems with the remote server. It is not possible to connect with the recipient’s  domain correctly due to some failure in the connection route. In this case, the problem may not be occurring directly on the recipient’s server, but on some intermediate server that is receiving and forwarding the message. You sould contact the administrator of the recipient’s server to explain the problem, but also with the internet service provider, so they can analyze and try to locate the problem that is causing this error.
bad-domainMessages bounced because the domain is invalid or nonexistent. If the recipient’s domain does not exist, you can receive this error. You need to confirm that the account is valid. You also will need to contact the subscriber by phone to talk to the system administrator to try to solve the problem. When the administrator notify that the issue has been solved, you should contact the Mailrelay technical staff to validate the email again.
bad-mailboxMessages rejected because the recipient’s address is incorrect, is invalid or nonexistent. The email account was not found on the recipient’s server.You will need to contact the subscriber by phone to talk to the system administrator to try to solve the problem. When the administrator notify that the issue has been solved, you should contact the Mailrelay technical staff to validate the email again.
content-relatedMessages bounced due to its content (Possible spam, sender is blacklisted, etc)You will need to contact the administrator of the recipient’s server for information about the problem and determine possible solutions. And, you should contact our Customer Service Department to see what could be done to solve this issue.
inactive-mailboxMessages rejected because the accounts expired, are inactive or have been disabled.You will need to confirm that the account is correct and contact the subscriber by phone to talk to the system administrator to try to solve the problem. When the administrator notify that the issue has been solved, you should contact the Mailrelay technical staff.
message-expiredThe message was sent before the maximum time allowed, after previous attempts have failed.You can try to send the message again when there is less saturation in the sending queue.
no-answer-from-hostMessages bounced because the system could not receive any  response from the remote server after connecting. This could be a problem on the remote server configuration.You will need to contact the administrator of the server to ask for more information on how to solve the problem.
otherWere rejected due to other reasonsYou will need to contact the administrator of the server to ask for more information on how to solve the problem.
policy-relatedMessages bounced or blocked due to problems with the policy of the recipient’s server.You will also need to contact the administrator of the server to ask for more information on how to solve the problem. And, you should contact our Customer Service Department to see what could be done to solve this issue.
protocol-errors The message is being rejected due to syntax errors in the SMTP protocol. Mailrelay always uses correct syntax and commands, but there may be an interpretation problem on the recipient’s server.You will need to contact the system administrator to try to solve the problem.
quota-issuesMessages rejected or blocked due to quota issues. The server rejects the message because the account has exceeded the limit of messages.You will need to contact the subscriber by phone to talk to the system administrator to try to solve the problem. When the administrator notify that the issue has been solved, you should contact the Mailrelay technical staff to validate the email again.
relaying-issuesMessages rejected or blocked due to problems when trying to deliver the emails on the remote server. These errors may occur due to various reasons of internal administrative policies of the recipient’s server, for example, some servers will not accept any email with your domain that does not come from your own IP.You will need to contact the system administrator to try to solve the problem.
routing-errorsMessages due to routing problems in the recipient’s domain. That is, the sender server cannot deliver the email correctly due to a failure in an intermediate server.You sould contact the administrator of the recipient’s server to explain the problem, but also with the internet service provider, so they can analyze and try to locate the problem that is causing this error.
spam-relatedMessages blocked or rejected due to reasons related to SPAM. There is a problem with the configurations of the sender domain, the contents of the email or spam complaints and the spam filter is blocking the email.You will need to contact the administrator of the recipient’s server for information about the problem and determine possible solutions.
virus-relatedMessages blocked or rejected due to reasons related to infected emails. This can be a serious issue. When you attach a file containing a virus or that  potentially could contain a threat, for example, Word or Excel, your emails will probably be blocked.The best solution in these cases is to scan the attached files using a good antivirus and if the problem occurs because the server rejects the message, marking it as potentially dangerous, you can compress the file using a software like Winzip, Winrar, and upload it to a server. After that, just add a link were your subscribers can download it.

Generic Error codes

Invalid or expired email address

421      Service not available, closing transmission channel
450      Requested mail action not taken: mailbox unavailable (e.g., mailbox busy)
451      Requested action aborted: error in processing
550      User’s mailbox was unavailable (such as not found)
551      The recipient is not local to the server.
553      The command was aborted because the mailbox name is invalid.
5.0.0    Address does not exist
5.1.1    Bad destination mailbox address
5.1.2    Bad destination system address
5.1.3    Bad destination mailbox address syntax
5.1.4    Destination mailbox address ambiguous
5.1.5    Destination mailbox address valid
5.1.6    Mailbox has moved
5.1.7    Bad sender’s mailbox address syntax
5.1.8    Bad sender’s system address
5.2.0    Other or undefined mailbox status
5.2.1    Mailbox disabled, not accepting messages
5.1.0    Other address status
5.3.0    Other or undefined mail system status
5.4.1    No answer from host
5.4.2    Bad connection
5.4.0    Other or undefined network or routing status
5.4.3    Routing server failure
5.4.4    Unable to route
5.4.7    Delivery time expired
5.5.0    Other or undefined protocol status


Mailbox full

5.2.2    Mailbox full
5.3.1    Mail system full


Message rejected

5.2.3    Message length exceeds administrative limit.
5.2.4    Mailing list expansion problem
5.3.4    Message too big for system
5.5.3    Too many recipients
5.7.0    Other or undefined security status
5.7.1    Delivery not authorized, message refused
5.7.2    Mailing list expansion prohibited
5.7.7    Message integrity failure

Miscellaneous issues in the remote mail server

452      Requested action not taken: insufficient system storage
500      The server could not recognize the command due to a syntax error.
501      A syntax error was encountered in command arguments.
502      This command is not implemented.
503      The server has encountered a bad sequence of commands.
504      A command parameter is not implemented.
552      The action was aborted due to exceeded storage allocation.
554      The transaction failed for some unstated reason.
5.3.2    System not accepting network messages
5.3.3    System not capable of selected features
5.4.5    Network congestion
5.4.6    Routing loop detected
5.5.1    Invalid command
5.5.2    Syntax error
5.5.4    Invalid command arguments
5.5.5    Wrong protocol version
5.6.0    Other or undefined media error
5.6.1    Media not supported
5.6.2    Conversion required and prohibited
5.6.3    Conversion required but not supported
5.6.4    Conversion with loss performed
5.6.5    Conversion failed
5.7.3    Security conversion required but not possible
5.7.4    Security features not supported
5.7.5    Cryptographic failure
5.7.6    Cryptographic algorithm not supported

Yahoo SMTP codes

SMTP ErrorDiagnostic Error MessageReason
 421421 Message temporarily deferred – [numeric code]The message content contained objectionable content, we’re seeing unusual traffic from your servers, or emails from your mail server are generating complaints from Yahoo Mail users.
 421421 4.7.0 [TS01] Messages from x.x.x.x temporarily deferred due to user complaints – 4.16.55We’re seeing unusual traffic patterns from your server. Submit your sending IPs for review.
 421421 4.7.0 [TS02] Messages from x.x.x.x temporarily deferred due to user complaints – 4.16.55We’re seeing unusual traffic patterns from your server or your mailings are generating complaints from Yahoo Mail users. Submit your sending IPs for review.
 421421 4.7.1 [TS03] Messages from x.x.x.x permanently deferred. Retrying will NOT succeedWe’re seeing a high volume of e-mails from your server that are indicative of unsolicited mailings. Submit your sending IPs for review.
 451451 Resources temporarily not available – Please try again later [numeric code]This error indicates that our servers were busy and temporarily unable to process your transaction at the time of connection.
 451451 VS1-IP Excessive unknown recipients – possible Open Relay (#4.1.8)Your mail server is configured as an open relay or proxy. Review our guidelines for avoiding deprioritization.
 451451 VS1-MF Excessive unknown recipients – possible Open Relay (#4.4.5)The senders MAIL FROM address has been sending to excessive bouncing accounts (non-active, don’t exist). Review your mailing lists, and remove any addresses that generate bounces.
 553553 5.7.1 [BLXX] Connections not accepted from IP addresses on Spamhaus PBLThe sending IP is listed on a Spamhaus blacklist. You can check your status on Spamhaus’ site.
 554554 Message not allowed – [numeric code]Your emails have become deprioritized due to the message content triggering our filters. We ask that you review the email’s header and message content for potentially objectionable content. 
 554Delivery error: dd This user doesn’t have a yahoo.com account (******@yahoo.com) [-5] – mta1126.mail.gq1.yahoo.com [BODY]The Yahoo account that you’re trying to send to doesn’t exist. We recommend that you contact the recipient directly to confirm their correct email address.
 554554 5.7.9 Message not accepted for policy reasonsYour message wasn’t delivered because Yahoo was unable to verify that it came from a legitimate email sender.

Outlook Error codes

SMTP Error CodeExplanation
421 RP-001The mail server IP connecting to Outlook.com server has exceeded the rate limit allowed. Reason for rate limitation is related to IP/domain reputation. If you are not an email/network admin please contact your Email/Internet Service Provider for help.
421 RP-002The mail server IP connecting to Outlook.com server has exceeded the rate limit allowed on this connection. Reason for rate limitation is related to IP/domain reputation. If you are not an email/network admin please contact your Email/Internet Service Provider for help.
421 RP-003The mail server IP connecting to Outlook.com server has exceeded the connection limit allowed. Reason for limitation is related to IP/domain reputation. If you are not an email/network admin please contact your Email/Internet Service Provider for help.
550 SC-001Emails rejected by Outlook.com for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation. If you are not an email/network admin please contact your Email/Internet Service Provider for help.
550 SC-002Emails rejected by Outlook.com for policy reasons. The email server IP connecting to Outlook.com has exhibited namespace mining behaviour. If you are not an email/network admin please contact your Email/Internet Service Provider for help.
550 SC-003Emails rejected by Outlook.com for policy reasons. Your IP address appears to be an open proxy/relay. If you are not an email/network admin please contact your Email/Internet Service Provider for help.
550 SC-004Emails rejected by Outlook.com for policy reasons. A block has been placed against your IP address because we have received complaints concerning emails coming from that IP address. We recommend enrolling in our Junk Email Reporting Programme (JMRP), a free programme intended to help senders remove unwanted recipients from their email list. If you are not an email/network admin please contact your Email/Internet Service Provider for help.
550 DY-001Emails rejected by Outlook.com for policy reasons. We generally do not accept emails from dynamic IPs as they are not typically used to deliver unauthenticated SMTP email to an Internet mail server. If you are not an email/network admin please contact your Email/Internet Service Provider for help. http://www.spamhaus.org maintains lists of dynamic and residential IP addresses.
550 DY-002Emails rejected by Outlook.com for policy reasons. The likely cause is a compromised or virus-infected server/personal computer. If you are not an email/network admin please contact your Email/Internet Service Provider for help.
550 OU-001Emails rejected by Outlook.com for policy reasons. If you are not an email/network admin please contact your Email/Internet Service Provider for help. For more information about this block and to request removal please go to: http://www.spamhaus.org.
550 OU-002Emails rejected by Outlook.com for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation. If you are not an email/network admin please contact your Email/Internet Service Provider for help.

NOTE: If you are having problems with email delivery to Cox, and you were unable to resolve your problem using the steps in the Error Codes section above, send us an email at unblock.request@cox.net for assistance. Your email must contain all of the following information in order for us to process your request.

COX Email error codes

Error CodeDescriptionResolution
CXBLThe sending IP address has been blocked by Cox due to exhibiting spam-like behavior.Send an email request to Cox to ask for a sending IP address be unblocked.

Note: Cox has sole discretion whether to unblock the sending IP address.
CXTHRTEmail sending limited due to suspicious account activity. To secure your account, please reset your password at cox.com/password. It may take up to 2 hours to confirm security and remove sending limits.Reset your password at www.cox.com/password or by logging into your Cox.com account and going through the My Profile page. It can take up to 2 hours for the new password to be effective and the email sending limits to be taken off.
CXMJEmail sending blocked due to suspicious account activity on primary Cox account. To secure your account, please reset all Cox account passwords at cox.com/password. Contact Cox at cox.com/chat to remove block and reference error code AUP#CXMJ.Reset your password at www.cox.com/password or visit www.cox.com to sign in to your primary Cox account and go to the My Profile page. Then, contact Cox at www.cox.com/chat to remove the block referenced by error code AUP#CXMJ.
CXDNSThere was an issue with the connecting IP address Domain Name System (DNS). The Reverse DNS (rDNS) lookup for your IP address is failing. Confirm the IP address that sends your email. Check the rDNS of that IP address. If it passes, then wait 24 hours and try resending your email.
CXSNDRThere was a problem with the sender’s domain.Your email failed authentication checks against your sending domain’s SPF, DomainKeys, or DKIM policy.
CXSMTPThere was a violation of SMTP protocol.Your email wasn’t delivered because Cox was unable to verify that it came from a legitimate email sender.
CXCNCTThere was a connection issue from the IP address.There is a limit to the number of concurrent SMTP connections per IP address to protect the systems against attack. Ensure that the sending email server is not opening more than 10 concurrent connections to avoid reaching this limit.
CXMXRTThe sender has sent email to too many recipients and needs to wait before sending more email.The email sender has exceeded the maximum number of sent email allowed.
CDRBLThe sending IP address has been temporarily blocked by Cox due to exhibiting spam-like behavior.The block duration varies depending on reputation and other factors, but will not exceed 24 hours. Inspect email traffic for potential spam, and retry email delivery.
IPBL0001The sending IP address is listed in the Spamhaus Zen DNSBL.Refer to Spamhaus for more information and removal instructions. Spamhaus has sole discretion whether to remove the sending IP address from the DNSBL.
IPBL0010The sending IP is listed in the Return Path DNSBL.Refer to Return Path for more information and removal instructions. Return Path has sole discretion whether to remove the sending IP address from the DNSBL.
IPBL0100The sending IP is listed in the Invaluement ivmSIP DNSBL.Refer to ivmSIP for more information and removal instructions. ivmSIP has sole discretion whether to remove the sending IP address from the DNSBL.
IPBL0011The sending IP is in the Spamhaus Zen and Return Path DNSBLs.Refer to the instructions above for error codes IPBL0001 and IPBL0010.
IPBL0101The sending IP is in the Spamhaus Zen and Invaluement ivmSIP DNSBLs.Refer to the instructions above for error codes IPBL0001 and IPBL0100.
IPBL0110The sending IP is in the Return Path and Invaluement ivmSIP DNSBLs.Refer to the instructions above for error codes IPBL0010 and IPBL0100.
IPBL0111The sending IP is in the Spamhaus Zen, Return Path and Invaluement ivmSIP DNSBLs.Refer to the instructions above for error codes IPBL0001, IPBL0010, and IPBL0100.
IPBL1000Cloudmark CSI Suspect / CSI GlobalThe sending IP address is listed on a CSI blacklist. You can check your status on the CSI website.
IPBL1001The sending IP is listed in the Cloudmark CSI and Spamhaus Zen DNSBLs.Refer to the instructions above for error codes IPBL1000 and IPBL0001.
IPBL1010The sending IP is listed in the Cloudmark CSI and Return Path DNSBLs.Refer to the instructions above for error codes IPBL1000 and IPBL0010.
IPBL1011The sending IP is in the Cloudmark CSI, Spamhaus Zen and Return Path DNSBLs.Refer to the instructions above for error codes IPBL1000, IPBL0001, and IPBL0010.
IPBL1100The sending IP is listed in the Cloudmark CSI and Invaluement ivmSIP DNSBLs.Refer to the instructions above for error codes IPBL1000 and IPBL0100.
IPBL1101The sending IP is in the Cloudmark CSI, Spamhaus Zen and Invaluement IVMsip DNSBLs.Refer to the instructions above for error codes IPBL1000, IPBL0001, and IPBL0100.
IPBL1110The sending IP is in the Cloudmark CSI, Return Path and Invaluement ivmSIP DNSBLs.Refer to the instructions above for error codes IPBL1000, IPL0010, and IPBL0100.
IPBL1111The sending IP is in the Cloudmark CSI, Spamhaus Zen, Return Path and Invaluement ivmSIP DNSBLs.Refer to the instructions above for error codes IPBL1000, IPBL0001, IPBL0010, and IPBL0100.
IPBL00001Spamhaus ZENThe sending IP address is listed on a Spamhaus blacklist. Check your status at Spamhaus.
URLBL011A URL within the body of the message was found on blocklists SURBL and Spamhaus DBL. Refer to SURBL for more information and removal instructions. Refer to Spamhaus for DBL information and removal instructions
URLBL101A URL within the body of the message was found on blocklists SURBL and ivmURI. Refer to SURBL for more information and removal instructions. Refer to ivmURI for more information and removal instructions
URLBL110A URL within the body of the message was found on blocklists Spamhaus DBL and ivmURI. Refer to ivmURI for more information and removal instructions. Refer to Spamhaus for DBL information and removal instructions
URLBL1001Spamhaus DBLThe URL is listed on a Spamhaus blacklist. Check your status at Spamhaus.
421 – [ESMTP server temporarily not available]Our systems are experiencing an issue which is causing a temporary inability to accept new email.Retry your mailings at a later time.
421 – [too many sessions from <source IP>]The sending IP address has exceeded the five maximum concurrent connection limit.Configure your sending server to establish no more than five concurrent connections.
554 – [ESMTP no data before greeting]The sending server has attempted to communicate too soon within the SMTP transaction.Ensure that your sending server is RFC 5321-compliant, and is following the proper SMTP protocol standards.
554 – [<source IP> rejected – no rDNS]Cox requires that all connecting email servers contain valid reverse DNS PTR records.Ensure that your sending email servers have a valid reverse DNS entry.
554 – [cox too many bad commands from <source IP>]An email client has repeatedly sent bad commands or invalid passwords resulting in a three-hour block of the client’s IP address.Check the password used by your email client and consider using an alternate email client if your password is correct.
421 – [<source IP> DNS check failure – try again later]The reverse DNS check of the sending server IP address has failed.Ensure that your DNS configuration is correct and that the PTR record is resolvable.
452 – [<mailfrom address> requested action aborted: try again later]The SMTP connection has exceeded the 100 email message threshold and was disconnected.Establish a new connection and continue sending.
550 – [<mailfrom address> sender rejected]Cox requires that all sender domains resolve to a valid MX or A-record within DNS.Ensure that your domain has a valid MX or A-record within DNS.
550 – [<recipient email> recipient rejected]The intended recipient is not a valid Cox Email account.Ensure that your mailing list is up-to-date with verified recipient email addresses.
552 – [$(_id) attachment extension is forbidden]The message has been rejected because it contains an attachment with one of the following prohibited file types, which commonly contain viruses: .shb, .shs, .vbe, .vbs, .wsc, .wsf, .wsh, .pif, .msc, .msi, .msp, .reg, .sct, .bat, .chm, .isp, .cpl, .js, .jse, .scr, .exe.Ensure that your mailings do not contain attachments with these file types.
452 – [<source IP> rejected. Too many invalid recipients]The sending IP address has exceeded the threshold of invalid recipients and has been blocked.Ensure that your mailing list is up-to-date with verified recipient email addresses, and try again at a later time.
452 – [Message threshold exceeded]Cox enforces various rate limits to protect our platform. The sending IP address has exceeded one of these rate limits and has been temporarily blocked.Slow down the rate at which you attempt to send email.

COMCAST error codes

Error Code Returned For more information
421 – [Too many sessions opened] Comcast allows 25 simultaneous connections per sending IP address. This error results when that limit is exceeded.
421 – [Reverse DNS failure : Try again later] Comcast requires all sending IP addresses have a valid rDNS. This error results when the lookup failed. This error should be treated as a temp-fail and can be retried.
SERVFAIL response. 99.9% means that the DNS somewhere up the auth tree is misconfigured or down or very badly overloaded.
421 – [Try again later] This error results for several reasons. This error should be treated as a temp-fail and can be retried.
452 – [Too many emails sent on this session] Comcast allows 1000 emails per session. This error results when that limit is exceeded.
452 – [Too many recipients for message] Comcast allows 100 recipients per message. This error results when that limit is exceeded.
550 – [Not our customer] This error results when a message is sent to a non-existent Comcast customer. These errors should be treated as an “unsubscribe” by the sender, if a bulk mailer.
550 – [Your message could not be delivered due to too many invalid recipients] This error results when a message is sent to too many invalid recipients. As a result none of the recipients received the message. Please check your distribution list and resend.
550 – [Invalid sender domain] Comcast requires that all sending domains have a valid A or MX record. This error results when neither record can be found.
550 – [Account not available] This error results when a message is sent to a Comcast account that is currently not available.
552 – [Message size exceeded] Comcast allows messages of 15MB or smaller. This error results when that limit is exceeded.
554 – [PTR lookup failure] Comcast requires all sending mail server IP addresses have a valid PTR record set up. This error results when the lookup failed.

NXDOMAIN response. One of the authoritative servers for the relevant section of the in-addr.arpa DNS tree is saying that there is no PTR record for the given IP address.

AOL – YAHOO SMTP Error Codes

An SMTP error, or Delivery Status Notification (DSN), indicates that an email could not be delivered, either due to a temporary or permanent problem. You can review our list of SMTP error messages below for details about each error.

What are 4xx (421 and 451) temporary errors?

  • A 421 or 451 SMTP error indicates a temporary problem blocking the delivery of your message. Message delivery can be delayed for multiple reasons including :
    • We’ve observed unusual traffic patterns from your sending server’s IP address.
    • The message you attempted to send included characteristics of spam.
    • Emails from your mail server have been generating complaints from Verizon Media users.
    • The Verizon Media mail servers are busy when attempting a connection.
    • Other suspicious behavior which leads Verizon Media to enforce a dynamic deprioritization for your sender’s server.
  • Review our Sender Best Practices to learn how you can help your emails reach Verizon Media.
  • If you’re not the administrator of the mail server in question, we suggest you contact the administrator directly to discuss the error message you’re receiving.
  • If you encounter 4XX errors when trying to send an email to Verizon Media, you may retry sending at a later time.

What are 5xx (553 and 554) permanent errors?

  • A 553 or 554 SMTP error indicates an email could not be delivered due to a permanent problem. Message delivery can be permanently deferred because :
    • Spamhaus has your domain or IP address listed on a Block List.
    • You’re trying to send a message to an invalid email address.
    • Your message failed authentication checks against your sending domain’s DMARC or DKIM policy.
    • The message contains characteristics that Verizon Media won’t accept for policy reasons.
    • Other suspicious behavior which leads Verizon Media to issue a permanent rejection for your SMTP connection.
  • If you consistently receive 5xx errors when sending to Verizon Media, we encourage you to review our Sender Best Practices, since 5xx errors can be a symptom of a more widespread, general problem.
  • You should not retry sending an email that comes back with with a 5xx error. List managers should have a policy for removing email addresses that generate 5xx errors/bounces.

Excessive user complaints

  • These errors indicate emails from your mail server are generating an excessive amount of complaints from Verizon Media users. We suggest you consider the following :
    • Monitor your sender reputation – Even if you have a good reputation, users can vote your email as spam and affect your overall reputation.
    • If you’re an administrator of message content and mailing policy and you’ve deployed significant changes or you’ve received this error for more than 48 hours, we ask that you review your outgoing messages for objectionable content or practices.
    • Using a shared IP address – Mail traffic from other domains could be negatively affecting your IP sending reputation. If applicable, contact your host provider to request using dedicated IP addresses to send your mail to resolve this problem.
  • We recommend you review our Sender Best Practices to ensure you’re following proper opt-in methods of user subscriptions.

Excessive unsolicited messages

  • Excessively high volume of emails from a single IP address is a characteristic of unsolicited, bulk emailing. Don’t resend the email until you review our Sender Best Practices and make any necessary changes.
  • You may have setup the IP you are using to send email very recently and did not increase the email traffic slowly.
  • Check your subscription practices and lists to ensure that messages are sent only to users who’ve requested it.
  • If you’re an administrator for message content or mailing policy and you’ve made significant changes, or you’ve received this error for more than 48 hours, we ask that you review your outgoing emails for objectionable content or practices.

Excessive unknown recipients

  • Your mail server is sending to a large number of invalid recipients and may be configured as an “open relay” or “open proxy”.
  • Open proxies and open relays are a very common source of spam and Verizon Media doesn’t accept email from them.
  • We encourage you to follow our Sender Best Practices and make appropriate changes to secure your servers.
  • Review your mailing lists and remove any addresses that generate bounces.
  • Examine your outbound queues for potentially objectionable content to ensure that spammers aren’t abusing your mail server.

Authentication failures

  • Your email failed one or more authentication checks that Verizon Media uses to verify emails are truly sent from the domains they claim to originate from.
  • Verizon Media rejects emails for failing DKIM authentication when all of following conditions apply :
    • The signing domain publishes a policy which states that all emails from the domain must be signed and authenticated with DKIM to prevent forgery.
    • The signing domain is identified in the “d=” tag of the DKIM signature.
    • The rejected email couldn’t be authenticated against the sending domain’s policy, for example, due to a missing or bad signature.
  • If you’re not the system administrator for the mail servers affected, we encourage you to contact the administrator, so they can look into the situation further.
  • For mailing lists, also known as “listservs,” you should change your sending behavior by adding the mailing lists’ address to the “From:” line, rather than the sender’s address. Also, enter the actual user/sender address into the “Reply-To:” line.
  • It’s a good idea to review our guide to Sender Best Practices and make appropriate changes.

Content based blocks

  • These error messages indicates that your email wasn’t accepted because there is something in the content that Verizon Media won’t accept for policy reasons.
  • Objectionable content that Verizon Media deems unacceptable includes :
    • Viruses
    • Phishing attempts
    • Ransomeware
    • Other malicious software
    • Links or URLs to any of the above
  • Examine your outbound queues for potentially objectionable content to ensure that spammers aren’t abusing your mail server.
  • Follow our Sender Best Practices and make appropriate changes to secure your servers.

Recipient does not exist

  • The Verizon Media account that you’re trying to send to does not exist. We recommend that you contact the recipient directly to confirm their correct email address.
  • You should not retry delivery of the message. It will never complete successfully.
  • You should remove the email address from your mailing list.

Message temporarily deferred

  • This is a temporary error and your mail server may automatically re-try sending the email at a later time. Your message may have been deferred due to one or more of the following :
    • Emails from your mail server are generating substantial complaints from Verizon Media users.
    • The message contained objectionable content or exhibited characteristics indicative of spam.
    • The IP (x.x.x.x or its subnet, i.e., .255 ) has a poor reputation.
    • We are seeing unusual traffic patterns from your mail servers.
  • We ask that you follow our Sender Best Practices and review your outgoing messages for potentially objectionable content.
  • If your mail server does not primarily send bulk mailings (e.g., you run a personal, corporate, educational, or ISP mail server), examine your outbound queues to ensure that spammers aren’t abusing your mail server.
  • If you’re seeing the same error consistently over an extended period of time, we encourage you to submit a Sender Support Request with specific details of the error and diagnostic codes you see in your logs.

Resources temporarily unavailable

  • This error indicates that the Verizon Media mail servers were busy and temporarily unable to process your transaction at the time of connection.
  • Such issues are generally brief, and normal connectivity is usually restored after a short period of time.

Sample Email Failed Delivery message

  • When you get mail from a “MAILER-DAEMON” or a “Mail Delivery Subsystem” with a subject similar to “Failed Delivery,” this means that a message you sent was undeliverable and has been bounced back to you.
  • These messages are produced automatically and usually include a reason for the delivery failure.
  • Failed or “bounced” messages normally consist of two parts:
    • The reason for the bounce
    • Your original message
  • Failure notice example:

Define if SOFT or HARD bounces

Bounce codeBounce typeDescription
5.0.0HardAddress does not exist
5.1.0HardOther address status
5.1.1HardBad destination mailbox address
5.1.2HardBad destination system address
5.1.3HardBad destination mailbox address syntax
5.1.4HardDestination mailbox address ambiguous
5.1.5HardDestination mailbox address valid
5.1.6HardMailbox has moved
5.1.7HardBad sender\’s mailbox address syntax
5.1.8HardBad sender’s system address
5.2.0SoftOther or undefined mailbox status
5.2.1SoftMailbox disabled, not accepting messages
5.2.2SoftMailbox full
5.2.3HardMessage length exceeds administrative limit.
5.2.4HardMailing list expansion problem
5.3.0HardOther or undefined mail system status
5.3.1SoftMail system full
5.3.2HardSystem not accepting network messages
5.3.3HardSystem not capable of selected features
5.3.4HardMessage too big for system
5.4.0HardOther or undefined network or routing status
5.4.1HardNo answer from host
5.4.2HardBad connection
5.4.3HardRouting server failure
5.4.4HardUnable to route
5.4.5SoftNetwork congestion
5.4.6HardRouting loop detected
5.4.7HardDelivery time expired
5.5.0HardOther or undefined protocol status
5.5.1HardInvalid command
5.5.2HardSyntax error
5.5.3SoftToo many recipients
5.5.4HardInvalid command arguments
5.5.5HardWrong protocol version
5.6.0HardOther or undefined media error
5.6.1HardMedia not supported
5.6.2HardConversion required and prohibited
5.6.3HardConversion required but not supported
5.6.4HardConversion with loss performed
5.6.5HardConversion failed
5.7.0HardOther or undefined security status
5.7.1HardDelivery not authorized, message refused
5.7.2HardMailing list expansion prohibited
5.7.3HardSecurity conversion required but not possible
5.7.4HardSecurity features not supported
5.7.5HardCryptographic failure
5.7.6HardCryptographic algorithm not supported
5.7.7HardMessage integrity failure
9.1.1HardHard bounce with no bounce code found. It could be an invalid email or rejected email from your mail server (such as from a sending limit).

Traditional SMTP status codes

The table below is not a definitive list of all available status codes, only a representation of the most frequent ones.

Status Code Group
Group Name
Description
1xx
Informational
Request received, continuing process
2xx
Success
The action was successfully received, understood, and accepted
3xx
Redirection
Further action must be taken in order to complete the request
4xx
Client Error
The request contains bad syntax or cannot be fulfilled
5xx
Server Error
The server failed to fulfil an apparently valid request
Code
Description
421
domain service not available, closing transmission channel
450
Requested mail action not taken: mailbox unavailable (e.g., mailbox busy)
451
Requested action aborted: error in processing
452
Requested action not taken: insufficient system storage
500
The server could not recognize the command due to a syntax error
501
A syntax error was encountered in command arguments
502
This command is not implemented
503
The server has encountered a bad sequence of commands
504
A command parameter is not implemented
550
User’s mailbox was unavailable (“not found”)
551
The recipient is not local to the server
552
The action was aborted due to exceeded storage allocation
553
The command was aborted because the mailbox name is invalid
554
The transaction failed for some unstated reason

Exchange NDR Code List

Listed NDR (Nondeliverable returns) emails and codes. Overlapping with the codes above.

Status codeDescription
4.2.2The recipient has exceeded their mailbox limit
4.3.1Insufficient system resources
4.3.2System not accepting network messages
4.4.1Connection timed out
4.4.2Connection dropped
4.4.6Too many hops
4.4.7Message expired
4.4.9DNS Problem – check your connector
4.6.5Multi-language situation
5.0.0HELO / EHLO requires domain address
5.1.xExchange NDR problems with email address
5.1.0Sender denied / Message categorizer failures
5.1.1Bad destination mailbox address
5.1.2Invalid X.400 address
5.1.3Invalid recipient address
5.1.4Destination mailbox address ambiguous
5.1.7Invalid address
5.1.8Something the matter with sender’s address
5.2.xNDR caused by the size of the email
5.2.1Mailbox cannot be accessed
5.2.2Mailbox full
5.2.3Message too large
5.2.4Mailing list expansion problem
5.3.0Problem with MTA / Store driver
5.3.1Mail system full
5.3.2System not accepting network messages
5.3.3Unrecognized command
5.3.4Message too big for system
5.3.5System incorrectly configured
5.4.0DNS Problem. Check the Smart host and DNS
5.4.1No answer from host
5.4.2Bad connection
5.4.3Routing server failure. No available route
5.4.4Invalid arguments
5.4.6Routing loop detected
5.4.7Delivery time-out. Message is taking too long to be delivered
5.4.8Microsoft advise, check your recipient policy
5.5.0Underlying SMTP 500 error
5.5.1Invalid command
5.5.2Send hello first
5.5.3Too many recipients
5.5.4Invalid domain name
5.5.5Wrong protocol version
5.5.6Invalid message content
5.6.0Corrupt message content. Try sending without attachment
5.6.1Media not supported
5.6.3More than 250 attachments
5.7.1Delivery not authorized
5.7.1Unable to relay
5.7.1Client was not authenticated
5.7.2Distribution list cannot expand and so is unable to deliver its messages
5.7.3Not Authorized
5.7.4Extra security features not supported. Check delivery server settings
5.7.5Cryptographic failure
5.7.6Certificate problem, encryption level may be to high
5.7.7Message integrity problem

AWS PostgreSQL RDS

Intro

The World’s Most Advanced Open Source Relational Database

PostgreSQL is winning this title for the second year in a row. First released in 1989, PostgreSQL turns 30 this year and is at the peak of its popularity, showing no signs of ageing with a very active community. It’s the fastest growing DBMS last three years.

Everyone wants a fast database, I think that is what everybody can agree upon. The question is: fast in what respect?
In terms of databases, there are at least different directions of fast:

  • number of transactions per second
  • throughput or amount of data processed

These are interrelated but definitely not the same.
And both have completely different requirements in terms of IO. In general, you want to avoid IO at all cost. This is because IO is always slow in comparison to access to data in memory, CPU-caches of different levels or even CPU registers. As a rule of thumb, every layer slows down access by about 1:1000.
For a system with high demand for a large number of transactions per second, you need as many concurrent IOs as you can get, for a system with high throughput you need an IO subsystem which can deliver as many bytes per seconds as possible.

That leads to the requirement to have as much data as possible near to the CPU, e.g. in RAM. At least the working set should fit, which is the set of data that is needed to give answers in an acceptable amount of time.

Each database engine has a specific memory layout and handles different memory areas for different purposes.

To recap: we need to avoid IO and we need to size the memory layout so that the database is able to work efficiently (and I assume that all other tasks in terms of proper schema design are done).

Here are the critical parameters

  • max_connections
    This is what you think: the maximum number of current connections. If you reach the limit you will not be able to connect to the server anymore. Every connection occupies resources, the number should not be set too high. If you have long run sessions, you probably need to use a higher number as if the sessions are mostly short-lived. Keep aligned with configuration for connection pooling.
  • max_prepared_transactions
    When you use prepared transactions you should set this parameter at least equal to the amount of max_connections, so that every connection can have at least one prepared transaction. You should consult the documentation for your prefered ORM to see if there are special hints on this.
  • shared_buffers
    This is the main memory configuration parameter, PostgreSQL uses that for memory buffers. As a rule of thumb, you should set this parameter to 25% of the physical RAM. The operating system itself caches as much data to and from disk, so increasing this value over a certain amount will give you no benefit.
  • effective_cache_size
    The available OS memory should equal shared_buffers + effective_cache_size. So when you have 16 GB RAM and you set shared_buffers to 25% thereof (4 GB) then effective_cache_size should be set to 12 GB.
  • maintenance_work_mem
    The amount of this memory setting is used for maintenance tasks like VACUUM or CREATE INDEX. A good first estimate is 25% of shared_buffers.
  • wal_buffers
    This translates roughly to the amount of uncommitted or dirty data inside the caches. If you set this to -1, then PostgreSQL takes 1/32 of shared_buffers for this. In other words: when you do so and you have shared_buffers = 32 GB, then you might have up to 1G of unwritten data to the WAL (=transaction) log.
  • work_mem
    All complex sorts benefit from this, so it should not be too low. Setting it too high can have a negative impact: a query with 4 tables in a merge join occupies 4xwork_mem. You could start with ~ 1% of shared_buffers or at least 8 MB. For a data warehouse, I’d suggest starting with much larger values.
  • max_worker_processes
    Set this to the number of CPUs you want to share for PostgreSQL exclusively. This is the number of background processes the database engine can use.
  • max_parallel_workers_per_gather
    The maximum workers a Gather or GatherMerge node can use (see documentation about details), should be set equal to max_worker_processes.
  • max_parallel_workers
    Maximum parallel worker processes for parallel queries. Same as for max_worker_processes.

The following settings have direct impact on the query optimizer, which tries its best to find the right strategy to answer a query as fast as possible.

  • effective_io_concurrency
    The number of real concurrent IO operations supported by the IO subsystem. As a starting point: with plain HDD try 2, with SSDs go for 200 and if you have a potent SAN you can start with 300.
  • random_page_cost
    This factor basically tells the PostgreSQL query planner how much more (or less) expensive it is to access a random page than to do sequential access.
    In times of SSDs or potent SANs this does not seem so relevant, but it was in times of traditional hard disk drives. For SSDs an SANs, start with 1.1, for plain old disks set it to 4.
  • min_ and max_wal_size
    These settings set size boundaries on the transaction log of PostgreSQL. Basically this is the amount of data that can be written until a checkpoint is issued which in turn syncs the in-memory data with the on-disk data.

User cases

8 GB RAM, 4 virtual CPU cores, SSD storage, Data Warehouse:

  • large sequential IOs, due to ETL processes
  • large result sets
  • complex joins with many tables
  • many long lasting connections

So let’s look at some example configuration:

max_connections = 100
shared_buffers = 2GB
effective_cache_size = 6GB
maintenance_work_mem = 1GB
wal_buffers = 16MB
random_page_cost = 1.1
effective_io_concurrency = 200
work_mem = 64MB
min_wal_size = 4GB
max_wal_size = 8GB
max_worker_processes = 4
max_parallel_workers_per_gather = 2
max_parallel_workers = 4

2 GB RAM, 2 virtual CPU, SAN-like storage, a blog-engine like WordPress

  • few connection
  • simple queries
  • tiny result sets
  • low transaction frequency
max_connections = 20
shared_buffers = 512MB
effective_cache_size = 1536MB
maintenance_work_mem = 128MB
wal_buffers = 16MB
random_page_cost = 1.1
effective_io_concurrency = 300
work_mem = 26214kB
min_wal_size = 16MB
max_wal_size = 64MB
max_worker_processes = 2
max_parallel_workers_per_gather = 1
max_parallel_workers = 2

Rasperry Pi, 4 arm cores, SD-card storage, some self-written Python thingy

max_connections = 10
shared_buffers = 128MB
effective_cache_size = 384MB
maintenance_work_mem = 32MB
wal_buffers = 3932kB
random_page_cost = 10 # really slow IO, really slow
effective_io_concurrency = 1
work_mem = 3276kB
max_worker_processes = 4
max_parallel_workers_per_gather = 2
max_parallel_workers = 4

More details

Football

Premier League ENGLAND 2018/2019

September 2018

https://api.media.atlassian.com/file/0d1634d8-5dc6-4e9c-9c17-2a8bf7759ff1/image?token=eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJkNDdlODRhOC1jMmRiLTRkY2ItYTc4My00ZjQ3OTU5NDQ5ZmQiLCJhY2Nlc3MiOnsidXJuOmZpbGVzdG9yZTpmaWxlOjBkMTYzNGQ4LTVkYzYtNGU5Yy05YzE3LTJhOGJmNzc1OWZmMSI6WyJyZWFkIl19LCJleHAiOjE1NjYyOTUxMjAsIm5iZiI6MTU2NjI5MjA2MH0.fcroZePWmVm4AuHMYhK4s33YasHi1yvNa5W9an2UrXo&client=d47e84a8-c2db-4dcb-a783-4f47959449fd&name=image2018-12-18_9-31-53.png&max-age=2940&width=598&height=669

December 2018 – before Christmas

https://api.media.atlassian.com/file/bf3931b2-1b93-4af5-ab2c-45e6137535bb/image?token=eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJkNDdlODRhOC1jMmRiLTRkY2ItYTc4My00ZjQ3OTU5NDQ5ZmQiLCJhY2Nlc3MiOnsidXJuOmZpbGVzdG9yZTpmaWxlOmJmMzkzMWIyLTFiOTMtNGFmNS1hYjJjLTQ1ZTYxMzc1MzViYiI6WyJyZWFkIl19LCJleHAiOjE1NjYyOTUxMjAsIm5iZiI6MTU2NjI5MjA2MH0.uhBHQuk1NWrBEnbKzDZDFe68AU-ll8NXjRtLM0p4edE&client=d47e84a8-c2db-4dcb-a783-4f47959449fd&name=image2018-12-18_9-33-13.png&max-age=2940&width=568&height=616

Mid-January 2019

https://api.media.atlassian.com/file/c2733f79-de5c-4c56-9b6e-2b7b4822593b/image?token=eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJkNDdlODRhOC1jMmRiLTRkY2ItYTc4My00ZjQ3OTU5NDQ5ZmQiLCJhY2Nlc3MiOnsidXJuOmZpbGVzdG9yZTpmaWxlOmMyNzMzZjc5LWRlNWMtNGM1Ni05YjZlLTJiN2I0ODIyNTkzYiI6WyJyZWFkIl19LCJleHAiOjE1NjYyOTUxMjAsIm5iZiI6MTU2NjI5MjA2MH0.Pkgjpc7Wkp-DI3EWHF4Hug6hn9YM3J-Bj9VBLUCgFKs&client=d47e84a8-c2db-4dcb-a783-4f47959449fd&name=image2019-1-16_11-20-14.png&max-age=2940&width=558&height=620

End-feb 2019 (27th feb, 20C)

https://api.media.atlassian.com/file/5bbf7bd1-b0cd-4b29-bfec-5009b17e5ff0/binary?token=eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJkNDdlODRhOC1jMmRiLTRkY2ItYTc4My00ZjQ3OTU5NDQ5ZmQiLCJhY2Nlc3MiOnsidXJuOmZpbGVzdG9yZTpmaWxlOjViYmY3YmQxLWIwY2QtNGIyOS1iZmVjLTUwMDliMTdlNWZmMCI6WyJyZWFkIl19LCJleHAiOjE1NjYzNzUwNDAsIm5iZiI6MTU2NjI5MjA2MH0.Mdu7NoIi6wiPFGpHqUumubAGc7wN9bIiYgrDlht0wRk&client=d47e84a8-c2db-4dcb-a783-4f47959449fd&name=image2019-2-27_17-34-18.png&max-age=2940&width=566&height=576

Start of April 2019

https://api.media.atlassian.com/file/19700f96-16f3-477f-8872-fad63df3382e/image?token=eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJkNDdlODRhOC1jMmRiLTRkY2ItYTc4My00ZjQ3OTU5NDQ5ZmQiLCJhY2Nlc3MiOnsidXJuOmZpbGVzdG9yZTpmaWxlOjE5NzAwZjk2LTE2ZjMtNDc3Zi04ODcyLWZhZDYzZGYzMzgyZSI6WyJyZWFkIl19LCJleHAiOjE1NjYyOTUxMjAsIm5iZiI6MTU2NjI5MjA2MH0.vss5-5eGXenSme79jF8WYAsNJm_9jaUXD8l9PhbTz48&client=d47e84a8-c2db-4dcb-a783-4f47959449fd&name=image2019-4-8_15-48-37.png&max-age=2940&width=455&height=613

May, 7th 2019

image2019-5-7_14-10-25.png

Premier League ENGLAND 2019/2020

Windows Controls via CMD

Windows RUN Shortcuts

Type of CommandCanonical NameCommandKeywordOS
Control Panel Applet, Accessibility Optionscontrol access.cplcplXP
Control Panel AppletAction Centercontrol /name Microsoft.ActionCentercpl8, 7
Control Panel AppleRecent Messagescontrol wscui.cplcpl8, 7
Control Panel AppletAdd Features to Windows 8control /name Microsoft.WindowsAnytimeUpgradecplWin8
Control Panel AppletAdd Hardwarecontrol /name Microsoft.AddHardwarecplVista
Control Panel AppletDevice Manager (W10)control hdwwiz.cplcplXP
Control Panel AppletAdd or Remove Programscontrol appwiz.cplcplXP
Control Panel AppletAdministrative Toolscontrol /name Microsoft.AdministrativeToolscpl10, 8, 7, Vista
Control Panel AppletAdministrative Toolscontrol admintoolscpl10, 8, 7, Vista, XP
Control Panel AppletAutomatic Updatescontrol wuaucpl.cplcplXP
Control Panel AppletAutoPlaycontrol /name Microsoft.AutoPlaycpl8, 7, Vista
Control Panel AppletBackup and Restore Centercontrol /name Microsoft.BackupAndRestoreCentercplVista
Control Panel AppletBackup and Restorecontrol /name Microsoft.BackupAndRestorecpl7
Control Panel AppletBiometric Devicescontrol /name Microsoft.BiometricDevicescpl8, 7
Control Panel AppletBitLocker Drive Encryptioncontrol /name Microsoft.BitLockerDriveEncryptioncpl8, 7, Vista
Control Panel AppletBluetooth Devicescontrol bthprops.cpl 13cpl8, 7, Vista
Control Panel AppletBluetooth Devicescontrol /name Microsoft.BluetoothDevicescplVista
Control Panel AppletColor Managementcontrol /name Microsoft.ColorManagementcpl8, 7, Vista
Control Panel AppletColor 1WinColor.exe 2cplXP
Control Panel AppletCredential Managercontrol /name Microsoft.CredentialManagercpl8, 7
Control Panel AppletClient Service for NetWarecontrol nwc.cplcplXP
Control Panel AppletDate and Timecontrol /name Microsoft.DateAndTimecpl8, 7, Vista
Control Panel AppletDate and Timecontrol timedate.cplcpl8, 7, Vista
Control Panel AppletDate and Timecontrol date/timecpl8, 7, Vista, XP
Control Panel AppletDefault Locationcontrol /name Microsoft.DefaultLocationcplWin7
Control Panel AppletDefault Programscontrol /name Microsoft.DefaultProgramscpl8, 7, Vista
Control Panel AppletDesktop Gadgetscontrol /name Microsoft.DesktopGadgetscplWin7
Control Panel AppletDevice Managercontrol /name Microsoft.DeviceManagercpl8, 7, Vista
Control Panel AppletDevice Managercontrol hdwwiz.cplcpl8, 7, Vista
Control Panel AppletDevice Managerdevmgmt.mscmsc8, 7, Vista, XP
Control Panel AppletDevices and Printerscontrol /name Microsoft.DevicesAndPrinterscpl8, 7
Control Panel AppletDevices and Printerscontrol printerscpl8, 7
Control Panel AppletDisplaycontrol /name Microsoft.Displaycpl8, 7
Control Panel AppletDisplaycontrol desk.cplcpl10, XP
Control Panel AppletSetting Backgroundcontrol desktopcpl10, XP
Control Panel AppletEase of Access Centercontrol /name Microsoft.EaseOfAccessCentercpl10, 8, 7, Vista
Control Panel AppletEase of Access Centercontrol access.cplcpl10, 8, 7, Vista
Control Panel AppletFamily Safetycontrol /name Microsoft.ParentalControlscplWin8
Control Panel AppletFile Historycontrol /name Microsoft.FileHistorycplWin8
Control Panel AppletFlash Player Settings Managercontrol flashplayercplapp.cplcplWin8
Control Panel AppletFolder Optionscontrol /name Microsoft.FolderOptionscpl8, 7, Vista
Control Panel AppletFile Explorer Optionscontrol folderscpl8, 7, Vista, XP
Control Panel AppletFontscontrol /name Microsoft.Fontscpl8, 7, Vista
Control Panel AppletFontscontrol fontscpl8, 7, Vista, XP
Control Panel AppletGame Controllerscontrol /name Microsoft.GameControllerscpl8, 7, Vista
Control Panel AppletGame Controllercontrol joy.cplcpl10, 8, 7, Vista, XP
Control Panel AppletGet Programscontrol /name Microsoft.GetProgramscpl8, 7, Vista
Control Panel AppletGetting Startedcontrol /name Microsoft.GettingStartedcplWin7
Control Panel AppletHome Groupcontrol /name Microsoft.HomeGroupcpl8, 7
Control Panel AppletIndexing Optionscontrol /name Microsoft.IndexingOptionscpl8, 7, Vista
Control Panel AppletIndexing options (W10)rundll32.exe shell32.dll,Control_RunDLL srchadmin.dllcpl8, 7, Vista, XP
Control Panel AppletInfraredcontrol /name Microsoft.Infraredcpl10, 8, 7
Control Panel AppletInfraredcontrol irprops.cplcpl8, 7, Vista
Control Panel AppletInfraredcontrol /name Microsoft.InfraredOptionscplVista
Control Panel AppletInternet Optionscontrol /name Microsoft.InternetOptionscpl8, 7, Vista
Control Panel AppletInternet Optionscontrol inetcpl.cplcpl8, 7, Vista, XP
Control Panel AppletiSCSI Initiatorcontrol /name Microsoft.iSCSIInitiatorcpl8, 7, Vista
Control Panel AppletKeyboardcontrol /name Microsoft.Keyboardcpl10, 8, 7, Vista
Control Panel AppletKeyboardcontrol keyboardcpl10, 8, 7, Vista, XP
Control Panel AppletLanguagecontrol /name Microsoft.Languagecpl10, 8
Control Panel AppletLocation and Other Sensorscontrol /name Microsoft.LocationAndOtherSensorscpl10, 7
Control Panel AppletLocation Settingscontrol /name Microsoft.LocationSettingscplWin8
Control Panel AppletMail 4control mlcfg32.cpl 5cpl8, 7, Vista, XP
Control Panel AppletMousecontrol /name Microsoft.Mousecpl8, 7, Vista
Control Panel AppletMousecontrol main.cplcpl8, 7, Vista
Control Panel AppletMousecontrol mousecpl8, 7, Vista, XP
Control Panel AppletNetwork and Sharing Centercontrol /name Microsoft.NetworkAndSharingCentercpl8, 7, Vista
Control Panel AppletNetwork Connectionscontrol ncpa.cplcpl8, 7, Vista
Control Panel AppletNetwork Connectionscontrol netconnectionscpl8, 7, Vista, XP
Control Panel AppletNetwork Setup Wizardcontrol netsetup.cplcpl8, 7, Vista, XP
Control Panel AppletNotification Area Iconscontrol /name Microsoft.NotificationAreaIconscpl8, 7
Control Panel AppletODBC Data Source Administratorcontrol odbccp32.cplcplXP
Control Panel AppletOffline Filescontrol /name Microsoft.OfflineFilescpl8, 7, Vista
Control Panel AppletParental Controlscontrol /name Microsoft.ParentalControlscpl7, Vista
Control Panel AppletPen and Input Devicescontrol /name Microsoft.PenAndInputDevicescplVista
Control Panel AppletPen and Input Devicescontrol tabletpc.cplcplVista
Control Panel AppletPen and Touchcontrol /name Microsoft.PenAndTouchcpl8, 7
Control Panel AppletPen and Touchcontrol tabletpc.cplcpl8, 7
Control Panel AppletPeople Near Mecontrol /name Microsoft.PeopleNearMecpl7, Vista
Control Panel AppletPeople Near Mecontrol collab.cplcpl7, Vista
Control Panel AppletPerformance Information and Toolscontrol /name Microsoft.PerformanceInformationAndToolscpl8, 7, Vista
Control Panel AppletPersonalizationcontrol /name Microsoft.Personalizationcpl8, 7, Vista
Control Panel AppletPersonalizationcontrol desktopcpl8, 7, Vista
Control Panel AppletPhone and Modem Optionscontrol /name Microsoft.PhoneAndModemOptionscplVista
Control Panel AppletPhone and Modem Optionscontrol telephon.cplcplVista, XP
Control Panel AppletPhone and Modemcontrol /name Microsoft.PhoneAndModemcpl8, 7
Control Panel AppletPhone and Modemcontrol telephon.cplcpl8, 7
Control Panel AppletPower Optionscontrol /name Microsoft.PowerOptionscpl8, 7, Vista
Control Panel AppletPower Optionscontrol powercfg.cplcpl8, 7, Vista, XP
Control Panel AppletPrinters and Faxescontrol printerscplXP
Control Panel AppletPrinterscontrol /name Microsoft.PrinterscplVista
Control Panel AppletPrinterscontrol printerscplVista
Control Panel AppletProblem Reports and Solutionscontrol /name Microsoft.ProblemReportsAndSolutionscplVista
Control Panel AppletPrograms and Featurescontrol /name Microsoft.ProgramsAndFeaturescpl8, 7, Vista
Control Panel AppletPrograms and Featurescontrol appwiz.cplcpl8, 7, Vista
Control Panel AppletRecoverycontrol /name Microsoft.Recoverycpl8, 7
Control Panel AppletRegioncontrol /name Microsoft.RegionAndLanguagecplWin8
Control Panel AppletRegioncontrol intl.cplcplWin8
Control Panel AppletRegioncontrol internationalcplWin8
Control Panel AppletRegion and Languagecontrol /name Microsoft.RegionAndLanguagecplWin7
Control Panel AppletRegion and Languagecontrol intl.cplcplWin7
Control Panel AppletRegion and Languagecontrol internationalcplWin7
Control Panel AppletRegional and Language Optionscontrol /name Microsoft.RegionalAndLanguageOptionscplVista
Control Panel AppletRegional and Language Optionscontrol intl.cplcplVista
Control Panel AppletRegional and Language Optionscontrol internationalcplVista, XP
Control Panel AppletRemoteApp and Desktop Connectionscontrol /name Microsoft.RemoteAppAndDesktopConnectionscpl8, 7
Control Panel AppletScanners and Camerascontrol /name Microsoft.ScannersAndCamerascpl8, 7, Vista
Control Panel AppletScanners and Camerascontrol sticpl.cplcplXP
Control Panel AppletScheduled Taskscontrol schedtaskscplXP
Control Panel AppletScreen Resolutioncontrol desk.cplcpl8, 7
Control Panel AppletSecurity Centercontrol /name Microsoft.SecurityCentercplVista
Control Panel AppletSecurity Centercontrol wscui.cplcplXP
Control Panel AppletSoftware Explorers 8msascui.exe 9cplXP
Control Panel AppletSoundcontrol /name Microsoft.Soundcpl8, 7
Control Panel AppletSoundcontrol /name Microsoft.AudioDevicesAndSoundThemescplVista
Control Panel AppletSoundcontrol mmsys.cplcpl8, 7, Vista
Control Panel AppletSounds and Audio Devicescontrol mmsys.cplcplXP
Control Panel AppletSpeech Recognition Optionscontrol /name Microsoft.SpeechRecognitionOptionscplVista
Control Panel AppletSpeech Recognitioncontrol /name Microsoft.SpeechRecognitioncpl8, 7
Control Panel AppletSpeechcontrol sapi.cpl 10cplXP
Control Panel AppletStorage Spacescontrol /name Microsoft.StorageSpacescplWin8
Control Panel AppletSync Centercontrol /name Microsoft.SyncCentercpl8, 7, Vista
Control Panel AppletSystemcontrol /name Microsoft.Systemcpl8, 7, Vista
Control Panel AppletSystem Propertiescontrol sysdm.cplcpl7, XP
Control Panel AppletSystem Propertiescontrol sysdm.cplcpl8, 7, Vista
Control Panel AppletTablet PC Settingscontrol /name Microsoft.TabletPCSettingscpl8, 7, Vista
Control Panel AppletTask Scheduler 7control schedtaskscpl8, 7, Vista
Control Panel AppletTaskbarcontrol /name Microsoft.Taskbarcpl10, 8
Control Panel AppletTaskbarrundll32.exe shell32.dll,Options_RunDLL 1cplWin8
Control Panel AppletTaskbar and Start Menucontrol /name Microsoft.TaskbarAndStartMenucpl7, Vista
Control Panel AppletTaskbar and Start Menurundll32.exe shell32.dll,Options_RunDLL 1cpl7, Vista, XP
Control Panel AppletText to Speechcontrol /name Microsoft.TextToSpeechcpl8, 7, Vista
Control Panel AppletTroubleshootingcontrol /name Microsoft.Troubleshootingcpl8, 7
Control Panel AppletUser Accountscontrol /name Microsoft.UserAccountscpl8, 7, Vista
Control Panel AppletUser Accountscontrol userpasswords control userpasswords2cpl8, 7, Vista, XP
Control Panel AppletWelcome Centercontrol /name Microsoft.WelcomeCentercplVista
Control Panel AppletWindows 7 File Recoverycontrol /name Microsoft.BackupAndRestorecplWin8
Control Panel AppletWindows Anytime Upgradecontrol /name Microsoft.WindowsAnytimeUpgradecpl7, Vista
Control Panel AppletWindows CardSpacecontrol /name Microsoft.CardSpacecpl7, Vista
Control Panel AppletWindows CardSpacecontrol infocardcpl.cplcpl7, Vista
Control Panel AppletWindows Defendercontrol /name Microsoft.WindowsDefendercpl8, 7, Vista
Control Panel AppletWindows Firewallcontrol /name Microsoft.WindowsFirewallcpl8, 7, Vista
Control Panel AppletWindows Firewallcontrol firewall.cplcpl10, 8, 7, Vista, XP
Control Panel AppletWindows Marketplacecontrol /name Microsoft.GetProgramsOnlinecplVista only
Control Panel AppletWindows Mobility Centercontrol /name Microsoft.MobilityCentercpl10, 8, 7, Vista
Control Panel AppletWindows Sidebar Propertiescontrol /name Microsoft.WindowsSidebarPropertiescplVista only
Control Panel AppletWindows SideShowcontrol /name Microsoft.WindowsSideShowcpl8,7, Vista only
Control Panel AppletWindows Updatecontrol /name Microsoft.WindowsUpdatecpl10, 8, 7, Vista
Control Panel AppletWireless Link, Infraredcontrol irprops.cplcpl10, XP
ExecutableAccessibility OptionsutilmanexeWin7, 8, 10
ExecutableAdd Hardware WizardhdwwizexeWin7, 8, 10
Control Panel Applet(Add New Programs)control appwiz.cpl,,1cplWin7, 8, 10
Control Panel Applet(Add Remove Windows Components)control appwiz.cpl,,2cplWin7, 8, 10
Control Panel Applet(Set Program Access & Defaults )control appwiz.cpl,,3cplWin7, 8, 10
ExecutableAdvanced User Accounts Control PanelnetplwizexeWin7, 8, 10
Management consoleAuthorization Managerazman.mscmscWin7, 8, 10
ExecutableAutomatic Updatecontrol wuaucpl.cplexeWin7, 8, 10
ExecutableBackup and Restore UtilitysdcltexeWin7, 8, 10
ExecutableBluetooth Transfer WizardfsquirtexeWin7, 8, 10
ExecutableCalculatorcalcexeWin7, 8, 10
Management consoleCertificate Managercertmgr.mscmscWin7, 8, 10
ExecutableCharacter MapcharmapexeWin7, 8, 10
ExecutableCheck Disk UtilitychkdskexeWin7, 8, 10
ExecutableClear Type (tune or turn off)cttuneexeWin7, 8, 10
ExecutableColor ManagementcolorcplexeWin7, 8, 10
ExecutableCommand PromptcmdexeWin7, 8, 10
ExecutableComponent ServicesdcomcnfgexeWin7, 8, 10
Management consoleComponent Servicescomexp.mscmscWin7, 8, 10
ExecutableComputer ManagementCompMgmtLauncher.exeexeWin7, 8, 10
Management consoleComputer Managementcompmgmt.mscmscWin7, 8, 10
ExecutableControl PanelcontrolexeWin7, 8, 10
ExecutableCredential (passwords) Backup and Restore WizardcredwizexeWin7, 8, 10
ExecutableData Execution PreventionSystemPropertiesDataExecutionPreventionexeWin7, 8, 10
ExecutableDate and Time Propertiestimedate.cplexeWin7, 8, 10
ExecutableDevice Pairing WizardDevicePairingWizardexeWin7, 8, 10
ExecutableDigitizer Calibration Tool (Tablets/Touch screens)tabcalexeWin7, 8, 10
Control Panel AppletDirect X Control Panel (if installed)directx.cplcplWin7, 8, 10
ExecutableDirect X TroubleshooterdxdiagexeWin7, 8, 10
ExecutableDisk Cleanup UtilitycleanmgrexeWin7, 8, 10
ExecutableDisk DefragmenterdfrguiexeWin7, 8, 10
ExecutableDisk DefragmenterdefragexeWin7, 8, 10
Management consoleDisk Managementdiskmgmt.mscmscWin7, 8, 10
ExecutableDisk Partition ManagerdiskpartexeWin7, 8, 10
ExecutableDisplay Color CalibrationdccwexeWin7, 8, 10
ExecutableDisplay DPI / Text sizedpiscalingexeWin7, 8, 10
ExecutableDisplay Properties (Themes, Desktop, Screensaver)control desktopexeWin7, 8, 10
ExecutableDisplay Properties (Resolution, Orientation)desk.cplexeWin7, 8, 10
ExecutableDisplay Properties (Color & Appearance)control colorexeWin7, 8, 10
ExecutableDocuments (open 'My Documents' folder)documentsexeWin7, 8, 10
ExecutableDownloads (open 'Downloads' folder)downloadsexeWin7, 8, 10
ExecutableDriver Verifier UtilityverifierexeWin7, 8, 10
ExecutableDVD PlayerdvdplayexeWin7, 8, 10
ExecutableEdit Environment Variablesrundll32.exe sysdm.cpl,EditEnvironmentVariablesexeWin7, 8, 10
ExecutableEncrypting File System Wizard (EFS)rekeywizexeWin7, 8, 10
Management consoleEvent Viewereventvwr.mscmscWin7, 8, 10
ExecutableFile Signature Verification Tool (Device drivers)sigverifexeWin7, 8, 10
ExecutableFiles and Settings Transfer Tool%systemroot%\system32\migwiz\migwiz.exeexeWin7, 8, 10
ExecutableFolders Propertiescontrol foldersexeWin7, 8, 10
ExecutableFonts listcontrol fontsexeWin7, 8, 10
ExecutableFont previewfontview arial.ttfexeWin7, 8, 10
ExecutableGame Controllersjoy.cplexeWin7, 8, 10
Management consoleLocal Group Policy Editorgpedit.mscmscWin7, 8, 10
ExecutableInternet Propertiesinetcpl.cplexeWin7, 8, 10
ExecutableIP ConfigurationipconfigexeWin7, 8, 10
ExecutableiSCSI Initiator configurationiscsicplexeWin7, 8, 10
ExecutableKeyboard Propertiescontrol keyboardexeWin7, 8, 10
ExecutableLanguage Pack InstallerlpksetupexeWin7, 8, 10
Management consoleLocal Security Policysecpol.mscmscWin7, 8, 10
ExecutableLog outlogoffexeWin7, 8, 10
ExecutableMicrosoft Malicious Software Removal ToolmrtexeWin7, 8, 10
ExecutableMicrosoft Management ConsolemmcexeWin7, 8, 10
ExecutableAccess (Microsoft Office)msaccessexeWin7, 8, 10
ExecutableExcel (Microsoft Office)ExcelexeWin7, 8, 10
ExecutablePowerpoint (Microsoft Office)powerpntexeWin7, 8, 10
ExecutableWord (Microsoft Office)winwordexeWin7, 8, 10
ExecutableMicrosoft PaintmspaintexeWin7, 8, 10
ExecutableMicrosoft Support Diagnostic ToolmsdtexeWin7, 8, 10
ExecutableProjector: Connect to Network ProjectornetprojexeWin7, 8, 10
ExecutableProjector: Switch projector displaydisplayswitchexeWin7, 8, 10
ExecutableNotepadnotepadexeWin7, 8, 10
ExecutableODBC Data Source AdminC:\windows\system32\odbcad32.exeexeWin7, 8, 10
ExecutableDefault ODBC driver: 32-bit ODBC driver under 64-bit platformC:\windows\sysWOW64\odbcad32.exeexeWin7, 8, 10
ExecutableODBC configuration - Install/configure MDAC driversodbcconfexeWin7, 8, 10
ExecutableOn Screen KeyboardoskexeWin7, 8, 10
ExecutableOOB Getting StartedgettingstartedexeWin7, 8, 10
ExecutablePassword - Create a Windows Password Reset Disk (USB)"C:\Windows\system32\rundll32.exe" keymgr.dll,PRShowSaveWizardExWexeWin7, 8, 10
Management consolePerformance Monitorperfmon.mscmscWin7, 8, 10
ExecutablePhone DialerdialerexeWin7, 8, 10
ExecutablePresentation SettingsPresentationSettingsexeWin7, 8, 10
ExecutableProblem Steps RecorderpsrexeWin7, 8, 10
ExecutableProgram Access and Computer Defaults - browser / email / mediacomputerdefaultsexeWin7, 8, 10
ExecutablePrinters and Faxescontrol printersexeWin7, 8, 10
Management consolePrint ManagementPrintManagement.mscmscWin7, 8, 10
ExecutablePrinter Migration (backup/restore)printbrmui and printbrm.exeexeWin7, 8, 10
ExecutablePrinter user interface (List all printui.dll options)printuiexeWin7, 8, 10
ExecutablePrivate Character EditoreudceditexeWin7, 8, 10
ExecutableRegional Settings - Language, Date/Time format, keyboard locale.intl.cplexeWin7, 8, 10
ExecutableRegistry EditorregeditexeWin7, 8, 10
ExecutableRemote AssistancemsraexeWin7, 8, 10
ExecutableRemote DesktopmstscexeWin7, 8, 10
ExecutableResource MonitorresmonexeWin7, 8, 10
Management consoleResultant Set of Policyrsop.mscmscWin7, 8, 10
ExecutableSettings (Windows 10)ms-settings:exeWin7, 8, 10
ExecutableScheduled Taskscontrol schedtasksexeWin7, 8, 10
ExecutableScreenshot Snipping ToolsnippingtoolexeWin7, 8, 10
Management consoleServicesservices.mscmscWin7, 8, 10
ExecutableShared Folder WizardshrpubwexeWin7, 8, 10
Management consoleShared Foldersfsmgmt.mscmscWin7, 8, 10
ExecutableShut Down WindowsshutdownexeWin7, 8, 10
ExecutableEXAMPLE: Immediately
Restart immediately
Abort shutdown/restart countdown
shutdown /s /t 0
shutdown /r /t 0
shutdown /a
exeWin7, 8, 10
ExecutableSoftware Licensing/ActivationsluiexeWin7, 8, 10
ExecutableSound RecordersoundrecorderexeWin7, 8, 10
ExecutableSound VolumesndvolexeWin7, 8, 10
ExecutableSyncronization Tool (Offline files)mobsyncexeWin7, 8, 10
Management consoleSystem Configuration UtilitymsconfigmscWin7, 8, 10
ExecutableSystem File Checker Utility (Scan/Purge)sfcexeWin7, 8, 10
ExecutableSystem Informationmsinfo32exeWin7, 8, 10
ExecutableSystem Properties - PerformanceSystemPropertiesPerformanceexeWin7, 8, 10
ExecutableSystem Properties - HardwareSystemPropertiesHardwareexeWin7, 8, 10
ExecutableSystem Properties - AdvancedSystemPropertiesAdvancedexeWin7, 8, 10
ExecutableSystem Repair - Create a System Repair DiscrecdiscexeWin7, 8, 10
ExecutableSystem RestorerstruiexeWin7, 8, 10
ExecutableTask ManagertaskmgrexeWin7, 8, 10
Management consoleTask Schedulertaskschd.mscmscWin7, 8, 10
ExecutableTelnet ClienttelnetexeWin7, 8, 10
ExecutableTrusted Platform Module Initialization WizardtpmInitexeWin7, 8, 10
ExecutableUser Accounts (Autologon)control userpasswords2exeWin7, 8, 10
ExecutableUser Account Control (UAC) SettingsUserAccountControlSettingsexeWin7, 8, 10
ExecutableUser Profiles - Edit/Change typeC:\Windows\System32\rundll32.exe sysdm.cpl,EditUserProfilesexeWin7, 8, 10
ExecutableWindows Disc Image Burning Toolisoburn C:\movies\madmax.isoexeWin7, 8, 10
ExecutableWindows Explorerexplorer.exeexeWin7, 8, 10
ExecutableWindows FeaturesoptionalfeaturesexeWin7, 8, 10
ExecutableWindows Firewallfirewall.cplexeWin7, 8, 10
Management consoleWindows Firewall with Advanced Securitywf.mscmscWin7, 8, 10
ExecutableWindows Image Acquisition (scanner)wiaacmgrexeWin7, 8, 10
ExecutableWindows MagnifiermagnifyexeWin7, 8, 10
Management consoleWindows Management Infrastructurewmimgmt.mscmscWin7, 8, 10
ExecutableWindows Memory Diagnostic SchedulermdschedexeWin7, 8, 10
ExecutableWindows Mobility Center (Mobile PCs only)mblctrexeWin7, 8, 10
ExecutableWindows PowerShellpowershellexeWin7, 8, 10
ExecutableWindows PowerShell ISEpowershell_iseexeWin7, 8, 10
ExecutableWindows Security Action Centerwscui.cplexeWin7, 8, 10
ExecutableWindows Script Host(VBScript)wscript NAME_OF_SCRIPT.VBSexeWin7, 8, 10
ExecutableWindows System Security Tool. Encrypt the SAM database. (boot password.)syskeyexeWin7, 8, 10
ExecutableWindows UpdatewuappexeWin7, 8, 10
ExecutableWindows Update Standalone InstallerwusaexeWin7, 8, 10
ExecutableWindows Version (About Windows)winverexeWin7, 8, 10
ExecutableWordPadwriteexeWin7, 8, 10
DeprecatedMicrosoft.BackupAndRestoreCenter/Microsoft.BackupAndRestoreremoved in Win 8
DeprecatedMicrosoft.CardSpaceremoved in Win 8
DeprecatedMicrosoft.DesktopGadgetsremoved in Win 8
DeprecatedMicrosoft.GetProgramsOnlineremoved in Win 7
DeprecatedMicrosoft.PeopleNearMeremoved in Win 8.1
DeprecatedMicrosoft.PerformanceInformationAndToolsremoved in Win 8.1
DeprecatedMicrosoft.WindowsSidebarPropertiesremoved in Win 8.1
DeprecatedMicrosoft.WindowsSideShowremoved in Win 8.1
commandrunasrunas /user:administrator controlfull commandWin 10
commandView IP confignetsh interface ip show configfull commandWin 10
commandConfigure interface 'Local Area Connection' with [IPaddr] [Netmask] [DefaultGW]netsh interface ip set address local static [IPaddr] [Netmask] [DefaultGW] 1full commandWin 10
commandConfigure DNS server for 'Local Area Connection'netsh interface ip set dns local static [IPaddr]full commandWin 10
commandConfigure interface to use DHCPnetsh interface ip set address local dhcpfull commandWin 10
commandTurn off built-in Windows firewallnetsh firewall set opmode disablefull commandWin 10
variableC:\ProgramDataALLUSERSPROFILEvariableWin 10
variableC:\Users\{username}\AppData\RoamingAPPDATAvariableWin 10
variableThe current directory (string)CDvariableWin 10
regAdd a key to the registry on machine [TargetIPaddr] within the registry domain [RegDomain] to location [Key].reg add [\\TargetIPaddr\] [RegDomain]\[Key]RegeditWin 10
regExport all subkeys and values located in the domain [RegDomain] under the location [Key] to the file [FileName]reg export [RegDomain]\[Key] [FileName]RegeditWin 10
regImport all registry entries from the file [FileName]reg import [FileName]RegeditWin 10
regQuery for a specific Value of a Key:reg query [\\TargetIPaddr\][RegDomain]\[Key] /v [ValueName]regeditWin 10
wmicUseful [aliases]:
process
service
share
nicconfig
startup
useraccount
qfe (Quick Fix Engineering – shows patches)
wmic [alias] [where clause] [verb clause]wmicWin 10
wmicExample[where clauses]:where name="nc.exe"where (commandline like "%stuff")where (name="cmd.exe" and parentprocessid!="[pid]")wmicWin 10
wmicExample [verb clauses]:list [full|brief]get [attrib1,attrib2...]call [method]deletewmicWin 10
wmicList all attributes of [alias]wmic [alias] get /?wmicWin 10
wmicList all callable methods of [alias]wmic [alias] call /?wmicWin 10
wmicEXAMPLE: List all attributes of all running processeswmic process list fullwmicWin 10
wmicEXAMPLE: Make WMIC effect remote [TargetIPaddr]wmic /node:[TargetIPaddr] /user:[User] /password:[Passwd] process list fullwmicWin 10
ExecutableList all processes currently runningtasklistprocessWin 10
ExecutableList all processes currently running and the DLLs each has loadedtasklist /mprocessWin 10
ExecutableLists all processes currently running which have the specified [dll] loadedtasklist /m [dll]processWin 10
ExecutableList all processes currently running and the services hosted in those processestasklist /svcprocessWin 10
ExecutableQuery brief status of all servicessc queryservicesWin 10
ExecutableQuery the configuration of a specific servicesc qc [ServiceName]servicesWin 10
ExecutableShow all TCP and UDP port usage and process IDnetstat -anetworkWin 10
ExecutableTo list out only tcp connectionsnetstat -tnetworkWin 11
ExecutableListing all LISTENING Connectionsnetstat -lnetworkWin 12
ExecutableLook for usage of port [port] every [N] secondsnetstat -ano [N] | find [port]networkWin 10
ExecutableDump detailed protocol statisticsnetstat -ano -p [tcp|udp|ip|icmp]networkWin 10
commandSearch directory structure for a file in a specific directorydir /b /s [Directory]\[FileName]cplWin 10
commandCount the number of lines on StandardOuy of [Command][Command] | find /c /v ""cplWin 10
commandCounting Loop;
Set %i to an initial value of [start] and increment it by [step] at every iteration until its value is equal to [stop]. For each iteration, run [command]. The iterator variable %i can be used anywhere in the command to represent its current value
for /L %i in ([start],[step],[stop]) do [command]cplWin 10
commandIterate over file contents;
Iterate through the contents of the file on a line-by-line basis. For each iteration, store the contents of the line into %i and run [command]
for /F %i in ([file-set]) do [command]commandWin 10
Control Panel AppletLocal User Manager (includes group management)lusrmgr.msccommandWin 10
Shell CommandAccesses the account pictures folder you have in your Windows 10 device.shell:AccountPictureshellWin10
Shell CommandAdds a new program folder.shell:AddNewProgramsFoldershellWin10
Shell CommandAccesses administrative tools folder.shell:Administrative ToolsshellWin10
Shell CommandAccesses AppData folder in the Windows 10 system.shell:AppDatashellWin10
Shell CommandAccesses Application Shortcuts folder.shell:Application ShortcutsshellWin10
Shell CommandAccesses the Apps Folder.shell:AppsFoldershellWin10
Shell CommandAccesses the Apps updates folder.shell:AppUpdatesFoldershellWin10
Shell CommandAccesses the Cache folder.shell:CacheshellWin10
Shell CommandAccess camera roll folder.shell:Camera RollshellWin10
Shell CommandAccesses the temporary burn folder.shell:CD BurningshellWin10
Shell CommandAccesses the Remove/Change program folder.shell:ChangeRemoveProgramsFoldershellWin10
Shell CommandAccesses the Administrative Tools folder.shell:Common Administrative ToolsshellWin10
Shell CommandAccesses the Common AppData folder.shell:Common AppDatashellWin10
Shell CommandAccesses the public desktop folder.shell:Common DesktopshellWin10
Shell CommandAccesses Public Documents folder.shell:Common DocumentsshellWin10
Shell CommandAccesses Programs folder.shell:Common ProgramsshellWin10
Shell CommandAccesses the start menu folder.shell:Common Start MenushellWin10
Shell CommandAccesses Startup folder situated in t he Windows 10 system.shell:Common StartupshellWin10
Shell CommandAccesses “Common Templates” folder.shell:Common TemplatesshellWin10
Shell CommandAccesses Downloads folder.shell:CommonDownloadsshellWin10
Shell CommandAccesses the music folder.shell:CommonMusicshellWin10
Shell CommandAccesses “Pictures” folder.shell:CommonPicturesshellWin10
Shell CommandAccesses the ringtones folder.shell:CommonRingtonesshellWin10
Shell CommandAccesses the public Video folder.shell:CommonVideoshellWin10
Shell CommandAccesses the Conflict folder in the Windows 10 system.shell:ConflictFoldershellWin10
Shell CommandOpens up the connections foldershell:ConnectionsFoldershellWin10
Shell CommandOpens the Contact foldershell:ContactsshellWin10
Shell CommandOpens the Control panel folder.shell:ControlPanelFoldershellWin10
Shell CommandOpens the Cookies folder.shell:CookiesshellWin10
Shell CommandOpens the Credential manager feature.shell:CredentialManagershellWin10
Shell CommandOpens up the Crypto keys foldershell:CryptoKeysshellWin10
Shell CommandOpens the CSC Folder.shell:CSCFoldershellWin10
Shell CommandOpens up the Desktop folder.shell:DesktopshellWin10
Shell CommandOpens the metadata store folder.shell:Device Metadata StoreshellWin10
Shell CommandOpens the Documents Library foldershell:DocumentsLibraryshellWin10
Shell CommandOpens the Downloads foldershell:DownloadsshellWin10
Shell CommandOpens the DpapiKeys foldershell:DpapiKeysshellWin10
Shell CommandOpens the Favorites folder.shell:FavoritesshellWin10
Shell CommandOpens the Fonts folder.shell:FontsshellWin10
Shell CommandOpens the Games folder.shell:GamesshellWin10
Shell CommandOpens the Game Tasks foldershell:GameTasksshellWin10
Shell CommandOpens the History foldershell:HistoryshellWin10
Shell CommandOpens the HomeGroup folder for the current user.shell:HomeGroupCurrentUserFoldershellWin10
Shell CommandOpens HomeGroup folder.shell:HomeGroupFoldershellWin10
Shell CommandOpens the Implicit Apps shortcut folder.shell:ImplicitAppShortcutsshellWin10
Shell CommandOpens Internet Folder.shell:InternetFoldershellWin10
Shell CommandOpens Libraries folder.shell:LibrariesshellWin10
Shell CommandOpens the Links folder.shell:LinksshellWin10
Shell CommandOpens Local AppData folder.shell:Local AppDatashellWin10
Shell CommandOpens Local AppDataLow folder.shell:LocalAppDataLowshellWin10
Shell CommandOpens LocalizedResources folder.shell:LocalizedResourcesDirshellWin10
Shell CommandOpens MAPI folder.shell:MAPIFoldershellWin10
Shell CommandOpens LusicLibrary folder.shell:MusicLibraryshellWin10
Shell CommandOpens My Music folder.shell:My MusicshellWin10
Shell CommandOpens My Video folder.shell:My VideoshellWin10
Shell CommandOpens MyComputer folder.shell:MyComputerFoldershellWin10
Shell CommandOpens NetHood folder.shell:NetHoodshellWin10
Shell CommandOpens NetworkPlaces folder.shell:NetworkPlacesFoldershellWin10
Shell CommandOpens OEM Links folder.shell:OEM LinksshellWin10
Shell CommandOpens OneDrive folder in Windows 10shell:OneDriveshellWin10
Shell CommandOpens Original Images folder.shell:Original ImagesshellWin10
Shell CommandOpens Personal folder.shell:PersonalshellWin10
Shell CommandOpens PhotoAlbums folder.shell:PhotoAlbumsshellWin10
Shell Commandopens PicturesLibrary folder.shell:PicturesLibraryshellWin10
Shell CommandOpens Playlists folder.shell:PlaylistsshellWin10
Shell CommandOpens Printer folder.shell:PrintersFoldershellWin10
Shell CommandOpens PrintHood folder.shell:PrintHoodshellWin10
Shell CommandOpens Profile folder.shell:ProfileshellWin10
Shell CommandOpens ProgramFiles folder.shell:ProgramFilesshellWin10
Shell CommandOpens ProgramFilesCommon folder.shell:ProgramFilesCommonshellWin10
Shell CommandOpens ProgramFilesCommonX64 folder.shell:ProgramFilesCommonX64shellWin10
Shell CommandOpens ProgramFilesCommonX86 folder.shell:ProgramFilesCommonX86shellWin10
Shell CommandOpens ProgramFilesX64 folder.shell:ProgramFilesX64shellWin10
Shell CommandOpens ProgramFilesX86 folder.shell:ProgramFilesX86shellWin10
Shell CommandOpens Programs folder.shell:ProgramsshellWin10
Shell CommandOpens Public folder.shell:PublicshellWin10
Shell CommandOpens PublicAccountPictures folder.shell:PublicAccountPicturesshellWin10
Shell CommandOpens PublicGameTasks folder.shell:PublicGameTasksshellWin10
Shell CommandOpens PublicLibraries folder.shell:PublicLibrariesshellWin10
Shell CommandOpens Quick Launch folder.shell:Quick LaunchshellWin10
Shell CommandOpens up recent items foldershell:RecentshellWin10
Shell CommandOpens up recorder file in the Windows 10 systemshell:RecordedTVLibraryshellWin10
Shell CommandOpens the system Recycle Bin foldershell:RecycleBinFoldershellWin10
Shell CommandOpens up the Resource foldershell:ResourceDirshellWin10
Shell CommandOpens up Demo foldershell:Retail DemoshellWin10
Shell CommandOpens up the Ringtones folder in Windows 10shell:RingtonesshellWin10
Shell CommandOpens up the Roamed Tile images foldershell:Roamed Tile ImagesshellWin10
Shell CommandOpens the Roaming Tiles foldershell:Roaming TilesshellWin10
Shell CommandIt opens the SavedGames folder you have in the Windows 10 systemshell:SavedGamesshellWin10
Shell CommandOpens the Screenshots foldershell:ScreenshotsshellWin10
Shell CommandOpens the Search folder.shell:SearchesshellWin10
Shell CommandOpens the Search History folder you have in the system.shell:SearchHistoryFoldershellWin10
Shell CommandOpens the Search Home folder.shell:SearchHomeFoldershellWin10
Shell CommandOpens the Search templates folder.shell:SearchTemplatesFoldershellWin10
Shell CommandOpens the SendTo folder.shell:SendToshellWin10
Shell CommandOpens the SkyDriveCameraRoll folder.shell:SkyDriveCameraRollshellWin10
Shell CommandOpens the SkyDriveMusic folder.shell:SkyDriveMusicshellWin10
Shell CommandOpens the SkyDrivePictures folder.shell:SkyDrivePicturesshellWin10
Shell CommandOpens up the Start menu folder.shell:Start MenushellWin10
Shell CommandOpens the AllPrograms folder you have in the start menu.shell:StartMenuAllProgramsshellWin10
Shell CommandOpens the Startup folder.shell:StartupshellWin10
Shell CommandOpens the SyncCenter folder.shell:SyncCenterFoldershellWin10
Shell CommandOpens the SyncResults folder.shell:SyncResultsFoldershellWin10
Shell Commandopens the SyncSetup folder.shell:SyncSetupFoldershellWin10
Shell CommandOpens the System folder.shell:SystemshellWin10
Shell CommandOpens the SystemCertificates folder.shell:SystemCertificatesshellWin10
Shell CommandOpens SystemX86 folder.shell:SystemX86shellWin10
Shell CommandOpens the Templates folder.shell:TemplatesshellWin10
Shell CommandOpens the ThisPCDesktop folder.shell:ThisPCDesktopFoldershellWin10
Shell CommandOpens User pinned folder.shell:User PinnedshellWin10
Shell CommandOpens the user profiles folder.shell:UserProfilesshellWin10
Shell CommandOpens Program Files folder.shell:UserProgramFilesshellWin10
Shell CommandOpens Program Files Common folder.shell:UserProgramFilesCommonshellWin10
Shell CommandOpens the Files folder from a specific user you are logged in with.shell:UsersFilesFoldershellWin10
Shell CommandOpens the Libraries folder for a specific user.shell:UsersLibrariesFoldershellWin10
Shell CommandOpens Video library folder.shell:VideosLibraryshellWin10
Shell CommandOpens the "Windows" folder.shell:WindowsshellWin10
Key ShortcutClose GUI windowsALT+F4shortcutWin 10
OpenSSLCreate new Private Key and Certificate Signing Requestreq -out geekflare.csr -newkey rsa:2048 -nodes -keyout geekflare.keyOpenSSLWin and Unix
OpenSSLCreate a Self-Signed Certificate (dafault 30 days)openssl req -x509 -sha256 -nodes -newkey rsa:2048 -keyout gfselfsigned.key -out gfcert.pemOpenSSLWin and Unix
OpenSSLCreate a Self-Signed Certificate (for 2 years)openssl req -x509 -sha256 -nodes -days 730 -newkey rsa:2048 -keyout gfselfsigned.key -out gfcert.pemOpenSSLWin and Unix
OpenSSLPrint certificate’s fingerprint as md5, sha1, sha256 digestopenssl x509 -in cert.pem -fingerprint -sha256 -nooutOpenSSLWin and Unix
OpenSSLVerify CSR fileopenssl req -noout -text -in geekflare.csrOpenSSLWin and Unix
OpenSSLCreate RSA Private Key (2048-bis is secure enough)openssl genrsa -out private.key 2048OpenSSLWin and Unix
OpenSSLRemove Passphrase from Keyopenssl rsa -in certkey.key -out nopassphrase.keyOpenSSLWin and Unix
OpenSSLPrint public key or modulus onlyopenssl rsa -in example.key -puboutOpenSSLWin and Unix
OpenSSLPrint textual representation of RSA keyopenssl rsa -in example.key -text -nooutOpenSSLWin and Unix
OpenSSLCheck your private key.openssl rsa -check -in example.keyOpenSSLWin and Unix
OpenSSLEncrypt existing private key with a passphraseopenssl rsa -des3 -in example.key -out example_with_pass.keyOpenSSLWin and Unix
OpenSSLVerify Private Keyopenssl rsa -in certkey.key –checkOpenSSLWin and Unix
OpenSSLVerify Certificate Fileopenssl x509 -in certfile.pem -text –nooutOpenSSLWin and Unix
OpenSSLVerify the Certificate Signer Authorityopenssl x509 -in certfile.pem -noout -issuer -issuer_hashOpenSSLWin and Unix
OpenSSLCheck Hash Value of A Certificateopenssl x509 -noout -hash -in bestflare.pemOpenSSLWin and Unix
OpenSSLConvert DER to PEM formatopenssl x509 –inform der –in sslcert.der –out sslcert.pemOpenSSLWin and Unix
OpenSSLConvert PEM to DER formatopenssl x509 –outform der –in sslcert.pem –out sslcert.derOpenSSLWin and Unix
OpenSSLConvert Certificate and Private Key to PKCS#12 formatopenssl pkcs12 –export –out sslcert.pfx –inkey key.pem –in sslcert.pemOpenSSLWin and Unix
OpenSSLConvert Certificate and Private Key to PKCS#12 format including chainsopenssl pkcs12 –export –out sslcert.pfx –inkey key.pem –in sslcert.pem -chain cacert.pemOpenSSLWin and Unix
OpenSSLCreate CSR using an existing private keyopenssl req –out certificate.csr –key existing.key –newOpenSSLWin and Unix
OpenSSLCheck contents of PKCS12 format certopenssl pkcs12 –info –nodes –in cert.p12OpenSSLWin and Unix
OpenSSLConvert PKCS12 format to PEM certificateopenssl pkcs12 –in cert.p12 –out cert.pemOpenSSLWin and Unix
OpenSSLCombine several certificates in PKCS7 (P7B)openssl crl2pkcs7 -nocrl -certfile child.crt -certfile ca.crt -out example.p7bOpenSSLWin and Unix
OpenSSLCombine a PEM and a private key to PKCS#12 (.pfx .p12) + chainsopenssl pkcs12 -export -out certificate.pfx -inkey privkey.pem -in certificate.pem -certfile ca-chain.pemOpenSSLWin and Unix
OpenSSLConvert a PKCS#12 file (.pfx .p12) back to PEM (for export)openssl pkcs12 -in keystore.pfx -out keystore.pem -nodesOpenSSLWin and Unix
OpenSSLList available EC curves supported in OpenSSLopenssl ecparam -list_curvesOpenSSLWin and Unix
OpenSSLTest SSL certificate of particular URLopenssl s_client -connect yoururl.com:443 –showcertsOpenSSLWin and Unix
OpenSSLFind out OpenSSL versionopenssl versionOpenSSLWin and Unix
OpenSSLList cipher suitesopenssl ciphers -vOpenSSLWin and Unix
OpenSSLCheck PEM File Certificate Expiration Dateopenssl x509 -noout -in certificate.pem -datesOpenSSLWin and Unix
OpenSSLCheck Certificate Expiration Date of SSL URLopenssl s_client -connect secureurl.com:443 2>/dev/null | openssl x509 -noout –enddateOpenSSLWin and Unix
OpenSSLSSL check if SSL3 is accepted on URLopenssl s_client -connect secureurl.com:443 -ssl2OpenSSLWin and Unix
OpenSSLSSL check if SSL3 is accepted on URLopenssl s_client -connect secureurl.com:443 –ssl3OpenSSLWin and Unix
OpenSSLSSL check if TLS1 is accepted on URLopenssl s_client -connect secureurl.com:443 –tls1OpenSSLWin and Unix
OpenSSLSSL check if TLS1.1 is accepted on URLopenssl s_client -connect secureurl.com:443 –tls1_1OpenSSLWin and Unix
OpenSSLSSL check if TLS1.2 is accepted on URLopenssl s_client -connect secureurl.com:443 –tls1_2OpenSSLWin and Unix
OpenSSLVerify if the particular cipher is accepted on URLopenssl s_client -cipher 'ECDHE-ECDSA-AES256-SHA' -connect secureurl:443OpenSSLWin and Unix
OpenSSLConnect to a server and show full certificate chainopenssl s_client -showcerts -host example.com -port 443 OpenSSLWin and Unix
OpenSSLOverride SN when multiple secure sites are hosted on same IPopenssl s_client -servername www.example.com -host example.com -port 443OpenSSLWin and Unix
OpenSSLMeasure SSL connection time with session reuseopenssl s_time -connect example.com:443 -newOpenSSLWin and Unix
OpenSSLMeasure SSL connection time without session reuseopenssl s_time -connect example.com:443 -reuseOpenSSLWin and Unix
OpenSSLMeasure speed of security algorithms, rsaopenssl speed rsa2048OpenSSLWin and Unix
OpenSSLMeasure speed of security algorithms, ecdsapopenssl speed ecdsap256OpenSSLWin and Unix
openssl, curlExamine TCP and SSL handshake times using curlcurl -kso /dev/null -w "tcp:%{time_connect}, ssldone:%{time_appconnect}\n" https://example.comOpenSSLWin and Unix
curlCheck URLcurl https://domain.com/cURLWin and Unix
curlstore the output of URL in a filecurl -o website https://domain.com/cURLWin and Unix
curlDownload filescurl -O https://domain.com/file.zipcURLWin and Unix
curlDownload with different namecurl -o archive.zip https://domain.com/file.zipcURLWin and Unix
curlFetch Multiple Files at a timecurl -O URL1 -O URL2cURLWin and Unix
curlGet HTTP header informationcurl -I http://domain.comcURLWin and Unix
curlGet HTTP only response header informationcurl -i https://domain.com/cURLWin and Unix
curlAccess an FTP servercurl ftp://ftp.domain.com --user username:passwordcURLWin and Unix
curldownload files via FTPcurl ftp://ftp.domain.com/filename.extension --user username:passwordcURLWin and Unix
curlupload a file onto the FTP server:curl -T filename.extension ftp://ftp.domain.com/ --user username:passwordcURLWin and Unix
curlFollow HTTP Location Headers with -L optioncurl -L http://www.google.comcURLWin and Unix
curlContinue/Resume a Previous Downloadcurl -O http://domain.com/gettext.htmlcURLWin and Unix
curlLimit the Rate of Data Transfercurl --limit-rate 1000B -O http://domain.com/gettext.htmlcURLWin and Unix
curlDownload only if modified before/aftercurl -z 01-Jan-19 http://www.example.com/yy.htmlcURLWin and Unix
curlPass HTTP Authentication in cURLcurl -u username:password URLcURLWin and Unix
curlMore info Verbose and Trace Optioncurl -v http://google.comcURLWin and Unix
curlSend Mail using SMTP Protocolcurl --mail-from test@test.com --mail-rcpt foo@test.com smtp://mailserver.comcURLWin and Unix
curlPerform an HTTP POST requestcurl -X GET https://domain.com/cURLWin and Unix
curlPerform an HTTP PUT requestcurl -X PUT https://domain.com/cURLWin and Unix
curlView External IPcurl wtfismyip.com/json
curl eth0.me
curl ipecho.net/plain
curl icanhazip.com
curl l2.io/ip
curl ifconfig.me/ip
curl httpbin.org/ip
cURLWin
digView External IPdig +short myip.opendns.com @resolver1.opendns.comUnix
nslookupView External IPnslookup myip.opendns.com resolver1.opendns.comnslookupWin
.Net Version checkView .Net version - Navigate to latest folder\%windir%\Microsoft.NET\FrameWork then .\MSBuild.exe -versionMSBuild.exe -versionWin
mstscFull-screen mode
Admin mode
Matches with local desktop
Matches to to the Client Layout
Edit before running
===
Switches RDP full or windowed mode
Forces rdp full-screen
Take screenshot pf active rdp window
Reboot remote computer
Take screenshot of entire rdp
mstsc /f
mstsc /admin
mstsc /span
mstsc /multimon
mstsc /edit “connection file”
===
Ctrl + Alt + Pause
Ctrl + Alt + Break
Ctrl + Alt + Minus
Ctrl + Alt + Plus
Ctrl + Alt + End
Rdp Commands
mstsc
multimon
span
Win
net viewDisplay a list of computers
List the File/Printer shares on a remote PC
List the shares including hidden shares
List all the shares in the domain
net view
NET VIEW \\ComputerName
NET VIEW \\ComputerName /All
NET VIEW /DOMAIN
net sharemanage file/printer sharesNET SHARE sharename /DELETE
NET SHARE devicename /DELETE
NET SHARE drive:path /DELETE
net share /del *
net useconnect to a file share (Drive MAP).
Make all future connections persistent
Disconnect from a share
Map a drive using alternate credentials - prompt for pass
NET USE F: \\ComputerName\ShareName /PERSISTENT:YES
NET USE /P:Yes
NET USE [driveletter:] /DELETE
NET USE G: \\Server\Share1 /USER:domain\username
net accountsAdjust account settingsnet accounts
[/FORCELOGOFF:{minutes | NO}]
[/MINPWLEN:length]
[/MAXPWAGE:{days | UNLIMITED}]
[/MINPWAGE:days]
[/UNIQUEPW:number] [/DOMAIN]
/]

Notes:

  • By definition, canonical names do not change based on the system language; they’re always in English, even if the system’s language is not.
  • Not all Control Panel items are present in all varieties of Windows.
  • Some Control Panel items only appear if the right hardware is detected on the system.
  • Third parties can also add Control Panel items. The canonical names listed here are only for Control Panel items that are included with Windows.
  • You can find out which Control Panel files (.cpl) are available on your version of Windows by going to c:\Windows\System32. There you find all that are available.
  • You may open different tabs directly by adding ,x to the command, e.g. sysdm.cpl,4 to open the System Protection tab of the System Properties control panel applet. This works on the command prompt, but does not on Start or the Run Box.
  • You can run applets with elevated privileges by starting them from an elevated command prompt. Hold down Ctrl and Shift on the keyboard when you launch the Command Prompt to do so.
  • The canonical names used above may be used to reference these items in the Group Policy.

Notes for CPL applets:

  • Color is not available by default but is available for free from Microsoft. Download from MajorGeeks.
  • WinColor.exe must be run from the C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP folder.
  • Device Manager here being commonly used is not a true Control Panel applet in Windows XP. See How to Open Windows XP Device Manager for more information.
  • The Mail applet is only available if a version of Microsoft Office Outlook is installed.
  • Control mlcfg32.cpl command must be run from the C:\Programs Files\Microsoft Office\OfficeXX folder, replacing OfficeXX with the folder pertaining to the Microsoft Office version you have installed.
  • ODBC Data Source Administrator was removed from Control Panel after Windows XP but is still available from Administrative Tools.
  • In Windows 8, 7, and Vista, task scheduling is performed by Task Scheduler which is not directly accessible from Control Panel. However, executing this command in those versions of Windows will forward to Task Scheduler.
  • Software Explorers is the name for the Control Panel applet for Windows Defender, available for free here as part of Microsoft Security Essentials.
  • Msascui.exe must be run from the C:\Program Files\Windows Defender folder.
  • control sapi.cpl command must be run from the C:\Program Files\Common Files\Microsoft Shared\Speech folder.
  • Windows Defender is available in Windows XP but the Control Panel applet is instead called Software Explorers.
  • Windows Update is also used in Windows XP but only via the Windows Update website, not via a Control Panel applet like in later versions of Windows.
  • Bthprops.cpl in (Win 8) opens Devices in PC Settings which will list any Bluetooth Devices. In Windows 7, bthprops.cpl opens athe Bluetooth Devices list under Devices and Printers. In Windows Vista, bthprops.cpl opens a true Control Panel applet called Bluetooth Devices.
  • Create a GodMode Folder granting access to extra Control Panel features. Create new foldare and name it: God Mode.{ED7BA470-8E54-465E-825C-99712043E01C}

Deprecated Canonical Names

  • Microsoft.BackupAndRestoreCenter/Microsoft.BackupAndRestore — Removed in Windows 8
  • Microsoft.CardSpace — Removed in Windows 8
  • Microsoft.DesktopGadgets Removed in Windows 8
  • Microsoft.GetProgramsOnline — Removed in Windows 7
  • Microsoft.PeopleNearMe — Removed in Windows 8.1
  • Microsoft.PerformanceInformationAndTools –Removed in Windows 8.1
  • Microsoft.WindowsSidebarProperties — Removed in Windows 8
  • Microsoft.WindowsSideShow — Removed in Windows 8.1

Tools

WebTools and web services

List of handy Webtools, websites and links.
DescriptionURLUsageRated
Centralopshttps://centralops.net/co/DNS, Whois5
DigWebInterfacehttps://www.digwebinterface.com Dig, Dns, Domain5
Domain toolshttps://www.robtex.com/DNS, Whois5
Domain toolshttp://www.viewdns.infoDNS5
Domain toolshttp://FixYourIP.comDNS4
Domain toolshttp://mega-check.comDNS4
Domain toolshttps://www.whatismyip.com/Multi Lookup, Whois, BL, ports, headers4
Domain Toolkithttps://w3dt.net/DNS, Network tool4
MX Toolbox; Supertoolhttps://mxtoolbox.com/SuperTool.aspxdns, tcp, https, blacklist, smtp, trace, etc1
Domain Toolkithttp://www.intodns.comDNS, Multi reports4
SPF queryhttps://www.kitterman.com/spf/validate.htmlSPF query
Toolkithttps://www.webmaster-toolkit.com/DNS3
Toolkithttps://bgp.he.netBGP toolkit3
Pingabilityhttp://pingability.comMonitor and downtime3
Hex colourshttps://www.color-hex.com/Colours4
What is my IPhttps://www.whatismyip.com/reverse-dns-lookup/Reverse DNS Lookup Tool 4
DNS Checkerhttps://dnschecker.org/Dnschecker, multilocation5
DNSWatchhttps://www.dnswatch.info/Domain Dossier4
Luxscihttps://luxsci.com/smtp-tls-checkerEmail Domain check5
Emailstuffhttps://emailstuff.org/DNS, Email, dmarc5
DNShttps://dns.google.com/query?name=google.com&type=TXT&dnssec=trueGoogle DNS checker4
DNS Spyhttps://dnsspy.io/DNSspy , Monitor, validate and verify 4
Whoishttps://www.whois.com/whois/Whois lookup4
Geolocationhttps://www.iplocation.net/Location – Geolocation IP checker 4
Domain DKIMhttps://tools.wordtothewise.com/dkim/check/Dkim checks 4
Domain DKIMhttps://www.mail-tester.com/spf-dkim-checkSPF, DKIM4
Domain DKIMhttps://dmarcian.com/dmarc-inspector/DKIM, Dmarc Inspect 4
Domain Dmarchttps://www.dmarcanalyzer.com/spf/checker/SPF, DKIM, Dmarc Analyzer4
Debouncerhttps://www.debouncer.com/blacklistlookup?attempt=1Email Blacklist checks 4
Mail Blacklisthttp://mail-blacklist-checker.online-domain-tools.com/Email Blacklist checks 4
Spamcophttps://www.spamcop.net/bl.shtmlEmail Blacklist checks 3
SSL Certificate Toolshttps://www.sslshopper.com/ssl-certificate-tools.htmlSSL Certificate Tools4
SSL Labs full SSL reviewhttps://www.ssllabs.com/ssltest/SSL validator and ciphers5
Digicerthttps://www.digicert.com/help/Digicert Website SSL Diagnostics;4
Digicerthttps://ssltools.digicert.com/checker/SSL Security and SSL/CSR checker;4
SSL and Chrome,https://www.websecurity.symantec.com/support/ssl-checkerChrome distrust check, for Chrome 70+4
Geocerthttps://www.geocerts.com/ssl-checkerSSL checker4
SSL, Email, TLS , multiple checks https://www.checktls.com/SSL checker4
Free tools, basic SSL/CSR checks https://www.clickssl.net/ssl-toolsSSL checker4
SSL toolshttps://www.mrdomain.com/products/ssl/tools/SSL tools4
SSL For Free – Completely free!https://www.sslforfree.com/SSL certs5
Free SSL generation; Check SSL/CSR https://confirm.globessl.com/ssl-checker.htmlSSL certs4
Analyze Responce Headershttps://securityheaders.com/Headers5
Analyze Responce Headershttp://securityheaders.ioHeaders5
HTTP Header Checkerhttps://tools.keycdn.com/curlHeader Checker5
Message Headershttps://toolbox.googleapps.com/apps/messageheader/Message Headers5
Message Header Analyzer https://testconnectivity.microsoft.com/MHA/Pages/mha.aspxHeader5
Message Header Analyzer https://mxtoolbox.com/EmailHeaders.aspxHeader5
WorldTimeBuddyhttps://www.worldtimebuddy.com/Time Difference5
Time.ishttps://time.is/Live clock3
Virustotal – Virus Checkshttps://www.virustotal.com/virus analysis5
MetaDefender Cloudhttps://metadefender.opswat.com/Virus check4
Jottihttps://virusscan.jotti.org/Virus check4
Fortiguardhttps://www.fortiguard.com/faq/onlinescannerVirus Scanner Online4
Kasperskihttps://virusdesk.kaspersky.com/Virus File checker4
Https redirectshttp://www.redirect-checker.org/Redirect Status checks5
Robotshttps://en.ryte.com/free-tools/robots-txt/Robots.txt check4
Robots exampleshttps://developers.google.com/search/reference/robots_txtRobots check4
Robotshttp://www.robotstxt.org/robotstxt.htmlRobots check4
Robbots Twitterhttps://developer.twitter.com/en/docs/tweets/optimize-with-cards/guides/troubleshooting-cards#twitterbot Robots check4
SSL Security Test https://www.immuniweb.com/ssl/Security, SSL test4
Crypto checkshttps://discovery.cryptosense.com/Security, Cryptography checks4
Amazon AWShttp://aws.amazon.com/ AWS5
Cloud Portalhttps://portal.azure.com/ Azure Portal4
MS Cloud , Azurehttps://account.windowsazure.comAzure Account Center 4
MS Cloud, AADhttps://aad.portal.azure.com/AAD admin center4
MS Cloud, Azurehttps://Portal.azure.com/#@mytenantname.onmicrosoft.comAccess to a tenant AAD 4
MS Cloud, Portalhttps://portal.office.com/login O365 Portal4
MS Cloud, O365https://login.microsoftonline.com/O365 login4
MS Cloud, OWAhttps://outlook.office.com/owa/ Office Web App (OWA) 4
MS Cloud, Onedrivehttps://onedrive.live.com/OneDrive4
MS Cloud, MSD adminhttps://port.crm11.dynamics.com/G/Applications/Index.aspxOLD Microsoft 365 admin center (pre H2/2019) 4
MS Cloud, O365 adminhttps://admin.microsoft.com/AdminPortal/Home NEW Microsoft 365 admin center 4
MS Cloud, MSDhttps://home.dynamics.com/ MS Dynamics4
MS Cloud, MSD adminhttps://admin.powerplatform.microsoft.comPowerPlatform (MSD) 4
MS Cloud, PowerBIhttps://powerbi.microsoft.comPowerBI4
MS Cloud, Helphttps://docs.microsoft.comMS Help4
Atlassianhttps://example.atlassian.net/browse/PROJECT-123Atlassian, Modern view4
Atlassianhttps://example.atlassian.net/browse/PROJECT-123?oldIssueView=trueAtlassian, Legacy view4
MS Dynamics https://admin.dynamics.com/environments Modern View4
MS Dynamicshttps://port.crm11.dynamics.com/G/Applications/Index.aspxLegacy View, for admins 4
Domains Registrars http://namecheap.com/Registrar, cheap, bitpay5
Domains Registrars https://www.gandi.net Registrar, many tLDs4
Domains Registrars https://godaddy.com/Registrar, auctions too3
Domains Registrars https://www.netim.com/ Registrar, auctions3
Domains Registrars https://www.name.com/Registrar3
Domains Registrars https://www.101domain.com/Registrar, many tLDs3
Domains Registrars https://sedo.com/Domain Auctions4
Domains Registrars https://www.expireddomains.net/Expired domains grab5
Crypto Newshttps://www.coindesk.com/Coindesk5
Crypto newshttps://www.bitcoin.com/Bitcoin.com3
Crypto newshttps://cointelegraph.com/tags/bitcoinCoinTelegraph5
Crypto newshttps://www.ccn.com/CCN4
Crypto newshttps://bitcoinist.com/Bitcoinist
Crypto newshttps://www.newsbtc.com/NewsBTC 4
Crypto newshttps://ethereumworldnews.com/Crypto news 4
Crypto newshttps://www.dailyfx.com/bitcoinDaily FX3
Crypto newshttps://masterthecrypto.com/3
Crypto newshttps://coinmarketcap.com/Market Capitalisation5
Crypto Statshttps://coin360.com/Market Cap and wedges5
Crypto Statshttps://bitinfocharts.com/Crypto Charts4
Crypto Statshttps://bitcointicker.coTicker stats4
Crypto Statshttps://www.blockchain.com/en/statsBitcoinStats 4
Crypto Statshttps://coin.dance/statsCoin Dance, graphs and chart5
Crypto Statshttps://www.cryptocompare.com/CryptoCompare5
Crypto Statshttps://btc.com/statsMost private search engine3
Crypto Statshttps://blockchair.com/compareBlockchair3
Crypto Statshttps://charts.bitcoin.com/btc/Price charts5
Crypto funhttps://dickline.info/McAfee predicton tool to $1mil4
Crypto funhttps://99bitcoins.com/bitcoin-obituaries/Bitcoin Ongoing Obituaries5
Crypto Excahngeshttps://www.coinbase.comCoinbase3
Crypto Excahngeshttps://shapeshift.io/#/coinsCrypto excanging5
Crypto Excahngeshttps://www.bitmex.comBitmex5
Crypto Excahngeshttps://www.binance.com/enBinance5
Crypto Excahngeshttps://www.kraken.com/Kraken4
Crypto Excahngeshttps://www.etoro.com/markets/btc/statsEtoro, social trading4
Crypto Excahngeshttps://www.etoro.com/markets/btcEtoro – Social Trading Exchange (no crypto cashout)4
Crypto Excahngeshttps://international.bittrex.com/Bittrex3
Crypto Twitter https://twitter.com/hashtag/bitcoin#bitcoin3
Crypto Twitter https://twitter.com/hashtag/crypto#crypto3
Crypto Twitter https://twitter.com/coinmetrics Coinmetrics.comTwitter chanel3
WebPageTest, performancehttps://www.webpagetest.org/multi tests3
Crypto DataMish, statshttp://datamish.comcrypto info3
Crypto Whale Alertshttps://whale-alert.io/crypto alerts, big transfers and moves3
Anonymous files uploadhttps://anonfile.comanon uploads5
Anonymous files uploadhttps://openload.cc/anon uploads
Anonymous files uploadhttps://bayfiles.com/anon uploads4
Anonymous image uploadhttps://unsee.cc/anon images, with expiry date5
Email Validatorhttps://verifalia.com/validate-emailvalidate email inbox3
Email Validatorhttps://www.textmagic.com/free-tools/email-validation-toolvalidate email inbox4
Email Server checkhttps://ssl-tools.net/mailserversSecure Email, Starttls4
Can I use?https://caniuse.com/TLS. browser support4
Wiki of TLShttps://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsersTLS, browser support 5
Have I been pawnedhttps://haveibeenpwned.com/Secure email check5
Ghostprojecthttps://ghostproject.fr/Secure email check3
check your emailhttps://spycloud.com/Secure email check4
leak databasehttps://leakprobe.net/Secure email check4
Latest email Leakshttps://hacked-emails.com/latest/Secure email check4
Hacked passwordshttps://scatteredsecrets.com/Secure email check4
Hacked emailshttps://breachalarm.com/Secure email check4
Dehashed, emailshttps://www.dehashed.com/Secure email check4
Strip HTML tagshttps://www.browserling.com/tools/html-stripHTML tags remove3
Exif view removehttps://www.verexif.com/EXIF remover3
Full emji listhttps://htmlstrip.com/full-emoji-listFull emji list2
Hash decrypt https://hashkiller.co.uk/HashKiller.co.uk is a hash lookup service4
Hex binary converthttps://md5decrypt.net/en/Conversion-tools/Hex binary convert3
MD crypt decrypthttps://md5decrypt.net/MD crypt decrypt3
Hash crypt decrypthttps://md5hashing.net/hash dehash3
MathToolshttps://onlinemathtools.com/ math utilities and tools4
TechURLs news aggregator.https://techurls.com/News Headlines, technology3
Math URLs news aggregator.https://mathurls.com/News Headlines, Maths3
Financial URLs news aggregator.https://finurls.com/News Headlines, Finance3
TLD-listhttps://tld-list.com/Tld, compare, domains5
Pinghttps://pingtool.org/Domain Tools 3
dpi resolutionhttps://www.sven.de/dpi/Screen pixel resolution4
dpi resolutionhttps://www.pixelcalculator.com/Screen pixel resolution4
Aspect ratiohttps://aspectrat.io/Ratios2

Portable Executables and some Installables

Recommended List of useful Online and Offline tools
DescriptionURLUsageCostRating
SoftetherVPN pojecthttps://www.softether.org/Installablefree5
MS Officehttps://products.office.com/Installablepaid5
Foxit Advanced PDF Editor 3.05https://www.foxitsoftware.com/blog/foxit-delivers-advanced-pdf-editor-3-0/Installablepaid5
ShareX, screencapture and morehttps://getsharex.com/Installablefree4
XCA - SSL Management tool, SSL ,CSR, RSA, DSA, PFX, PEMhttps://hohnstaedt.de/xca/Installablefree5
10+ Essential IP tools for Admins. DNS Audit, Network, WMIhttps://www.adremsoft.com/netcrunch.tools/Installablefree2
Total Commander https://www.ghisler.com/Portablefree5
ABBYY 14 – OCR Projecthttps://www.abbyy.com/en-gb/finereader/Installablepaid5
Autoruns, WMI and auto startuphttps://docs.microsoft.com/en-us/sysinternals/downloads/autorunsPortablefree5
Cryping, command line extended pinghttp://www.cryer.co.uk/downloads/crypingPortablefree2
CurrentPortshttps://www.nirsoft.net/utils/cports.htmlPortablefree5
Daphne - system toolhttp://www.drk.com.ar/daphne.phpPortablefree3
Easy Robocopyhttp://www.tribblesoft.com/home-page/easy-robocopy/Portablefree5
ProcessExplorerhttps://docs.microsoft.com/en-us/sysinternals/downloads/process-explorerPortablefree5
ProcessMonitorhttps://docs.microsoft.com/en-us/sysinternals/downloads/procmonPortablefree5
FastStone, image viewer and editor https://www.faststone.org/ Portablefree5
qBittorrent , Best Bittorrent clienthttps://www.qbittorrent.org/Portablefree5
Terminals, RDP manager and network toolshttps://github.com/terminals-Origin/TerminalsPortablefree5
TCP Viewhttps://docs.microsoft.com/en-us/sysinternals/downloads/tcpviewPortablefree3
WinCDEmu – ISO emulatorhttps://wincdemu.sysprogs.org/Portablefree5
CleanMemoryhttps://www.pcwintech.com/cleanmemPortablefree4
Teracopy, better copying https://www.codesector.com/teracopyPortablefree3
IIS Crypto - IIS Crypto, manage protocols, ciphers, hasheshttps://www.nartac.com/Portablefree4
RegexBuddy4https://www.regexbuddy.com/Portablefree5
BareGrep (also BareTail)https://www.baremetalsoft.com/baregrep/Portablefree2
WinDirStatshttps://windirstat.net/Portablefree2
SageLinks, SymLinks, HardLinkshttps://github.com/raspopov/SageLinks/releasesPortablefree3
NTFSViewLinks, SymLinks, Hardlinks, etchttps://www.nirsoft.net/utils/ntfs_links_view.htmlPortablefree3
Lastpass, passwordshttps://www.lastpass.com/Installablefree5
Enpass, passwordshttps://www.enpass.io/Portablefree4
Keepass, password safe, opensourcehttps://keepass.info/Portablefree3
BeCyPDFMetaEdit, edit pdf metadatahttps://becypdfmetaedit.jaleco.com/Portablefree4
Notepad++https://notepad-plus-plus.org/Portablefree5
Evernotehttps://evernote.com/Installablefree5
NixNotehttp://nixnote.org/Portablefree3
MobaXterm, Linux terminal SSL clienthttps://mobaxterm.mobatek.net/Installablefree5
Putty, Linux terminal. SSH clienthttps://www.putty.org/Portablefree3
Hash Manager, change any file hashhttp://imristo.com/hash-manager-change-the-hash-of-any-file/Portablefree5
Gimp, image editorhttps://www.gimp.org/Portablefree3
HeidiSQL, SQL clienthttps://www.heidisql.com/Portablefree3
pgAdmin, postgress clienthttps://www.pgadmin.org/Installablefree5
OpenSSLhttps://www.openssl.org/Installablefree3
Sumatra, PDF readerhttps://www.sumatrapdfreader.org/free-pdf-reader.htmlPortablefree3
TextCrawlerhttps://www.digitalvolcano.co.uk/textcrawler.htmlPortablefree4
WildRename, wildcard rename utilityhttps://www.cylog.org/utilities/wildrename.jspPortablefree3
WildReplace, wildcard replace utilityhttps://www.cylog.org/utilities/wildreplace.jspPortablefree3
WinDJViewer, djv viewerhttps://windjview.sourceforge.io/Portablefree3
GIT for windows, SSH terminal for Winhttps://git-scm.com/download/winInstallablefree5
FileMenuTools, edit explorer menushttps://www.lopesoft.com/index.php/en/products/filemenutoolsInstallablefree3
Mozilla Firefox, browserhttp://mozilla.org/Installablefree3
Chrome, browserhttps://www.google.com/chrome/Installablefree3
Opera, browserhttps://www.opera.com/Installablefree3
MouseEmu, emulate mouse with keyboardhttp://rhdesigns.browseto.org/mouseemulator.htmlInstallablefree5
Autohotkeys. Key emulatorhttps://www.autohotkey.com/Installablefree4
NeatMouse, emulate mouse with keyboardhttps://neatdecisions.com/products/neatmouse/Installabelfree3
Babun, Windows shell you will love (Discontinued)https://babun.github.io/Installablefree3
Calibre, Ebook managementhttps://calibre-ebook.com/Installable (can be portable)free5
Clavie, keyborad shortcutshttp://utilfr42.free.fr/util/Clavier.phpPortablefree3
Angry IP scanner, IP range scanhttps://angryip.org/Portablefree3
PingInfoView, advanced ping toolhttps://www.nirsoft.net/utils/multiple_ping_tool.htmlPortablefree5
Advanced IP Scanner, network LAN scannerhttp://www.advanced-ip-scanner.com/Installablefree3