Find
The Linux find command is a valuable tool and skill to quickly discover valuable files on a system. The commands below are some of the common ones I use on pentesting engagements:
find / -name *.txt #Find all .txt files on the system
find / -name password* #Find all files on the system starting with password
find . -type f -exec cat {} + | grep -a 'password' #Find all files in a folder and its sub folders and cat them and grep for files containing the word password
find . -type f -exec cat {} + | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' #Find all files in a folder and its sub folders and cat them and grep for files containing IP addresses
find / -type f -perm 0777 #Find all world writable files on the system
find / 2>>/dev/null | grep "shadow.bak" #Find backup file of the /etc/shadow file
find / 2>>/dev/null | grep -i "passwords" #Find a file called passwords
find / -xdev -type f -print0 2>/dev/null | xargs -0 grep -E '^[a-z0–9]{32}$' 2>/dev/null #Searches the entire system for files containing a string of 32 characters containing letters and numbers
find / -type f -name *.xml #Find all files only with the.xml extension
find /home -type f -iname "passwords.txt" #Find all files only in the home directory with the name passwords.txt
find / -type d -name *exploits* #Find all directories containing the word exploits
find / -type f -user "admin" #Find all files on the system owned by admin
find / -type f -group "admins" 2>/dev/null #Find all the files on the system owned by the group “admins”
find / -type f -size 150c #Find all files on the system that are exactly 150 bytes (c = bytes; k = KiB's; M = MiB's)
find /home -type f -size -2k -name "*.txt" #Find all files in the home directory that end in .txt and are less than 2 kilobytes in size
find / -type f -perm 644 #Find all files on the system that are readable and writable by the file owner (6) and readable by everybody else 4 & 4
find / -type f -perm 444 #Find all files on the system that are only readable by everybody (Octal format)
find / -type f -perm o=w -name "*.sh" #Find all the files on the system where the group “Others” has write permissions on files ending .sh (symbolic format)
find /usr/bin -type f -user root -perm /u=s #Find all files in the /usr/bin directory (recursive) that are owned by root and have at least the SUID permission (symbolic format)
find / -type f -atime -10 -name "*.png" #Find all files ending with extensin .png that have not been accessed in the last 10 days (a = accessed; m = modified; c = status changed)
find /usr/bin -type f -mmin -120 #Find all files in the directory /usr/bin that have not been modified in the last 2 hours
find ~/workflows -type f -newermt 2016-09-11 ! -newermt 2025-09-13 2>/dev/null #Find files in a specific directory that was modified on the 2025-09-12