Ways to search files in Kali – which, locate and find

Kali is the one of the best operating system for Pentesting and hacking. After BackTrack, this is the only operating system I have used, since I think 2015.It has a lots of tools and features that will help you from information gathering to maintaining the access. This article is about Three tools that kali provides to search for a file. Some of these can be tricky but once you get a hands-on on them, they’ll make your life pretty easy.



This one is simple and quick command to search a file or a directory. Its usage is pretty straight forward. Just need to put locate [with file name]. It is quick because it has its own database that is updated by cron scheduler in regular fashion, its db is called locate.db, so the search doesn’t involve the hard-disk.
A few things to notice, it is really good for regex and pattern search for the name of the file, but it doesn’t search for attributes of the file or doesn’t do any extensive search like find. That is why I will say it is simple and quick.

So if you search for a filename it will give its location.

#locate filename



Find is for extensive searches, this is more like a super cousin of locate command. Find doesn’t have its database of its own, it goes file by file starting from the root directory. This command is not that simple but once you start using it, you will know how valuable it is! With find, you can also search file attributes such as permissions, type, creation date, modification date, etc., I usually use this to find SUID bits to check the files with the root privilege.

Below are some usage of find:

If you checkout the above examples, the find / -name “pass.txt” will search from the root directory for pass.txt file.

The other find . -name “pass.txt” will search in the current directory and recursively search all the directories in the current directory as well.

The last one is the same as current directory.

The command find / -perm /4000 is used to search for files with SUID bits, in the below command /4000 is the octal numeric representation of SUID. SUID is Set User identification, simply means that the file will run with the permission of the file owner, So if SUID bit is set for a file and the file is owned by the root user, when you execute it, it will run under the root privilege. This is one of the ways to check for privilege escalation techniques in a system.



Our last command for the command search is which. which command is simple and makes use of $PATH variable. The $PATH variable contains the directories of commands, so Kali uses this variable when a command is issued without its path, so whatever paths in $PATH variable contains, it checks those paths only.
which check those paths for the search pattern.

If you do man which, you will get an extensive help for which command.

which command isn’t for files, it is for the commands and their paths. If you want to do a quick lookup for, say, burpsuite, it will give you path for that command. You can give multiple arguments as command names and it will show you their paths.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: