If you are a system administrator or security analyst who works on the command line, I would bet good money you could find use cases with this tool that will save you time. It is probably still a while until we hand over the keys to production, but there is a lot of work done outside of prod that can be tested in isolated containers and dev systems.
In this post the focus is on Claude Code, however there are of course other clients (and models) that have command line access. The thing that grabbed me is that Claude Code does it so well.
A Few Examples
Launching an Nmap Port Scan
The Nmap command being launched here is nothing extraordinary; more complex workflows are of course possible.
In the example we have used podman to keep the installation and execution isolated to its own environment. Claude asks at each step if you wish to execute the command (with the option of letting it go full auto).
Prompt:
Final Output:
- Port 22 (SSH)
- Port 80 (HTTP)
- Port 8080 (HTTP Proxy)
Note: The container requires the --cap-add=NET_RAW flag to perform network scans properly.
A key thing to note in this example is the model encountered an error running the Nmap command in the container and immediately found a solution (--cap-add=NET_RAW). Certainly something any sysadmin or security analyst would encounter. However, instead of spending 5 minutes finding the fix, a working solution was evaluated and ready to test immediately.
?????????????????????????????????????????????????????
? ? Welcome to Claude Code! ?
? ?
? /help for help, /status for your current setup ?
? ?
? cwd: /home/fred/nmap-test ?
?????????????????????????????????????????????????????
Tips for getting started:
1. Run /init to create a CLAUDE.md file with instructions for Claude
2. Use Claude to help with file analysis, editing, bash commands and git
3. Be as specific as you would with another engineer for the best results
> I need to test nmap against the local ip 10.1.1.99, please create a docker config that will use ubuntu and nmap to test the ports on this
ip. Use podman to build and run the container.
? I'll help you create a Docker configuration that uses Ubuntu and nmap to test ports on IP 10.1.1.99. Let me set up the necessary files and
build/run it with podman.
? ? Create Dockerfile with Ubuntu and nmap
? Create nmap scan script
? Build container with podman
? Run container to scan target IP
? ? Create Dockerfile with Ubuntu and nmap
? Create nmap scan script
? Build container with podman
? Run container to scan target IP
? Write(Dockerfile)
? Wrote 19 lines to Dockerfile
FROM ubuntu:latest
# Update and install nmap
RUN apt-get update && \
apt-get install -y nmap && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
# Create working directory
WORKDIR /scan
… +9 lines (ctrl+r to expand)
? ? Create Dockerfile with Ubuntu and nmap
? Create nmap scan script
? Build container with podman
? Run container to scan target IP
? Write(scan.sh)
? Wrote 17 lines to scan.sh
#!/bin/bash
TARGET_IP="10.1.1.99"
echo "==================================="
echo "Starting nmap scan on $TARGET_IP"
echo "==================================="
echo ""
# Basic port scan (most common ports)
… +7 lines (ctrl+r to expand)
? ? Create Dockerfile with Ubuntu and nmap
? Create nmap scan script
? Build container with podman
? Run container to scan target IP
? Bash(podman build -t nmap-scanner .)
? STEP 1/6: FROM ubuntu:latest
STEP 2/6: RUN apt-get update && apt-get install -y nmap && apt-get clean && rm -rf /var/lib/apt/lists/*
Get:1 http://security.ubuntu.com/ubuntu noble-security InRelease [126 kB]
Get:2 http://archive.ubuntu.com/ubuntu noble InRelease [256 kB]
… +164 lines (ctrl+r to expand)
? ? Create Dockerfile with Ubuntu and nmap
? Create nmap scan script
? Build container with podman
? Run container to scan target IP
? Bash(podman run --rm nmap-scanner)
? ===================================
Starting nmap scan on 10.1.1.99
===================================
… +7 lines (ctrl+r to expand)
? Bash(podman run --rm --cap-add=NET_RAW nmap-scanner)
? ===================================
Starting nmap scan on 10.1.1.99
===================================
… +15 lines (ctrl+r to expand)
? ? Create Dockerfile with Ubuntu and nmap
? Create nmap scan script
? Build container with podman
? Run container to scan target IP
? Successfully created and ran the nmap container. The scan found 3 open ports on 10.1.1.99:
- Port 22 (SSH)
- Port 80 (HTTP)
- Port 8080 (HTTP Proxy)
Note: The container requires the --cap-add=NET_RAW flag to perform network scans properly.
> /exit
? (no content)
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
? > ?
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
? for shortcuts ? Update installed · Restart to apply
Create and Test an Ansible Playbook to Deploy WordPress
In a second test Claude was instructed to develop an ansible playbook to launch a WordPress site on a remote server using podman containers. This is a quick way to deploy WordPress for local testing. The prompt included instructions to use a random port between 8000-9000, and test the site is accessible once deployed.
While Claude encountered a number of issues while working on the tasks, it was able to get a working setup and configuration after around 12 minutes. I monitored the progress and commands however it could have been fully automated as I selected Yes to every query.
The remote system was a clean install with ssh key based access in place, so Claude was able to ssh directly to the remote server and execute commands.
In this example there are a number of technologies in use. The aim of the task was to create a repeatable ansible playbook that can be used to quickly spin up test WordPress deployments. This is a common task that takes time, often requiring troubleshooting and testing. Claude Code worked the problem, ran into issues, came up with workarounds and deployed a working WordPress site.
You can imagine how this example could be applied to any number of tasks using ansible or other deployment tools. The obvious advantage of using Ansible rather than simply asking Claude to deploy a WordPress installation is that once you have the Ansible Playbook you can deploy in a standardised manner.
Documentation Use Case
For most system administrators, automating tasks with scripts and cron jobs is routine. One useful feature, whether the script was written by hand or generated by an LLM, is simply asking Claude to document the project. This step is often tedious and frequently overlooked, but streamlined with Claude's help.
Documenting small projects and scripts alone could be worth the $100 for Claude Max for many engineers.
The Random Project
Running a small homelab with a handful of smart devices means ideas are never in short supply. Finding two hours to sit down and play with an idea? That’s harder. With Claude Code you suggest your idea and get a working solution in minutes. You still get to be creative and learn how it all fits together. But now the grunt work is being handled by your assistant.
Final Thoughts
The vast majority of the Internet runs on systems managed at the command line. If an agent has access to the command line, there are literally thousands of tasks it could perform. If not today then surely its coming.
Anyone who has done any technical troubleshooting knows that sometimes the solution comes easy and sometimes they turn into rabbit holes. With tools like this we can plough through the easy, repetitive and mundane and get stuck into the harder problems.
From a security perspective, working faster can mean more mistakes, which inevitably leads to security incidents. On the other hand, the IT industry was built on yolo fixes from spotty documentation so what's new? The key point to remember is that the operator whether a system administrator, pen-tester or developer is that you are still responsible for the task. If it breaks ... you own it.