Skip to content

Instantly share code, notes, and snippets.

@ivlzme

ivlzme/bash.md

Last active January 17, 2024 23:29
Show Gist options
  • Save ivlzme/89db3f5cdfd1cf6cd2cf523bbf4e554c to your computer and use it in GitHub Desktop.
Save ivlzme/89db3f5cdfd1cf6cd2cf523bbf4e554c to your computer and use it in GitHub Desktop.
Download ZIP
Useful bash commands
Raw
bash.md

On linux, to install a pre-built binary distribution of any application (one that decompresses to a bin, doc, man, and share folder):

cd /usr
tar --strip-components=1 -xzf ~/Downloads/binary-distribution-app.tar.gz

find with multiple commands

find . -name "*.txt" -exec grep apple {} \; -exec grep banana {} \;

find with complex commands:

find . -name "*.zip" -exec sh -c 'yes n | unzip $1' _ {} \;

Search for lines containing the string "INFO" in system.log and print the 1st and 3rd field (space delimited?)

awk '/INFO/ {print $1, $3}' system.log

To display POSIX time (epoch time) in human-friendly format (HH:MM:SS):

TZ=America/Los_Angeles awk '/INFO/ {print strftime("%T", $1), $3}' system.log

Search packet captures with tcpdump for hosts sending traffic to a specific IP addr (the first cut takes the 3rd field of the output which if the "IP.port" and the second cut removes the port by keeping fields 1-4 only. Sort keeps only unique addresses)

tcpdump -nr traffic.pcap "dst host 45.45.45.45" | cut -d ' ' -f 3 | cut -d '.' -f 1-4 | sort -u

Search packet captures using tcdump filters, stopping after finding 2 results

tcpdump -nr traffic.pcap -c 2 "src host 1.1.1.1 and dst host 2.2.2.2 and dst port 80"

Host a simple HTTP webserver with python

python3 -m http.server <port> --dir <serve-dir>

Bash inline for loops

for num in 1 3 5 7 9; do echo "num: $num"; done

Find in multiple directories

find dir1 dir2 -name *.txt

Find name case insensitive

find . -iname *.txt

Find file of specific size

find . -ls -size 72c # 72 bytes

ps don't truncate and wrap

ps -efww #ps -ef == ps aux

show ARP table

ip neigh

ss is a modern replacement of netstat (even though everyone still uses netcat). It gets information from kernelspace directly via Netlink instead of the classic sockets API (https://stackoverflow.com/questions/11763376/difference-between-netstat-and-ss-in-linux).

ss

Using the stream editor

# -i      = edit a file in place (inline mode)
# '/$:/d' = match any line with `$:` and delete the line `/d`
sed -i '/$:/d' file.txt

On Linux systems, you can send files over TCP/UDP with character devices /dev/<tcp|udp>/<ip>/<port>:

cat /etc/passwd > /dev/tcp/127.0.0.1/1234

Search gzip compressed files for regex

zgrep <regex> *.gz
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment