Last edit: October 01, 2017 09:58:36 AM CDT List of all cheatsheets See also Linux & OS X awk Don't forget the single quotes Designate a field separator awk -F'[character]' [file being searched through], e.g. awk -F':' '{ print $1,$3 }' /etc/passwd Pattern matching awk '[field/column to look into] [operator (== != < > <= >=)] { print $(field/column from result to print)}' e.g. awk '$10 == 404 {print $2}' access_log Search for multiple terms awk '/term1|term2|term3/' e.g. awk -F':' '/nologin|false/ {print $1}' /etc/passwd Print a specific line awk "NR==[line number]{print}" /path/to/file curl Download files from site curl -C - -O [site url] Basic check of website availability curl -Is [site url]| awk '/HTTP/' Website availability check curl --head [site url] DNS Display FQDN hostname -f Get DNS records on a domain host -t {CNAME, NS, SOA, SIG, KEY, AXFR, PTR, SRV} [domain] dig [query] A/NS/MX/TXT/SRV/SOA Get detailed DNS information for domain dig domain SOA & dig domain any Find all name servers for a domain dig domain NS Find all mail records for a domain dig domain MX Query a specific name server dig @[NS IP or Name] [query] Which servers are involved in a DNS lookups dig site.to.lookup +trace | awk '/;;/' Find autodiscover records in a domain dig any _autodiscover._tcp.example.com Query AD SRV records Find domain controllers: dig -t SRV _ldap._tcp.fqdn.domain.com Find the Global Catalog server: dig -t SRV _gc._tcp.fqdn.domain.com or _ldap._tcp.gc._msdcs.fqdn.domain.com Harvest details about a domain dig domain SOA dig domain A dig subdomain.domain A dig domain CNAME dig subdomain.domain CNAME dig domain PTR dig subdomain.domain PTR dig domain MX dig domain TXT dig [selector]._domainkey.domain txt dig _dmarc.domain TXT dig subdomain.domain SRV dig subdomain.domain DNSKEY dig subdomain.domain HIP dig _autodiscover._tcp.domain Files, Filesystem & Remote Systems Find a term inside a directory of files grep -nr [searchterm] /path/to/dir Find a specific term in the contents of files in a directory find [place to search] -type f -print0 | xargs -0 grep [term] Total size of a folder du -hd . Size subfolders du -sh * Get size of subfolders with a grand total du -d 1 -ch Centos: du —max-depth 1 -ch Find folders that are gigabytes in size du -sh * | sort -nr | grep G Percentage of drive space available on all mounted drives df -kH Amount of free space left on boot drive in gigabytes df -gHl / | awk '{print $4}' | tail -1 Amount of data on boot drive in gigabytes df -gHl / | awk '{print $3}' | tail -1 Make a directory tree mkdir -p topFolder/{subC/{c1,c2,c3},subA,subB} Cut range cut -c #-# Strip directory information from file path basename Returns directory portion of file path dirname Navigate into a directory with a name that starts with a hyphen cd -- -dir Make tar tar -cvzf /path/to/new archive /files/to/be/archived Expand tar tar -xvzf /path/to/archive Expand into current directory tar -xv[z/j/type]f /path/to/archive -C . Unzip tar gunzip files.tar.gz Compare side-by-side at the CLI diff -y or vimdiff Get access and modification information for a file stat -x Copy files to target machine scp /Path/To/File/WantToCopy.ext user@server:Path/To/CopyFileTo/file.ext Might need -o "GSSAPIAuthentication=yes" Copy files from target machine to your machine scp user@server:Path/of/FiletoCopy/file.ext Path/onYourMachine/ToCpy/file.ext Might need -o "GSSAPIAuthentication=yes" Copy files from your machine to target machine rsync -av /local/path server:/path Keep folder on host machine in sync with folder, including subfolders and removals, on target machine rsync -avr --delete /src/ /dest Monitoring & Troubleshooting Tools lsof options lsof -i or lsof -iPn Find open files by user: lsof -u username/UID Find by process: lsof -p PID Get running apps PID ps ax | awk '/[app name without brackets]/ {print $1}' | head -n 1 When did a process start ps ax -o lstart,pid,comm | awk '/[process]/ {print $2,$3,$4,$5}' create tcpdump tcpdump -i [en0/en1] -w /path/to/.pcap View network routing connection nettop -m route Get quick timing statistics for a particular command time [command] Capture network traffic incoming/outgoing to/from an interface and show the DNS queries and responses ngrep -l -q -d [interface] -i "" udp and port 53 ngrep is available from MacPorts for OS X Networking See also curl above Sort a list of IPs cat [IP list] | sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n SSH tunnel ssh -K -L5900:127.0.0.1:5900 user@machineFQDN Double hop VNC without having to declare ports ssh -oproxycommand="ssh -qaxT user@host.fqdn nc %h %p" -L 590X:localhost:590X user@host.fqdn What version of SMB is being used by a server smbutil statshares -a What ports is a server listening on netstat -tuln Is a service running netstat -ntlap | awk '/[service port]/ && /LISTEN/' Quick port scan / alternative to telnet nc -v -z [server/host] [port range, e.g. 1-100] Scan multiple IPs or subnet nmap [x.x.x.].first number in range - last number in range, e.g. 192.168.1.1-20 nmap x.x.x.x/24 Scan just for open ports nmap --open [host] Scan a particular port nmap -p [port] [host] nmap -p T:[port] or U:[port] [host] Get machine information based on IP nmap -O -sS -n -oN /path/to/output.txt [IP or IP-IP range] Get OS and port information about a host nmap -v -O -osscan-guess [host|CIDR|range] Get External IP from CLI dig TXT +short o-o.myaddr.l.google.com @ns1.google.com curl -s ifconfig.me/ip Test to see if IPHelpers are available tcpdump -i en0 -e -n port 67 or port 68 Find all online hosts on subnet for ip in $(seq 1 254); do ping -c 1 [ip range].$ip>/dev/null; [ $? -eq 0 ] && echo "[ip range].$ip UP" || : ; done Security Limit SSH users Set AllowUsers in /etc/sshd_config .k5login files Place at root of $HOME principalname@REALM Read the keytab file klist -k /etc/krb5.keytab Bring up kerberos password promt /bin/echo '' | /usr/bin/kinit Convert cert cer file to pem file openssl x509 -inform pem -in certificate.cer -outform der -out certificate.pem Review a site's certificates openssl s_client -connect [site name]:443 -showcerts Misc tools Man apropos man -K ^ [term] Make sure You don’t overwrite existing path export PATH="$PATH:/new/addition" Convert Unix time to regular time date -r [seconds] Simple Calendar ncal -J -m [1-12] Generate a random number echo $(( (RANDOM % 100000000000000000000000000) )) Generate a random-esque string echo $(date | cut -c 10-20 | md5) Generate a random 20 character string echo `jot -r -c 12 a z` | md5 | cut -c 10-30 Convert text to hex xxd -p <<< "[string to enter]" Convert hex to text echo [hex text] | xxd -r -p Simple website from a directory python -m SimpleHTTPServer 8000 Screen keys Name a session: screen -S [name] Open new session: ctrl+a then c Switch between sessions: ctrl+a or ctrl+a then number for session [0-9] Connect to device over serial connection screen /dev/tty.[adapter] Connect to device over serial connection cu -l /dev/tty.[adapter, e.g. PL2303-00001014] -s 9600 -s 9600 To break session: ~ Cheap point-to-point chat nc -p 6666 & nc [IP] 6666 Is a particular port installed on a FreeBSD machine pkg info -x [portNameHere] Make it snow ruby -e 'C=`stty size`.scan(/\d+/)[1].to_i;S=["2743".to_i(16)].pack("U*");a={};puts "\033[2J";loop{a[rand(C)]=0;a.each{|x,o|;a[x]+=1;print "\033[#{o};#{x}H \033[#{a[x]};#{x}H#{S} \033[0;0H"};$stdout.flush;sleep 0.1}'