Last edit: May 26, 2019 09:35:45 PM CDT
List of all cheatsheets
See also Linux, macOS and Bash
Regular Expressions
Find all variations preceding a particular character
e.g. /Appl*/
Find all variations that match a character in a specific location
e.g. /Appl./
Find an optional match preceding a particular character
e.g. /Appl?/
Find one or more matches preceding the character
e.g. /Appl+/
Find a specific match
e.g. /Apple/
Find a specific match at the beginning of a line
e.g /^Apple/
Find a specific match at the end of a line
e.g. /Apple$/
Find all matching characters
e.g. /[123]/ or /[aeiou]/ or /[AEIOU]/
Find all matching characters that are not part of the set (select the inverse)
e.g. /[^123]/ or /[^aeiou]/ or /[^AEIOU]/
awk & sed
Don't forget the single quotes
AND = &&, OR = ||
Designate a field separator
awk -F'[character to use, including a space, e.g. : , /]' [file being searched through]
e.g. awk -F':' '{ print $1,$3 }' /etc/passwd
Pattern matching
awk '[field/column to look into] [operator (== != < > <= >=)] { print $(field/column from result to print)}'
e.g. awk '$10 == 404 {print $2}' access_log
Search for multiple terms
awk '/term1|term2|term3/' e.g. awk -F':' '/nologin|false/ {print $1}' /etc/passwd
awk '/term1/ [search operator] /term2/'
Print a specific line
awk "NR==[line number]{print}" /path/to/file
Print a specific line
awk '/[term]/ {print $(NF-1)}'
Substitute term in awk return
awk '/[term]/ {gsub("[term to find]","term to replace"); print $1,$2,$3,$4,$5,$6,$7,$8}'
Simple find and replace
sed -e "s/[character to find]/[character to replace it with/g'
sed 's/this/that/g'
Special characters or spaces will need to be escaped with a \ and an extra / will be needed before /g
Print a particular number line in a listing
sed -n '[number]p', e.g. ls -al | sed -n '2p'
Print all lines between two matching terms
sed -n '/[term 1]/,/[term 2]/p', e.g. ls -al ~ | sed -n '/Library/,/Sites/p'
Replace particular instances of a string with a new string
sed 's/this/that/[number place of instance]', e.g. sed 's/this/that/3'
Strip tag values from a value
sed 's/<[^>]*>//g' e.g. echo "TEST" | sed 's/<[^>]*>//g'
curl
Download files from site
curl -C - -O [site url]
Basic check of website availability
curl -Is [site url]| awk '/HTTP/'
Website availability check
curl --head [site url]
DNS
Display FQDN
hostname -f
Get DNS records on a domain
host -t {CNAME, NS, SOA, SIG, KEY, AXFR, PTR, SRV} [domain]
dig [query] A/NS/MX/TXT/SRV/SOA
Get detailed DNS information for domain
dig domain SOA & dig domain any
Find all name servers for a domain
dig domain NS
Find all mail records for a domain
dig domain MX
Query a specific name server
dig @[NS IP or Name] [query]
Which servers are involved in a DNS lookups
dig site.to.lookup +trace | awk '/;;/'
Find autodiscover records in a domain
dig any _autodiscover._tcp.example.com
Query AD SRV records
Find domain controllers: dig -t SRV _ldap._tcp.fqdn.domain.com
Find the Global Catalog server: dig -t SRV _gc._tcp.fqdn.domain.com or _ldap._tcp.gc._msdcs.fqdn.domain.com
Harvest details about a domain
dig domain SOA
dig domain A
dig subdomain.domain A
dig domain CNAME
dig subdomain.domain CNAME
dig domain PTR
dig subdomain.domain PTR
dig domain MX
dig domain TXT
dig [selector]._domainkey.domain txt
dig _dmarc.domain TXT
dig subdomain.domain SRV
dig subdomain.domain DNSKEY
dig subdomain.domain HIP
dig _autodiscover._tcp.domain
Files, Filesystem & Remote Systems
Make a sym link
ln -s /path/to/thing/you/wantolink /path/towhere/to/linkit
Find a term inside a directory of files
grep -nr [searchterm] /path/to/dir
Get a count of files in current directory that have a particular term present
grep -c "[term]" *
Return multiple lines in a grep search
grep -A ##
Find a UUID pattern in text
grep -E "[A-F0-9]{8}-[A-F0-9]{4}-4[A-F0-9]{3}-[89AB][A-F0-9]{3}-[A-F0-9]{12}"
Find files modified in last hour
find . -mtime -1h
Find files modified in past week
find . -mtime -7
Find files with a particular extension created in past week
find . -name "*.[extension]" -ctime -7
Find files newer than the named file in current directory
find . -newer [named file]
Find files modified in past week and open in default app
find . -mtime -7 | xargs open
Find a specific term in the contents of files in a directory
find [place to search] -type f -print0 | xargs -0 grep [term]
Total size of a folder
du -hd .
Size subfolders
du -sh *
Get size of subfolders with a grand total
du -d 1 -ch
Centos: du —max-depth 1 -ch
Find folders that are gigabytes in size
du -sh * | sort -nr | grep G
Percentage of drive space available on all mounted drives
df -kH
Amount of free space left on boot drive in gigabytes
df -gHl / | awk '{print $4}' | tail -1
Amount of data on boot drive in gigabytes
df -gHl / | awk '{print $3}' | tail -1
Make a directory tree
mkdir -p topFolder/{subC/{c1,c2,c3},subA,subB}
Cut range
cut -c #-#
List the content of a directory and any subdirectories
ls -R
Strip directory information from file path
basename
Returns directory portion of file path
dirname
Navigate into a directory with a name that starts with a hyphen
cd -- -dir
Make tar
tar -cvzf /path/to/new archive /files/to/be/archived
Expand tar
tar -xvzf /path/to/archive
Expand into current directory
tar -xv[z/j/type]f /path/to/archive -C .
Unzip tar
gunzip files.tar.gz
Compare side-by-side at the CLI
diff -y or vimdiff
Get access and modification information for a file
stat -x
Copy files to target machine
scp /Path/To/File/WantToCopy.ext user@server:Path/To/CopyFileTo/file.ext
Might need -o "GSSAPIAuthentication=yes"
Copy files from target machine to your machine
scp user@server:Path/of/FiletoCopy/file.ext Path/onYourMachine/ToCpy/file.ext
Might need -o "GSSAPIAuthentication=yes"
Copy files from your machine to target machine
rsync -avhP /local/path server:/path
Keep folder on host machine in sync with folder, including subfolders and removals, on target machine
rsync -avr --delete /src/ /dest
Monitoring & Troubleshooting Tools
Get quick timing statistics for a particular command
time [command]
Find open files by user
lsof -u username/UID
Find files by process
lsof -p PID
Find files by protocol
lsof -i [protocol], e.g. lsof -i TCP
Find files by port
lsof -i :[port number]
Find files to a specific host
lsof -i @[address or FQDN]
Find listening TCP connections
lsof -i -sTCP:LISTEN
Find established TCP connections
lsof -i -sTCP:ESTABLISHED
Get running apps PID
ps ax | awk '/[app name without brackets]/ {print $1}' | head -n 1
When did a process start
ps ax -o lstart,pid,comm | awk '/[process]/ {print $2,$3,$4,$5}'
View network routing connection
nettop -m route
Capture network traffic incoming/outgoing to/from an interface and show the DNS queries and responses
ngrep -l -q -d [interface] -i "" udp and port 53 ngrep is available from MacPorts for OS X
"Tail" network interface
tcpdump -vvv -i [interface]
create packet capture
tcpdump -i [en0/en1] -w /path/to/.pcap
Dump packets for a particular port
tcpdump -i [en0/en1] port [port number]
Dump packets for a particular protocol
tcpdump -i [en0/en1] [protocol]
Dump packets part of communicating with a particular hpst
tcpdump -i [en0/en1] host [IP]
tcpdump -i [en0/en1] src host [IP]
tcpdump -i [en0/en1] dst host [IP]
Networking
See also curl above
Sort a list of IPs
cat [IP list] | sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n
SSH tunnel
ssh -K -L5900:127.0.0.1:5900 user@machineFQDN
Double hop VNC without having to declare ports
ssh -oproxycommand="ssh -qaxT user@host.fqdn nc %h %p" -L 590X:localhost:590X user@host.fqdn
What version of SMB is being used by a server
smbutil statshares -a
What ports is a server listening on
netstat -tuln
Is a service running
netstat -ntlap | awk '/[service port]/ && /LISTEN/'
Quick port scan / alternative to telnet
nc -v -z [server/host] [port range, e.g. 1-100]
Scan multiple IPs or subnet
nmap [x.x.x.].first number in range - last number in range, e.g. 192.168.1.1-20
nmap x.x.x.x/24
Scan just for open ports
nmap --open [host]
Scan a particular port
nmap -p [port] [host]
nmap -p T:[port] or U:[port] [host]
Get machine information based on IP
nmap -O -sS -n -oN /path/to/output.txt [IP or IP-IP range]
Get OS and port information about a host
nmap -v -O -osscan-guess [host|CIDR|range]
Get External IP from CLI
dig TXT +short o-o.myaddr.l.google.com @ns1.google.com
curl -s ifconfig.me/ip
Test to see if IPHelpers are available
tcpdump -i en0 -e -n port 67 or port 68
Find all online hosts on subnet
for ip in $(seq 1 254); do ping -c 1 [ip range].$ip>/dev/null; [ $? -eq 0 ] && echo "[ip range].$ip UP" || : ; done
Find a company's IP block
1. Look up Autonomous System Number(s) here
2. whois -h whois.radb.net -- '-i origin [ASN]' | grep -Eo "([0-9.]+){4}/[0-9]+"
Security
Limit SSH users
Set AllowUsers in /etc/sshd_config
.k5login files
Place at root of $HOME
principalname@REALM
Read the keytab file
klist -k /etc/krb5.keytab
Bring up kerberos password promt
/bin/echo '' | /usr/bin/kinit
Read a certificate
openssl x509 -text -noout -in certificate.crt
Convert cert cer file to pem file
openssl x509 -inform pem -in certificate.cer -outform der -out certificate.pem
Review a site's certificates
openssl s_client -connect [site name]:443 -showcerts
Review a site's ability to connect over TLS types
openssl s_client -tls[number] -connect [site], e.g. openssl s_client -tls1_0, tls1_1, t1s1_2
Misc tools
Man apropos
man -K ^ [term]
Make sure You don’t overwrite existing path
export PATH="$PATH:/new/addition"
Convert Unix time to regular time
date -r [seconds]
Simple Calendar
ncal -J -m [1-12]
Generate a random number
echo $(( (RANDOM % 100000000000000000000000000) ))
Generate a random-esque string
echo $(date | cut -c 10-20 | md5)
jot -r -w abc%f 1 | md5
Generate a random 20 character string
echo `jot -r -c 12 a z` | md5 | cut -c 10-30
Convert text to hex
xxd -p <<< "[string to enter]"
Convert hex to text
echo [hex text] | xxd -r -p
Decrypt base64 encoded text
echo [coded text] | base64 --decode
Simple website from a directory
python -m SimpleHTTPServer 8000
Screen keys
Name a session: screen -S [name]
Open new session: ctrl+a then c
Switch between sessions: ctrl+a or ctrl+a then number for session [0-9]
Connect to device over serial connection
screen /dev/tty.[adapter]
Connect to device over serial connection
cu -l /dev/tty.[adapter, e.g. PL2303-00001014] -s 9600 -s 9600
To break session: ~
Is a particular port installed on a FreeBSD machine
pkg info -x [portNameHere]
Make it snow
ruby -e 'C=`stty size`.scan(/\d+/)[1].to_i;S=["2743".to_i(16)].pack("U*");a={};puts "\033[2J";loop{a[rand(C)]=0;a.each{|x,o|;a[x]+=1;print "\033[#{o};#{x}H \033[#{a[x]};#{x}H#{S} \033[0;0H"};$stdout.flush;sleep 0.1}'