Last edit: May 26, 2019 09:35:45 PM CDT List of all cheatsheets See also Linux, macOS and Bash Regular Expressions Find all variations preceding a particular character e.g. /Appl*/ Find all variations that match a character in a specific location e.g. /Appl./ Find an optional match preceding a particular character e.g. /Appl?/ Find one or more matches preceding the character e.g. /Appl+/ Find a specific match e.g. /Apple/ Find a specific match at the beginning of a line e.g /^Apple/ Find a specific match at the end of a line e.g. /Apple$/ Find all matching characters e.g. /[123]/ or /[aeiou]/ or /[AEIOU]/ Find all matching characters that are not part of the set (select the inverse) e.g. /[^123]/ or /[^aeiou]/ or /[^AEIOU]/ awk & sed Don't forget the single quotes AND = &&, OR = || Designate a field separator awk -F'[character to use, including a space, e.g. : , /]' [file being searched through] e.g. awk -F':' '{ print $1,$3 }' /etc/passwd Pattern matching awk '[field/column to look into] [operator (== != < > <= >=)] { print $(field/column from result to print)}' e.g. awk '$10 == 404 {print $2}' access_log Search for multiple terms awk '/term1|term2|term3/' e.g. awk -F':' '/nologin|false/ {print $1}' /etc/passwd awk '/term1/ [search operator] /term2/' Print a specific line awk "NR==[line number]{print}" /path/to/file Print a specific line awk '/[term]/ {print $(NF-1)}' Substitute term in awk return awk '/[term]/ {gsub("[term to find]","term to replace"); print $1,$2,$3,$4,$5,$6,$7,$8}' Simple find and replace sed -e "s/[character to find]/[character to replace it with/g' sed 's/this/that/g' Special characters or spaces will need to be escaped with a \ and an extra / will be needed before /g Print a particular number line in a listing sed -n '[number]p', e.g. ls -al | sed -n '2p' Print all lines between two matching terms sed -n '/[term 1]/,/[term 2]/p', e.g. ls -al ~ | sed -n '/Library/,/Sites/p' Replace particular instances of a string with a new string sed 's/this/that/[number place of instance]', e.g. sed 's/this/that/3' Strip tag values from a value sed 's/<[^>]*>//g' e.g. echo "TEST" | sed 's/<[^>]*>//g' curl Download files from site curl -C - -O [site url] Basic check of website availability curl -Is [site url]| awk '/HTTP/' Website availability check curl --head [site url] DNS Display FQDN hostname -f Get DNS records on a domain host -t {CNAME, NS, SOA, SIG, KEY, AXFR, PTR, SRV} [domain] dig [query] A/NS/MX/TXT/SRV/SOA Get detailed DNS information for domain dig domain SOA & dig domain any Find all name servers for a domain dig domain NS Find all mail records for a domain dig domain MX Query a specific name server dig @[NS IP or Name] [query] Which servers are involved in a DNS lookups dig +trace | awk '/;;/' Find autodiscover records in a domain dig any Query AD SRV records Find domain controllers: dig -t SRV Find the Global Catalog server: dig -t SRV or Harvest details about a domain dig domain SOA dig domain A dig subdomain.domain A dig domain CNAME dig subdomain.domain CNAME dig domain PTR dig subdomain.domain PTR dig domain MX dig domain TXT dig [selector]._domainkey.domain txt dig _dmarc.domain TXT dig subdomain.domain SRV dig subdomain.domain DNSKEY dig subdomain.domain HIP dig _autodiscover._tcp.domain Files, Filesystem & Remote Systems Make a sym link ln -s /path/to/thing/you/wantolink /path/towhere/to/linkit Find a term inside a directory of files grep -nr [searchterm] /path/to/dir Get a count of files in current directory that have a particular term present grep -c "[term]" * Return multiple lines in a grep search grep -A ## Find a UUID pattern in text grep -E "[A-F0-9]{8}-[A-F0-9]{4}-4[A-F0-9]{3}-[89AB][A-F0-9]{3}-[A-F0-9]{12}" Find files modified in last hour find . -mtime -1h Find files modified in past week find . -mtime -7 Find files with a particular extension created in past week find . -name "*.[extension]" -ctime -7 Find files newer than the named file in current directory find . -newer [named file] Find files modified in past week and open in default app find . -mtime -7 | xargs open Find a specific term in the contents of files in a directory find [place to search] -type f -print0 | xargs -0 grep [term] Total size of a folder du -hd . Size subfolders du -sh * Get size of subfolders with a grand total du -d 1 -ch Centos: du —max-depth 1 -ch Find folders that are gigabytes in size du -sh * | sort -nr | grep G Percentage of drive space available on all mounted drives df -kH Amount of free space left on boot drive in gigabytes df -gHl / | awk '{print $4}' | tail -1 Amount of data on boot drive in gigabytes df -gHl / | awk '{print $3}' | tail -1 Make a directory tree mkdir -p topFolder/{subC/{c1,c2,c3},subA,subB} Cut range cut -c #-# List the content of a directory and any subdirectories ls -R Strip directory information from file path basename Returns directory portion of file path dirname Navigate into a directory with a name that starts with a hyphen cd -- -dir Make tar tar -cvzf /path/to/new archive /files/to/be/archived Expand tar tar -xvzf /path/to/archive Expand into current directory tar -xv[z/j/type]f /path/to/archive -C . Unzip tar gunzip files.tar.gz Compare side-by-side at the CLI diff -y or vimdiff Get access and modification information for a file stat -x Copy files to target machine scp /Path/To/File/WantToCopy.ext user@server:Path/To/CopyFileTo/file.ext Might need -o "GSSAPIAuthentication=yes" Copy files from target machine to your machine scp user@server:Path/of/FiletoCopy/file.ext Path/onYourMachine/ToCpy/file.ext Might need -o "GSSAPIAuthentication=yes" Copy files from your machine to target machine rsync -avhP /local/path server:/path Keep folder on host machine in sync with folder, including subfolders and removals, on target machine rsync -avr --delete /src/ /dest Monitoring & Troubleshooting Tools Get quick timing statistics for a particular command time [command] Find open files by user lsof -u username/UID Find files by process lsof -p PID Find files by protocol lsof -i [protocol], e.g. lsof -i TCP Find files by port lsof -i :[port number] Find files to a specific host lsof -i @[address or FQDN] Find listening TCP connections lsof -i -sTCP:LISTEN Find established TCP connections lsof -i -sTCP:ESTABLISHED Get running apps PID ps ax | awk '/[app name without brackets]/ {print $1}' | head -n 1 When did a process start ps ax -o lstart,pid,comm | awk '/[process]/ {print $2,$3,$4,$5}' View network routing connection nettop -m route Capture network traffic incoming/outgoing to/from an interface and show the DNS queries and responses ngrep -l -q -d [interface] -i "" udp and port 53 ngrep is available from MacPorts for OS X "Tail" network interface tcpdump -vvv -i [interface] create packet capture tcpdump -i [en0/en1] -w /path/to/.pcap Dump packets for a particular port tcpdump -i [en0/en1] port [port number] Dump packets for a particular protocol tcpdump -i [en0/en1] [protocol] Dump packets part of communicating with a particular hpst tcpdump -i [en0/en1] host [IP] tcpdump -i [en0/en1] src host [IP] tcpdump -i [en0/en1] dst host [IP] Networking See also curl above Sort a list of IPs cat [IP list] | sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n SSH tunnel ssh -K -L5900: user@machineFQDN Double hop VNC without having to declare ports ssh -oproxycommand="ssh -qaxT user@host.fqdn nc %h %p" -L 590X:localhost:590X user@host.fqdn What version of SMB is being used by a server smbutil statshares -a What ports is a server listening on netstat -tuln Is a service running netstat -ntlap | awk '/[service port]/ && /LISTEN/' Quick port scan / alternative to telnet nc -v -z [server/host] [port range, e.g. 1-100] Scan multiple IPs or subnet nmap [x.x.x.].first number in range - last number in range, e.g. nmap x.x.x.x/24 Scan just for open ports nmap --open [host] Scan a particular port nmap -p [port] [host] nmap -p T:[port] or U:[port] [host] Get machine information based on IP nmap -O -sS -n -oN /path/to/output.txt [IP or IP-IP range] Get OS and port information about a host nmap -v -O -osscan-guess [host|CIDR|range] Get External IP from CLI dig TXT +short curl -s Test to see if IPHelpers are available tcpdump -i en0 -e -n port 67 or port 68 Find all online hosts on subnet for ip in $(seq 1 254); do ping -c 1 [ip range].$ip>/dev/null; [ $? -eq 0 ] && echo "[ip range].$ip UP" || : ; done Find a company's IP block 1. Look up Autonomous System Number(s) here 2. whois -h -- '-i origin [ASN]' | grep -Eo "([0-9.]+){4}/[0-9]+" Security Limit SSH users Set AllowUsers in /etc/sshd_config .k5login files Place at root of $HOME principalname@REALM Read the keytab file klist -k /etc/krb5.keytab Bring up kerberos password promt /bin/echo '' | /usr/bin/kinit Read a certificate openssl x509 -text -noout -in certificate.crt Convert cert cer file to pem file openssl x509 -inform pem -in certificate.cer -outform der -out certificate.pem Review a site's certificates openssl s_client -connect [site name]:443 -showcerts Review a site's ability to connect over TLS types openssl s_client -tls[number] -connect [site], e.g. openssl s_client -tls1_0, tls1_1, t1s1_2 Misc tools Man apropos man -K ^ [term] Make sure You don’t overwrite existing path export PATH="$PATH:/new/addition" Convert Unix time to regular time date -r [seconds] Simple Calendar ncal -J -m [1-12] Generate a random number echo $(( (RANDOM % 100000000000000000000000000) )) Generate a random-esque string echo $(date | cut -c 10-20 | md5) jot -r -w abc%f 1 | md5 Generate a random 20 character string echo `jot -r -c 12 a z` | md5 | cut -c 10-30 Convert text to hex xxd -p <<< "[string to enter]" Convert hex to text echo [hex text] | xxd -r -p Decrypt base64 encoded text echo [coded text] | base64 --decode Simple website from a directory python -m SimpleHTTPServer 8000 Screen keys Name a session: screen -S [name] Open new session: ctrl+a then c Switch between sessions: ctrl+a or ctrl+a then number for session [0-9] Connect to device over serial connection screen /dev/tty.[adapter] Connect to device over serial connection cu -l /dev/tty.[adapter, e.g. PL2303-00001014] -s 9600 -s 9600 To break session: ~ Is a particular port installed on a FreeBSD machine pkg info -x [portNameHere] Make it snow ruby -e 'C=`stty size`.scan(/\d+/)[1].to_i;S=["2743".to_i(16)].pack("U*");a={};puts "\033[2J";loop{a[rand(C)]=0;a.each{|x,o|;a[x]+=1;print "\033[#{o};#{x}H \033[#{a[x]};#{x}H#{S} \033[0;0H"};$stdout.flush;sleep 0.1}'