I’ve been keeping a collection of Linux commands that are particularly useful; some are from

websites I’ve visited, others from experience

I hope you find these are useful as I have. I’ll periodically add to the list, so check back
occasionally.

CONTENTS
Admin Commands .................................................................................................................... 2
GIT/JIRA.................................................................................................................................. 10
Images..................................................................................................................................... 10
Misc Commands ..................................................................................................................... 11
Networking .............................................................................................................................. 12
Windows.................................................................................................................................. 13
Java ......................................................................................................................................... 13
VituralBox ................................................................................................................................ 13
Apache .................................................................................................................................... 13
Encryption ............................................................................................................................... 14
Curl and Such ......................................................................................................................... 15
MySQL .................................................................................................................................... 17
Ports ........................................................................................................................................ 19
File........................................................................................................................................... 21
Comics .................................................................................................................................... 26
Other Fun ................................................................................................................................ 26
Page 2

Admin Commands
# netstat with group by (ip adress)
netstat -ntu | awk ' $5 ~ /^[0-9]/ {print $5}' | cut -d: -f1 | sort |
uniq -c | sort -n

# df without line wrap on long FS name

alias df="df | awk 'NF == 1 {printf(\$1); next}; {print}'"

# Update your system every day at lunch time (12:00)

(crontab -e) 00 12 * * * apt-get update (/etc/init.d/cron restart)

# Turn off SE Linux

setenforce 0

# How to Disable SELinux

echo 0 >/selinux/enforce

# Free unused memory currently unavailable

dd if=/dev/zero of=junk bs=1M count=1K

# Reboot
shutdown now -r or reboot

# Run the last command as root

sudo !!

# Execute a command without saving it in the history

<space>command

# Salvage a borked terminal

reset

# Execute a command at a given time

echo "ls -l" | at midnight

# Get your external IP address

curl ifconfig.me

# Close shell keeping all subprocess running

disown -a && exit

# Set audible alarm when an IP address comes online

ping -i 60 -a IP_address

# Display the top ten running processes - sorted by memory usage

ps aux | sort -nk +4 | tail
Page 3

# save command output to image

ifconfig | convert label:@- ip.png

# Display which distro is installed

cat /etc/issue

# Extract tarball from internet without local saving

wget -qO - "http://www.tarball.com/tarball.gz" | tar zxvf -

# Copy your SSH public key on a remote machine for passwordless login
- the easy way
ssh-copy-id username@hostname

# Start COMMAND, and kill it if still running after 5 seconds

timeout 5s COMMAND

# Download YouTube video with wget!

wget http://www.youtube.com/watch?v=dQw4w9WgXcQ -qO- | sed -n
"/fmt_url_map/{s/[\'\"\|]/\n/g;p}" | sed -n
'/^fmt_url_map/,/videoplayback/p' | sed -e :a -e '$q;N;5,$D;ba' | tr -
d '\n' | sed -e 's/\(.*\),\(.\)\{1,3\}/\1/' | wget -i - -O
surprise.flv

# Block known dirty hosts from reaching your machine

wget -qO - http://infiltrated.net/blacklisted|awk '!/#|[a-
z]/&&/./{print "iptables -A INPUT -s "$1" -j DROP"}'

# Add timestamp to history

export HISTTIMEFORMAT="%F %T "

# check site ssl certificate dates

echo | openssl s_client -connect www.google.com:443 2>/dev/null
|openssl x509 -dates -noout

# Create a nifty overview of the hardware in your computer

lshw -html > hardware.html

# Repoint an existing symlink to a new location

ln -nsf <TARGET> <LINK>

# Find broken symlinks

find -L . -type l

# df without line wrap on long FS name

df -P | column -t

# Make sudo forget password instantly

sudo -K

# clear current line

CTRL+u
Page 4

# Terminate a frozen SSH-session

RETURN~.

# Figure out what shell you're running

echo $0

# Use all the cores or CPUs when compiling

make -j 4

# change directory to actual path instead of symlink path

cd `pwd -P`

# Find last reboot time

who -b

# Run any GUI program remotely

ssh -fX <user>@<host> <program>

# Press ctrl+r in a bash shell and type a few letters of a previous

command
^r in bash begins a reverse-search-history with command completion

# Quick glance at who's been using your system recently

last | grep -v "^$" | awk '{ print $1 }' | sort -nr | uniq -c

# monitor memory usage

watch vmstat -sSM

# disable history for current shell session

unset HISTFILE

# Check Ram Speed and Type in Linux

sudo dmidecode --type 17 | more

# Display BIOS Information

dmidecode -t bios

# Sort all running processes by their memory & CPU usage

ps aux --sort=%mem,%cpu

# Change user, assume environment, stay in current dir

su -- user

# Function that outputs dots every second until command completes

sleeper(){ while `ps -p $1 &>/dev/null`; do echo -n "${2:-.}"; sleep
${3:-1}; done; }; export -f sleeper

# Testing hard disk reading speed

hdparm -t /dev/sda

# Find broken symlinks

find . -type l ! -exec test -e {} \; -print
Page 5

# scping files with streamlines compression (tar gzip)

tar czv file1 file2 folder1 | ssh user@server tar zxv -C /destination

# Discover the process start time

ps -eo pid,lstart,cmd

# what model of computer I'm using?

sudo dmidecode | grep Product

# Run a command when a file is changed

while inotifywait -e modify /tmp/myfile; do firefox; done

# Rapidly invoke an editor to write a long, complex, or tricky command

<ESC> v

# kill all process that belongs to you

kill -9 -1

# repeat a command every one second

watch -n 1 "do foo"

# List your MACs address

lsmac() { ifconfig -a | sed '/eth\|wl/!d;s/ Link.*HWaddr//' ; }

# Instantly load bash history of one shell into another running shell
$ history -a #in one shell , and $ history -r #in another running
shell

# When was your OS installed?

ls -lct /etc | tail -1 | awk '{print $6, $7}'

# LDAP search to query an ActiveDirectory server

ldapsearch -LLL -H ldap://activedirectory.example.com:389 -b
'dc=example,dc=com' -D 'DOMAIN\Joe.Bloggs' -w 'p@ssw0rd'
'(sAMAccountName=joe.bloggs)'

# hard disk information - Model/serial no.

hdparm -i[I] /dev/sda

# Show the UUID of a filesystem or partition

blkid /dev/sda7

# Find all symlinks that link to directories

find -type l -xtype d

# List your sudo rights

sudo -l

# Make changes in .bashrc immediately available

. ~/.bashrc
Page 6

# Add existing user to a group

usermod -a -G groupname username

# useless load
cat /dev/urandom | gzip -9 > /dev/null &

# Finding the number of cpu's

grep -c -e '^cpu[0-9]\+' /proc/stat

# List the CPU model name

grep "model name" /proc/cpuinfo

# geoip information
GeoipLookUp(){ curl -A "Mozilla/5.0" -s
"http://www.geody.com/geoip.php?ip=$1" | grep "^IP.*$1" | html2text; }

# Verify if user account exists in Linux / Unix

id <username>

# Show an application's environment variables

sudo sed 's/\o0/\n/g' "/proc/$(pidof -x firefox)/environ" ;# replace
firefox

# Tail a log file with long lines truncated

tail -f logfile.log | cut -b 1-80

# Find Out My Linux Distribution Name and Version

cat /etc/*-release

# Find broken symlinks

find . -type l -xtype l

# Creates a symbolic link or overwrites an existing one

ln -nvfs /source /destination

# Change the primary group of a user

usermod -g group user

# vi a remote file with port

vi scp://username@host:12345//path/to/somefile

# show where symlinks are pointing

lsli() { ls -l --color "$@" | awk '{ for(i=9;i<NF;i++){ printf("%s
",$i) } printf("%s\n",$NF) }'; }

# Extract public key from private

openssl rsa -in key.priv -pubout > key.pub

# Top 10 Memory Consuming Processes

ps -auxf | sort -nr -k 4 | head -10

# watch your network load on specific network interface

Page 7

watch -n1 'ifconfig eth0|grep bytes'

# Get all IPs via ifconfig

ifconfig | awk '/ddr:[0-9]/ {sub(/addr:/, ""); print $2}'

# Skip banner on ssh login prompt

ssh -q user@server

# Shows cpu load in percent

top -bn2|awk -F, '/Cpu/{if (NR>4){print 100-gensub(/.([^
]+).*/,"\\1","g",$4)}}'

# Capture video of a linux desktop

ffmpeg -f x11grab -s wxga -r 25 -i :0.0+1366,0 -qscale 0 /tmp/out.mpg

# Find last reboot time

sysctl -a | grep boottime | head -n 1

# Command to logout all the users in one command

who -u|grep -v root|awk {'print $6'}|kill `awk {'print $0'}`

# Know SELinux status

sestatus -v

# Create more threads with less stack space

ulimit -s 64

# Get me yesterday's date, even if today is 1-Mar-2008 and yesterday

was 29-Feb-2008
TZ=XYZ24 date

# Run the last command as root

sudo !-1

# Get number of users on a minecraft server

(echo -e '\xfe'; sleep 1) |telnet -L $HOSTIP 25565 2>/dev/null |awk -
F'\xa7' '$2 {print "users: "$2"/"$3;}'

# Get size of terminal

alias termsize='echo $COLUMNS x $LINES'

# list services running (as root)

service --status-all | grep running

# List users with running processes

ps aux | sed -n '/USER/!s/\([^ ]\) .*/\1/p' | sort -u

# Create new user with home dir and given password

useradd -m -p $(perl -e'print crypt("passwordscelta", "stigghiola")')
user

# Find out when your billion-second anniversary is (was).

Page 8

date -d09/19/1966+1000000000sec

# Change timestamp on a file

touch -amct [[CC]YY]MMDDhhmm[.ss] FILE

# force change password for all user

while IFS=: read u x; do passwd -e "$u"; done < /etc/passwd

# Greets the user appropriately

echo -e "12 morning\n15 afternoon\n24 evening" |awk '{if ('`date
+%H`'<$1) {print "Good "$2;exit}}'

# DNS cache snooping

for i in `cat names.txt`; do host -r $i [nameserver]; done

# List all users

cut -d: -f1 /etc/passwd | sort

# Flush DNS
sudo /etc/init.d/dns-clean

# ssh copy
cat ~/.ssh/id_rsa.pub | ssh deployer@xxxxx -p 52201 'cat >>
~/.ssh/authorized_keys'

# Delete the previous entry in your history

alias histdel='history -d $((HISTCMD-2)) && history -d $((HISTCMD-1))'

# Should I be sleeping?
[ $(date +"%H") -lt 7 ] && echo you should probably be sleeping...

# copy zip files which contains XXX

for i in *RET.zip; do unzip -l "$i"| grep -B 4 XXX | grep RET| sed
"s/.\+EPS/EPS/" |xargs -I '{}' cp '{}' out/'{}';done;

# grep for 2 words existing on the same line

egrep 'word1.*word2' --color /path/file.log |more

# Kill all processes belonging to a user

ps wwwwuax|awk '/command/ { printf("kill -9 %s\n",$2) }'|/bin/sh

# Quick access to ASCII code of a key

man ascii

# get ip and hostname for this computer

alias me="echo '`ifconfig | grep inet | grep broadcast | awk '{print
$2}'`' && uname -n"

# Set date and time

sudo date -s "26 OCT 2008 19:30:00"

# Generate SSH key

Page 9

ssh-keygen -t rsa -b 4096 -f ~/.ssh/<ROLE>_rsa -C "Comment goes here"

# Kill google chrome process

killall "Google Chrome"

# Make 'less' behave like 'tail -f'.

less +F somelogfile

# Generate an XKCD #936 style 4 word password

shuf -n4 /usr/share/dict/words | tr -d '\n'

# Alternative way to generate an XKCD #936 style 4 word password usig

sed
shuf -n4 /usr/share/dict/words | sed -e ':a;N;$!ba;s/\n/
/g;s/'\''//g;s/\b\(.\)/\u\1/g;s/ //g'

# Calculates the date 2 weeks ago from Saturday the specified format.
date -d '2 weeks ago Saturday' +%Y-%m-%d

# Get Dell Service Tag Number from a Dell Machine

sudo dmidecode | grep Serial\ Number | head -n1
Page 10

GIT/JIRA
# Grab all JIRA ticket numbers (e.g. ABC-123) mentioned in commits
added in feature branch off of master
git log master...feature-a | grep -o -E '\b([A-Z]+)-[0-9]+\b' | sort |
uniq

# Git log (commits titles) of today

git log --after="yesterday" --pretty=format:%s |uniq

Images
# Determine an image's dimensions
identify -format "%wx%h" /path/to/image.jpg

# Resolution of a image
identify -format "%[fx:w]x%[fx:h]" logo:

# Create a favicon
convert -colors 256 -resize 16x16 face.jpg face.ppm && ppmtowinicon -
output favicon.ico face.ppm
Page 11

Misc Commands
# Press Any Key to Continue
echo -n "Press any key to continue..." && read

# Random Beeps on Your PC Speaker

dd if=/dev/urandom of=/dev/speaker bs=1

# countdown from 10 ...

clear; tput cup 8 8; for i in $(seq 1 10); do echo -n "$((11-$i))
";sleep 1; done; tput cup 10 8; echo -e "DONE\n\n"

# Quick access to the ascii table.

man ascii

# convert single digit to double digits

for i in ?.ogg; do mv $i 0$i; done

# vim easter egg

$ vim ... :help 42

# Random Number between 1 And 256

od -An -N1 -tu1 /dev/random

# Print a random 8 digit number

jot -r -n 8 0 9 | rs -g 0

# Returns last day of current month

cal | egrep -e '^ [0-9]|^[0-9]' | tr '\n' ' ' | awk '{print $NF}'
Page 12

Networking
# A list of IPs (only) that are online in a specific subnet.
nmap -sP 192.168.1.0/24 | awk "/^Host/"'{ print $3 }' |nawk -F'[()]' '{print $2}'

# Regex to reliably search a file for valid IP addresses (and external IP addresses)
grep -Eoa "\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-
5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b" Filetosearch.txt

# regex to match an ip
echo 254.003.032.3 | grep -P '^((25[0-4]|2[0-4]\d|[01]?[\d]?[1-9])\.){3}(25[0-4]|2[0-
4]\d|[01]?[\d]?[1-9])$'

# List alive hosts in specific subnet

nmap -sP 192.168.1.0/24

# find all active IP addresses in a network

nmap -sP 192.168.1.0/24; arp -n | grep "192.168.1.[0-9]* *ether"

# Ping scanning without nmap

for i in {1..254}; do ping -c 1 -W 1 10.1.1.$i | grep 'from'; done

# The NMAP command you can use scan for the Conficker virus on your LAN
nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 192.168.0.1-254

# Netstat Connection Check

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n | tail

# Drop or block attackers IP with null routes

sudo route add xxx.xxx.xxx.xxx gw 127.0.0.1 lo

# Extract ip addresses with sed

sed -n 's/\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}/\nip&\n/gp' ips.txt | grep ip | sed 's/ip//'| sort | uniq

# Sniff ONLY POP3 authentication by intercepting the USER command

tcpdump -i eth0 "tcp port pop3 and ip[40] = 85 and ip[41] = 83" -s 1500 -n -w "sniff"
Page 13

Windows
# ps for windows
wmic process list IO

# Killing a process in Windows 7 command line

Taskkill /?

# Shutdown a Windows machine from Linux

net rpc shutdown -I ipAddressOfWindowsPC -U username%password

Java
# Count threads of a jvm process
ps uH p <PID_OF_U_PROCESS> | wc -l

# How to get full tread dump for java process

kill -3 PID

VituralBox
# Launch a VirtualBox virtual machine
VBoxManage startvm "name"

# run a VirtualBox virtual machine without a gui

VBoxHeadless -s <name|uuid>

Apache
# Know which modules are loaded on an Apache server
apache2 -t -D DUMP_MODULES

# Hits per hour apache log

awk -F: '{print $2}' access_log | sort | uniq -c
Page 14

Encryption
# GUID generator
guid(){ lynx -nonumbers -dump http://www.famkruithof.net/uuid/uuidgen | grep "\w\{8\}-" | tr -d ' ';
}

# Base64 decode
echo Y29tbWFuZGxpbmUuZnUgcm9ja3MK | base64 -d

# Generate MD5 hash for a string

printf "$string" | md5sum

# Encrypt/decrypt a string from the command line

echo 'HelloWorld!' | gpg --symmetric | base64

# Quickly generate an MD5 hash for a text string using OpenSSL

echo -n 'text to be encrypted' | openssl md5

# Quickly generate an MD5 hash for a text string using OpenSSL

md5sum<<<'text to be encrypted'

# Generate MD5 of string and output only the hash checksum in a readable format
echo -n "String to MD5" | md5sum | sed -e 's/[0-9a-f]\{2\}/& /g' -e 's/ -//'

# Generate MD5 of string and output only the hash checksum

echo -n "String to MD5" | md5sum | cut -b-32

# Generate SHA1 hash for each file in a list

ls [FILENAME] | xargs openssl sha1

# It decripts all pgp files in a selection folder and move the output into a file.
for x in *.pgp do `cat /file_with_the_passphrase.dat|(gpg --batch --no-tty --yes --passphrase-fd=0
--decrypt `basename $x`; ) > 'dump_content.dat'` done;

# md5 checksum check

digest -a -v md5 <file-name>
Page 15

Curl and Such

# Firefly quotes
yum install fortune-firefly; fortune

# Update twitter via curl

curl -u user:pass -d status="Tweeting from the shell" http://twitter.com/statuses/update.xml

# Check your unread Gmail from the command line

curl -u username:password --silent "https://mail.google.com/mail/feed/atom" | tr -d '\n' | awk -F
'<entry>' '{for (i=2; i<=NF; i++) {print $i}}' | sed -n "s/<title>\(.*\)<\/title.*name>\(.*\)<\/name>.*/\2 -
\1/p"

# Send email with curl and gmail

curl -n --ssl-reqd --mail-from "<user@gmail.com>" --mail-rcpt "<user@server.tld>" --url
smtps://smtp.gmail.com:465 -T file.txt

# Command Line to Get the Stock Quote via Yahoo

curl -s 'http://download.finance.yahoo.com/d/quotes.csv?s=csco&f=l1'

# Find pages returning 404 errors in apache logs

awk '$9 == 404 {print $7}' access_log | uniq -c | sort -rn | head

# grab all commandlinefu shell functions into a single file, suitable for sourcing.
export QQ=$(mktemp -d);(cd $QQ; curl -s -O
http://www.commandlinefu.com/commands/browse/sort-by-votes/plaintext/[0-2400:25];for i in
$(perl -ne 'print "$1\n" if( /^(\w+\(\))/ )' *|sort -u);do grep -h -m1 -B1 $i *; done)|grep -v '^--' >
clf.sh;rm -r $QQ

# Find out how old a web page is

wget -S --spider http://osswin.sourceforge.net/ 2>&1 | grep Mod

# Get Lorum Ipsum random text from lorumipsum.com

lynx -source http://www.lipsum.com/feed/xml?amount=3|perl -p -i -e 's/\n/\n\n/g'|sed -n
'/<lipsum>/,/<\/lipsum>/p'|sed -e 's/<[^>]*>//g'

# Tell Analytics to fuck itself.

gofuckanalytics() { echo "DELETE FROM moz_cookies WHERE name LIKE '__utm%';" | sqlite3
$( find ~/.mozilla -name cookies.sqlite ) }

# commit message generator - whatthecommit.com

curl http://whatthecommit.com/index.txt

# Check a server is up. If it isn't mail me.

curl -fs brandx.jp.sme 2&>1 > /dev/null || echo brandx.jp.sme ping failed | mail -ne -s'Server
unavailable' joker@jp.co.uk

# download all the presentations from UTOSC2010

Page 16

b="http://2010.utosc.com"; for p in $( curl -s $b/presentation/schedule/ | grep /presentation/[0-

9]*/ | cut -d"\"" -f2 ); do f=$(curl -s $b$p | grep "/static/slides/" | cut -d"\"" -f4); if [ -n "$f" ]; then
echo $b$f; curl -O $b$f; fi done

# geoip information
geo(){ curl -s "http://www.geody.com/geoip.php?ip=$(dig +short $1)"| sed
'/^IP:/!d;s/<[^>][^>]*>//g'; }

# upload a file via ftp

curl -u user:passwd -T /home/dir/local_file_to_upload ftp://your_host.com/subdir/

# Email yourself a short note

quickemail() { echo "$*" | mail -s "$*" email@email.com; }
Page 17

MySQL
# Get column names in MySQL
mysql -u <user> --password=<password> -e "SHOW COLUMNS FROM <table>"
<database> | awk '{print $1}' | tr "\n" "," | sed 's/,$//g'

# command line to drop all table from a databse

mysql -u uname dbname -e "show tables" | grep -v Tables_in | grep -v "+" |
gawk '{print "drop table " $1 ";"}' | mysql -u uname dbname

# MySQL: Find an instance of a populated table across numerous databases

TABLE_NAME=YYZ ; for DATABASE in $(echo "SELECT TABLE_SCHEMA FROM
information_schema.tables WHERE TABLE_NAME='$TABLE_NAME'" | mysql -N) ; do
echo -n "$DATABASE: " ; echo "SELECT COUNT(*) FROM $TABLE_NAME" | mysql
$DATABASE -N ; done | fgrep -v ': 0'

# See where MySQL is looking for its config files

mysql -? | grep ".cnf"

# Monitor MySQL threads per user

mysql -BNe "SELECT user,COUNT(user) AS count FROM processlist GROUP BY user
ORDER BY count;" information_schema

# Monitor the queries being run by MySQL

watch -n 1 mysqladmin --user=<user> --password=<password> processlist

# Backup all MySQL Databases to individual files

for I in $(mysql -e 'show databases' -s --skip-column-names); do mysqldump $I
| gzip > "$I.sql.gz"; done

# Backup all MySQL Databases to individual files

for db in $(mysql -e 'show databases' -s --skip-column-names); do mysqldump
$db | gzip > "/backups/mysqldump-$(hostname)-$db-$(date +%Y-%m-%d-
%H.%M.%S).gz"; done

# Dump mySQL db from Remote Database to Local Database

mysqldump --host=[remote host] --user=[remote user] --password=[remote
password] -C db_name | mysql --host=localhost --user=[local user] --
password=[local password] db_name

# mysql DB size
mysql -u root -pPasswort -e 'select
table_schema,round(sum(data_length+index_length)/1024/1024,4) from
information_schema.tables group by table_schema;'

# Discover unoptimized MySQL tables and optimize them.

for table in $(echo "select concat(TABLE_SCHEMA, '.', TABLE_NAME) from
information_schema.TABLES where TABLE_SCHEMA NOT IN
('information_schema','mysql') and Data_free > 0" | mysql --skip-column-
names); do echo "optimize table ${table}" | mysql; done;

# Mysql extended status

mysqladmin -u root -p extended-status

# Backup all mysql databases to individual files on a remote server

Page 18

for I in $(mysql -e 'show databases' -u root --password=root -s --skip-

column-names); do mysqldump -u root --password=root $I | gzip -c | ssh
user@server.com "cat > /remote/$I.sql.gz"; done
Page 19

Ports
# Forensic tool to find hidden processes and ports
unhide (proc|sys|brute)

# Lists open ports

netstat -antuwp | egrep "(^[^t])|(^tcp.*LISTEN)"

# find an unused unprivileged TCP port

netstat -tan | awk '$1 == "tcp" && $4 ~ /:/ { port=$4; sub(/^[^:]+:/, "",
port); used[int(port)] = 1; } END { for (p = 32768; p <= 61000; ++p) if (! (p
in used)) { print p; exit(0); }; exit(1); }'

# Check if TCP port 25 is open

netstat -tln | grep :25

# Check if TCP port 25 is open

sudo lsof -iTCP:25 -sTCP:LISTEN

# find an unused unprivileged TCP port

netstat -atn | perl -0777 -ne '@ports = /tcp.*?\:(\d+)\s+/imsg ; for $port
(32768..61000) {if(!grep(/^$port$/, @ports)) { print $port; last } }'

# tell if a port is in use

netstat -a --numeric-ports | grep 8321

# List open TCP/UDP ports

netstat -ltun

# Open Port Check

lsof -ni TCP

# list all opened ports on host

sudo lsof -P -i -n -sTCP:LISTEN
netstat -ant | grep LISTEN

# determine if tcp port is open

nmap -p 80 hostname

# For finding out if something is listening on a port and if so what the

daemon is.
fuser -n tcp {0..65535}

# List programs with open ports and connections

lsof -i

# Get list of servers with a specific port open

nmap -sT -p 80 -oG - 192.168.1.* | grep open

# List Listen Port by numbers

netstat -tlpn | sort -t: -k2 -n

# which process has a port open

Page 20

lsof -i :80

# Blink LED Port of NIC Card

ethtool -p eth0

# Show what PID is listening on port 80 on Linux

fuser -v 80/tcp

# Port Knocking!
knock <host> 3000 4000 5000 && ssh -p <port> user@host && knock <host> 5000
4000 3000

# which program is this port belongs to ?

lsof -i tcp:80

# List all open ports and their owning executables

lsof -i -P | grep -i "listen"

# Lists all listening ports together with the PID of the associated process
lsof -Pan -i tcp -i udp

# Detect Connections On Port - Android

netstat -lptu | grep -E "22.*ESTABLISHED" | cut -s -d ':' -f2 | awk '{print
$2}'

# Lists all listening ports together with the PID of the associated process
netstat -tunlp

# pid list by httpd listen port

lsof | awk '/*:https?/{print $2}' | sort -u

# start a tunnel from some machine's port 80 to your local post 2001
ssh -N -L2001:localhost:80 somemachine

# How to Kill Process that is Running on Certain Port in Windows?

netstat -a -o -n | grep 8080

# Get number of established sessions on a given port

netstat -anp | grep :80 | grep ESTABLISHED | wc -l

# whois surfing my web ?

watch lsof -i :80

# Displays All TCP and UDP Connections

sudo netstat|head -n2|tail -n1 && sudo netstat -a|grep udp && echo && sudo
netstat|head -n2|tail -n1 && sudo netstat -a|grep tcp
Page 21

File
# get size of a file
du -hs file-name

# tar the current directory wihtout the absolute path

tar -cf "../${PWD##*/}.tar" .

# Recursively search a directory tree for all .php .inc .html .htm .css .js
files for a certain string
find . -type f \( -name "*.js" -o -name "*.php" -o -name "*.inc" -o -name
"*.html" -o -name "*.htm" -o -name "*.css" \) -exec grep -il 'searchString'
{} \;

# find names of files ending in *log that have both foo and bar
grep -l bar *.log | xargs grep -l foo

# Make a directory named with the current date

mkdir `date --iso`

# Create a 100MB file for testing transfer speed

dd if=/dev/random of=bigfile bs=1024 count=102400

# ls only directories
ls -ad */

# replace strings in file names

rename 's/foo/bar/g' foobar

# List files opened by a PID

lsof -p 15857

# Find status of all symlinks

symlinks -r $(pwd)

# cleanup /tmp directory

find /tmp -type f -atime +1 -delete

# Remove Backup Files

find / -name *~ -delete
Page 22

# Find the 10 lusers winners of the "I take up the most disk space" award
du -sh /home/*|sort -rh|head -n 10

# Print total size of specified files and subdirectories

du -sk * | awk '{print $1} END {print "[+z1<y]sy\nlyx\np"}' | dc

# Recursive remove files by mask

find . -name ".DS_Store" -print0 | xargs -0 rm -rf

# List only those files that has all uppercase letters in their names (e.g.
README)
ls | grep '^[A-Z0-9]*$'

# Get dimensions of an image.

identify path/to/image.jpg | awk '{print $3;}'

# Mount folder/filesystem through SSH

sshfs name@server:/path/to/folder /path/to/mount/point

# Show apps that use internet connection at the moment. (Multi-Language)

lsof -P -i -n

# Find Duplicate Files (based on size first, then MD5 hash)

find -not -empty -type f -printf "%s\n" | sort -rn | uniq -d | xargs -I{} -n1
find -type f -size {}c -print0 | xargs -0 md5sum | sort | uniq -w32 --all-
repeated=separate

# Create a CD/DVD ISO image from disk.

readom dev=/dev/scd0 f=/path/to/image.iso

# replace spaces in filenames with underscores

rename 'y/ /_/' *

# Get the 10 biggest files/folders for the current direcotry

du -s * | sort -n | tail

# Mount a .iso file in UNIX/Linux

mount /path/to/file.iso /mnt/cdrom -oloop

# Sort the size usage of a directory tree by gigabytes, kilobytes, megabytes,

then bytes.
du -b --max-depth 1 | sort -nr | perl -pe 's{([0-9]+)}{sprintf "%.1f%s",
$1>=2**30? ($1/2**30, "G"): $1>=2**20? ($1/2**20, "M"): $1>=2**10? ($1/2**10,
"K"): ($1, "")}e'

# Recursively change permissions on files, leave directories alone.

find ./ -type f -exec chmod 644 {} \;

# Find files that have been modified on your system in the past 60 minutes
sudo find / -mmin 60 -type f

# ls not pattern
ls !(*.gz)

# Remove blank lines from a file using grep and save output to new file
grep . filename > newfilename
Page 23

# find all file larger than 500M

find / -type f -size +500M

# List all files opened by a particular command

lsof -c dhcpd

# Recover a deleted file

grep -a -B 25 -A 100 'some string in the file' /dev/sda1 > results.txt

# convert filenames in current directory to lowercase

rename 'y/A-Z/a-z/' *

# Find Duplicate Files (based on MD5 hash)

find -type f -exec md5sum '{}' ';' | sort | uniq --all-repeated=separate -w
33 | cut -c 35-

# Empty a file
truncate -s0 file

# Rename all .jpeg and .JPG files to have .jpg extension

rename 's/\.jpe?g$/.jpg/i' *

# Convert all Flac in a directory to Mp3 using maximum quality variable

bitrate
for file in *.flac; do flac -cd "$file" | lame -q 0 --vbr-new -V 0 -
"${file%.flac}.mp3"; done

# List 10 largest directories in current directory

du -hs */ | sort -hr | head

# Count files beneath current directory (including subfolders)

find . -type f | wc -l

# move a lot of files over ssh

rsync -az /home/user/test user@sshServer:/tmp/

# Add prefix onto filenames

rename 's/^/prefix/' *

# Files extension change

rename .oldextension .newextension *.oldextension

# Convert camelCase to underscores (camel_case)

sed -r 's/([a-z]+)([A-Z][a-z]+)/\1_\l\2/g' file.txt

# Create directory named after current date

mkdir $(date +%Y%m%d)

# Tail -f at your own pace

tail -fs 1 somefile

# Get the 10 biggest files/folders for the current direcotry

du -sk * |sort -rn |head

# List complete size of directories (do not consider hidden directories)

du -hs */
Page 24

# Recursively find top 20 largest files (> 1MB) sort human readable format
find . -mount -type f -printf "%k %p\n" | sort -rg | cut -d \ -f 2- | xargs
-I {} du -sh {} | less

# Find the 10 users that take up the most disk space

sudo -s du -sm /Users/* | sort -nr | head -n 10

# Copy modification timestamp from one file to another.

touch -r "source_file" "destination_file"

# Top 15 processes with the largest number of open files

lsof +c 15 | awk '{print $1}' | sort | uniq -c | sort -rn | head

# LIST FILENAMES OF FILES CREATED TODAY IN CURRENT DIRECTORY

ls -l --time-style=+%Y-%m-%d | awk "/$(date +'%Y-%m-%d')/ {print \$7}"

# count files by type

ls | tr [:upper:] [:lower:] | grep -oP '\.[^\.]+$' | sort | uniq -c | sort

# Create md5sum of a directory

find -name .git -prune -o -type f -exec md5sum {} \; | sort -k2 | md5sum

# Recursively search and replace old with new string, inside every instance
of filename.ext
find . -type f -name filename.exe -exec sed -i "s/oldstring/oldstring/g" {}
+;

# Print duplicate files

find . -type f -print0 | xargs -0 -n1 md5sum | sort -k 1,32 | uniq -w 32 -d -
-all-repeated=separate | sed -e 's/^[0-9a-f]*\ *//;'

# Find Duplicate Files (based on size first, then MD5 hash)

find . -type f -not -empty -printf "%-25s%p\n"|sort -n|uniq -D -w25|cut -b26-
|xargs -d"\n" -n1 md5sum|sed "s/ /\x0/"|uniq -D -w32|awk -F"\0"
'BEGIN{l="";}{if(l!=$1||l==""){printf "\n%s\0",$1}printf
"\0%s",$2;l=$1}END{printf "\n"}'|sed "/^$/d"

# List files and sizes

find / -type f -exec wc -c {} \; | sort -nr | head -100

# Print all open regular files sorted by the number of file handles open to
each.
lsof -a -d 1-99 -Fn / | grep ^n | cut -b2- | sort | uniq -c | sort -n

# underscore to camelCase
echo "hello_world" | sed -r 's/([a-z]+)_([a-z])([a-z]+)/\1\U\2\L\3/'

# Copy a file over the network with 3 bounces

cat file.orig | ssh user1@host1 "ssh user2@host2 \"ssh user3@server3 'cat
>file.dest'\""
# Regex or
egrep expr1\|expr2 file

# find all symlinks to a file

find / -lname path/to/foo.txt
Page 25

# sort a csv file according to a particular n th field numerically (quicker

than excel)
sort -t"," -n -k5 file.csv # according to the 5th field NUMERICALLY!!

# rename files (in this case pdfs) numerically in date order

find . -name "*.pdf" -print0 | xargs -r0 stat -c %y\ %n | sort|awk '{print
$4}'|gawk 'BEGIN{ a=1 }{ printf "mv %s %04d.pdf\n", $0, a++ }' | bash

# Create multiple files in a single command

touch file{1,2,3,4,5}.sh

# Recursive chmod all *.sh files within the current directory

find ./ -name "*.sh" -exec chmod +x {} \;

# Find all the files more than 10MB, sort in descending order of size and
record the output of filenames and size in a text file.
find . -size +10240k -exec ls -l {} \; | awk '{ print $5,"",$9 }'|sort -rn >
message.out

# Show duplicate lines in a file

sort namesd.txt | uniq ?cd

# Remove security limitations from PDF documents using QPDF

qpdf --decrypt inputfile.pdf outputfile.pdf

# Archive all files that have not been modified in the last days
find /protocollo/paflow -type f -mtime +5 | xargs tar -cvf /var/dump-
protocollo/`date '+%d%m%Y'_archive.tar`

# Convert JSON to YAML

catmandu convert JSON to YAML < file.json > file.yaml
Page 26

Comics
# Use curl on Windows to bulk-download the Savitabhabhi Comic Strip (for
Adults)
for /L %%x in (1,1,16) do mkdir %%x & curl -R -e http://www.kirtu.com -o
%%x/#1.jpg http://www.kirtu.com/toon/content/sb%x/english/sb%x_en_[001-
070].jpg

# View the newest xkcd comic.

curl -s 'xkcd.com' | awk -F\" '/^<img/{printf("<?xml
version=\"1.0\"?>\n<xkcd>\n<item>\n <title>%s</title>\n
<comment>%s</comment>\n <image>%s</image>\n</item>\n</xkcd>\n", $6, $4, $2)}'

# View the newest xkcd comic.

xkcd() { wget -qO- http://xkcd.com/ | sed -n 's#^<img
src="\(http://imgs.[^"]\+\)"\s\+title="\(.\+\?\)"\salt.\+$#eog "\1"\necho
'"'\2'#p" | bash ; }

# Random Cyanide and Happiness comics from explosm.net

cyanide(){ display "$(wget -q http://explosm.net/comics/random/ -O - | grep -
Po 'http://www.explosm.net/db/files/Comics/*/[^"]+(png|jpg|jpeg)')"; }

Other Fun
# Rickroll your users when they sudo (doesn't work if ssh to MGTI but
really funny if you set it to play "I'm looking at porn over here!"
very loudly...
Also. Must be in correct directory...find .bash_aliases
echo "alias sudo=\"aplay annoyingsoundfile.ogg\"" >> .bash_aliases