I’ve been keeping a collection of Linux commands that are particularly useful; some are from websites I’ve visited, others from experience I hope you find these are useful as I have. I’ll periodically add to the list, so check back occasionally.

1. I’ve been keeping a collection of Linux commands that are particularly useful; some are from
websites I’ve visited, others from experience
I hope you find these are useful as I have. I’ll periodically add to the list, so check back
occasionally.
CONTENTS
Admin Commands .................................................................................................................... 2
GIT/JIRA.................................................................................................................................. 10
Images..................................................................................................................................... 10
Misc Commands ..................................................................................................................... 11
Networking .............................................................................................................................. 12
Windows.................................................................................................................................. 13
Java......................................................................................................................................... 13
VituralBox................................................................................................................................ 13
Apache .................................................................................................................................... 13
Encryption ............................................................................................................................... 14
Curl and Such ......................................................................................................................... 15
MySQL .................................................................................................................................... 17
Ports........................................................................................................................................ 19
File........................................................................................................................................... 21
Comics .................................................................................................................................... 26
Other Fun................................................................................................................................ 26

2. Page 2
Admin Commands
# netstat with group by (ip adress)
netstat -ntu | awk ' $5 ~ /^[0-9]/ {print $5}' | cut -d: -f1 | sort |
uniq -c | sort -n
# df without line wrap on long FS name
alias df="df | awk 'NF == 1 {printf($1); next}; {print}'"
# Update your system every day at lunch time (12:00)
(crontab -e) 00 12 * * * apt-get update (/etc/init.d/cron restart)
# Turn off SE Linux
setenforce 0
# How to Disable SELinux
echo 0 >/selinux/enforce
# Free unused memory currently unavailable
dd if=/dev/zero of=junk bs=1M count=1K
# Reboot
shutdown now -r or reboot
# Run the last command as root
sudo !!
# Execute a command without saving it in the history
<space>command
# Salvage a borked terminal
reset
# Execute a command at a given time
echo "ls -l" | at midnight
# Get your external IP address
curl ifconfig.me
# Close shell keeping all subprocess running
disown -a && exit
# Set audible alarm when an IP address comes online
ping -i 60 -a IP_address
# Display the top ten running processes - sorted by memory usage
ps aux | sort -nk +4 | tail

3. Page 3
# save command output to image
ifconfig | convert label:@- ip.png
# Display which distro is installed
cat /etc/issue
# Extract tarball from internet without local saving
wget -qO - "http://www.tarball.com/tarball.gz" | tar zxvf -
# Copy your SSH public key on a remote machine for passwordless login
- the easy way
ssh-copy-id username@hostname
# Start COMMAND, and kill it if still running after 5 seconds
timeout 5s COMMAND
# Download YouTube video with wget!
wget http://www.youtube.com/watch?v=dQw4w9WgXcQ -qO- | sed -n
"/fmt_url_map/{s/['"|]/n/g;p}" | sed -n
'/^fmt_url_map/,/videoplayback/p' | sed -e :a -e '$q;N;5,$D;ba' | tr -
d 'n' | sed -e 's/(.*),(.){1,3}/1/' | wget -i - -O
surprise.flv
# Block known dirty hosts from reaching your machine
wget -qO - http://infiltrated.net/blacklisted|awk '!/#|[a-
z]/&&/./{print "iptables -A INPUT -s "$1" -j DROP"}'
# Add timestamp to history
export HISTTIMEFORMAT="%F %T "
# check site ssl certificate dates
echo | openssl s_client -connect www.google.com:443 2>/dev/null
|openssl x509 -dates -noout
# Create a nifty overview of the hardware in your computer
lshw -html > hardware.html
# Repoint an existing symlink to a new location
ln -nsf <TARGET> <LINK>
# Find broken symlinks
find -L . -type l
# df without line wrap on long FS name
df -P | column -t
# Make sudo forget password instantly
sudo -K
# clear current line
CTRL+u

4. Page 4
# Terminate a frozen SSH-session
RETURN~.
# Figure out what shell you're running
echo $0
# Use all the cores or CPUs when compiling
make -j 4
# change directory to actual path instead of symlink path
cd `pwd -P`
# Find last reboot time
who -b
# Run any GUI program remotely
ssh -fX <user>@<host> <program>
# Press ctrl+r in a bash shell and type a few letters of a previous
command
^r in bash begins a reverse-search-history with command completion
# Quick glance at who's been using your system recently
last | grep -v "^$" | awk '{ print $1 }' | sort -nr | uniq -c
# monitor memory usage
watch vmstat -sSM
# disable history for current shell session
unset HISTFILE
# Check Ram Speed and Type in Linux
sudo dmidecode --type 17 | more
# Display BIOS Information
dmidecode -t bios
# Sort all running processes by their memory & CPU usage
ps aux --sort=%mem,%cpu
# Change user, assume environment, stay in current dir
su -- user
# Function that outputs dots every second until command completes
sleeper(){ while `ps -p $1 &>/dev/null`; do echo -n "${2:-.}"; sleep
${3:-1}; done; }; export -f sleeper
# Testing hard disk reading speed
hdparm -t /dev/sda
# Find broken symlinks
find . -type l ! -exec test -e {} ; -print

5. Page 5
# scping files with streamlines compression (tar gzip)
tar czv file1 file2 folder1 | ssh user@server tar zxv -C /destination
# Discover the process start time
ps -eo pid,lstart,cmd
# what model of computer I'm using?
sudo dmidecode | grep Product
# Run a command when a file is changed
while inotifywait -e modify /tmp/myfile; do firefox; done
# Rapidly invoke an editor to write a long, complex, or tricky command
<ESC> v
# kill all process that belongs to you
kill -9 -1
# repeat a command every one second
watch -n 1 "do foo"
# List your MACs address
lsmac() { ifconfig -a | sed '/eth|wl/!d;s/ Link.*HWaddr//' ; }
# Instantly load bash history of one shell into another running shell
$ history -a #in one shell , and $ history -r #in another running
shell
# When was your OS installed?
ls -lct /etc | tail -1 | awk '{print $6, $7}'
# LDAP search to query an ActiveDirectory server
ldapsearch -LLL -H ldap://activedirectory.example.com:389 -b
'dc=example,dc=com' -D 'DOMAINJoe.Bloggs' -w 'p@ssw0rd'
'(sAMAccountName=joe.bloggs)'
# hard disk information - Model/serial no.
hdparm -i[I] /dev/sda
# Show the UUID of a filesystem or partition
blkid /dev/sda7
# Find all symlinks that link to directories
find -type l -xtype d
# List your sudo rights
sudo -l
# Make changes in .bashrc immediately available
. ~/.bashrc

6. Page 6
# Add existing user to a group
usermod -a -G groupname username
# useless load
cat /dev/urandom | gzip -9 > /dev/null &
# Finding the number of cpu's
grep -c -e '^cpu[0-9]+' /proc/stat
# List the CPU model name
grep "model name" /proc/cpuinfo
# geoip information
GeoipLookUp(){ curl -A "Mozilla/5.0" -s
"http://www.geody.com/geoip.php?ip=$1" | grep "^IP.*$1" | html2text; }
# Verify if user account exists in Linux / Unix
id <username>
# Show an application's environment variables
sudo sed 's/o0/n/g' "/proc/$(pidof -x firefox)/environ" ;# replace
firefox
# Tail a log file with long lines truncated
tail -f logfile.log | cut -b 1-80
# Find Out My Linux Distribution Name and Version
cat /etc/*-release
# Find broken symlinks
find . -type l -xtype l
# Creates a symbolic link or overwrites an existing one
ln -nvfs /source /destination
# Change the primary group of a user
usermod -g group user
# vi a remote file with port
vi scp://username@host:12345//path/to/somefile
# show where symlinks are pointing
lsli() { ls -l --color "$@" | awk '{ for(i=9;i<NF;i++){ printf("%s
",$i) } printf("%sn",$NF) }'; }
# Extract public key from private
openssl rsa -in key.priv -pubout > key.pub
# Top 10 Memory Consuming Processes
ps -auxf | sort -nr -k 4 | head -10
# watch your network load on specific network interface

7. Page 7
watch -n1 'ifconfig eth0|grep bytes'
# Get all IPs via ifconfig
ifconfig | awk '/ddr:[0-9]/ {sub(/addr:/, ""); print $2}'
# Skip banner on ssh login prompt
ssh -q user@server
# Shows cpu load in percent
top -bn2|awk -F, '/Cpu/{if (NR>4){print 100-gensub(/.([^
]+).*/,"1","g",$4)}}'
# Capture video of a linux desktop
ffmpeg -f x11grab -s wxga -r 25 -i :0.0+1366,0 -qscale 0 /tmp/out.mpg
# Find last reboot time
sysctl -a | grep boottime | head -n 1
# Command to logout all the users in one command
who -u|grep -v root|awk {'print $6'}|kill `awk {'print $0'}`
# Know SELinux status
sestatus -v
# Create more threads with less stack space
ulimit -s 64
# Get me yesterday's date, even if today is 1-Mar-2008 and yesterday
was 29-Feb-2008
TZ=XYZ24 date
# Run the last command as root
sudo !-1
# Get number of users on a minecraft server
(echo -e 'xfe'; sleep 1) |telnet -L $HOSTIP 25565 2>/dev/null |awk -
F'xa7' '$2 {print "users: "$2"/"$3;}'
# Get size of terminal
alias termsize='echo $COLUMNS x $LINES'
# list services running (as root)
service --status-all | grep running
# List users with running processes
ps aux | sed -n '/USER/!s/([^ ]) .*/1/p' | sort -u
# Create new user with home dir and given password
useradd -m -p $(perl -e'print crypt("passwordscelta", "stigghiola")')
user
# Find out when your billion-second anniversary is (was).

8. Page 8
date -d09/19/1966+1000000000sec
# Change timestamp on a file
touch -amct [[CC]YY]MMDDhhmm[.ss] FILE
# force change password for all user
while IFS=: read u x; do passwd -e "$u"; done < /etc/passwd
# Greets the user appropriately
echo -e "12 morningn15 afternoonn24 evening" |awk '{if ('`date
+%H`'<$1) {print "Good "$2;exit}}'
# DNS cache snooping
for i in `cat names.txt`; do host -r $i [nameserver]; done
# List all users
cut -d: -f1 /etc/passwd | sort
# Flush DNS
sudo /etc/init.d/dns-clean
# ssh copy
cat ~/.ssh/id_rsa.pub | ssh deployer@xxxxx -p 52201 'cat >>
~/.ssh/authorized_keys'
# Delete the previous entry in your history
alias histdel='history -d $((HISTCMD-2)) && history -d $((HISTCMD-1))'
# Should I be sleeping?
[ $(date +"%H") -lt 7 ] && echo you should probably be sleeping...
# copy zip files which contains XXX
for i in *RET.zip; do unzip -l "$i"| grep -B 4 XXX | grep RET| sed
"s/.+EPS/EPS/" |xargs -I '{}' cp '{}' out/'{}';done;
# grep for 2 words existing on the same line
egrep 'word1.*word2' --color /path/file.log |more
# Kill all processes belonging to a user
ps wwwwuax|awk '/command/ { printf("kill -9 %sn",$2) }'|/bin/sh
# Quick access to ASCII code of a key
man ascii
# get ip and hostname for this computer
alias me="echo '`ifconfig | grep inet | grep broadcast | awk '{print
$2}'`' && uname -n"
# Set date and time
sudo date -s "26 OCT 2008 19:30:00"
# Generate SSH key

9. Page 9
ssh-keygen -t rsa -b 4096 -f ~/.ssh/<ROLE>_rsa -C "Comment goes here"
# Kill google chrome process
killall "Google Chrome"
# Make 'less' behave like 'tail -f'.
less +F somelogfile
# Generate an XKCD #936 style 4 word password
shuf -n4 /usr/share/dict/words | tr -d 'n'
# Alternative way to generate an XKCD #936 style 4 word password usig
sed
shuf -n4 /usr/share/dict/words | sed -e ':a;N;$!ba;s/n/
/g;s/'''//g;s/b(.)/u1/g;s/ //g'
# Calculates the date 2 weeks ago from Saturday the specified format.
date -d '2 weeks ago Saturday' +%Y-%m-%d
# Get Dell Service Tag Number from a Dell Machine
sudo dmidecode | grep Serial Number | head -n1

10. Page 10
GIT/JIRA
# Grab all JIRA ticket numbers (e.g. ABC-123) mentioned in commits
added in feature branch off of master
git log master...feature-a | grep -o -E 'b([A-Z]+)-[0-9]+b' | sort |
uniq
# Git log (commits titles) of today
git log --after="yesterday" --pretty=format:%s |uniq
Images
# Determine an image's dimensions
identify -format "%wx%h" /path/to/image.jpg
# Resolution of a image
identify -format "%[fx:w]x%[fx:h]" logo:
# Create a favicon
convert -colors 256 -resize 16x16 face.jpg face.ppm && ppmtowinicon -
output favicon.ico face.ppm

11. Page 11
Misc Commands
# Press Any Key to Continue
echo -n "Press any key to continue..." && read
# Random Beeps on Your PC Speaker
dd if=/dev/urandom of=/dev/speaker bs=1
# countdown from 10 ...
clear; tput cup 8 8; for i in $(seq 1 10); do echo -n "$((11-$i))
";sleep 1; done; tput cup 10 8; echo -e "DONEnn"
# Quick access to the ascii table.
man ascii
# convert single digit to double digits
for i in ?.ogg; do mv $i 0$i; done
# vim easter egg
$ vim ... :help 42
# Random Number between 1 And 256
od -An -N1 -tu1 /dev/random
# Print a random 8 digit number
jot -r -n 8 0 9 | rs -g 0
# Returns last day of current month
cal | egrep -e '^ [0-9]|^[0-9]' | tr 'n' ' ' | awk '{print $NF}'

12. Page 12
Networking
# A list of IPs (only) that are online in a specific subnet.
nmap -sP 192.168.1.0/24 | awk "/^Host/"'{ print $3 }' |nawk -F'[()]' '{print $2}'
# Regex to reliably search a file for valid IP addresses (and external IP addresses)
grep -Eoa "b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-
5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)b" Filetosearch.txt
# regex to match an ip
echo 254.003.032.3 | grep -P '^((25[0-4]|2[0-4]d|[01]?[d]?[1-9]).){3}(25[0-4]|2[0-
4]d|[01]?[d]?[1-9])$'
# List alive hosts in specific subnet
nmap -sP 192.168.1.0/24
# find all active IP addresses in a network
nmap -sP 192.168.1.0/24; arp -n | grep "192.168.1.[0-9]* *ether"
# Ping scanning without nmap
for i in {1..254}; do ping -c 1 -W 1 10.1.1.$i | grep 'from'; done
# The NMAP command you can use scan for the Conficker virus on your LAN
nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 192.168.0.1-254
# Netstat Connection Check
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n | tail
# Drop or block attackers IP with null routes
sudo route add xxx.xxx.xxx.xxx gw 127.0.0.1 lo
# Extract ip addresses with sed
sed -n 's/([0-9]{1,3}.){3}[0-9]{1,3}/nip&n/gp' ips.txt | grep ip | sed 's/ip//'| sort | uniq
# Sniff ONLY POP3 authentication by intercepting the USER command
tcpdump -i eth0 "tcp port pop3 and ip[40] = 85 and ip[41] = 83" -s 1500 -n -w "sniff"

13. Page 13
Windows
# ps for windows
wmic process list IO
# Killing a process in Windows 7 command line
Taskkill /?
# Shutdown a Windows machine from Linux
net rpc shutdown -I ipAddressOfWindowsPC -Uusername%password
Java
# Count threads of a jvm process
ps uH p <PID_OF_U_PROCESS> |wc -l
# How to get full tread dump for java process
kill -3 PID
VituralBox
# Launch a VirtualBox virtual machine
VBoxManage startvm "name"
# run a VirtualBox virtual machine without a gui
VBoxHeadless -s <name|uuid>
Apache
# Know which modules are loaded on an Apache server
apache2 -t -D DUMP_MODULES
# Hits per hour apache log
awk -F: '{print $2}' access_log | sort | uniq -c

14. Page 14
Encryption
# GUID generator
guid(){ lynx -nonumbers -dump http://www.famkruithof.net/uuid/uuidgen | grep "w{8}-" | tr -d ' ';
}
# Base64 decode
echo Y29tbWFuZGxpbmUuZnUgcm9ja3MK | base64 -d
# Generate MD5 hash for a string
printf "$string" | md5sum
# Encrypt/decrypt a string from the command line
echo 'HelloWorld!' | gpg --symmetric |base64
# Quickly generate an MD5 hash for a text string using OpenSSL
echo -n 'text to be encrypted' | openssl md5
# Quickly generate an MD5 hash for a text string using OpenSSL
md5sum<<<'text to be encrypted'
# Generate MD5 of string and output only the hash checksum in a readable format
echo -n "String to MD5" | md5sum | sed -e 's/[0-9a-f]{2}/& /g' -e 's/ -//'
# Generate MD5 of string and output only the hash checksum
echo -n "String to MD5" | md5sum | cut -b-32
# Generate SHA1 hash for each file in a list
ls [FILENAME] | xargs openssl sha1
# It decripts all pgp files in a selection folder and move the output into a file.
for x in *.pgp do `cat /file_with_the_passphrase.dat|(gpg --batch --no-tty --yes --passphrase-fd=0
--decrypt `basename $x`; ) > 'dump_content.dat'` done;
# md5 checksum check
digest -a -v md5 <file-name>

15. Page 15
Curl and Such
# Firefly quotes
yum install fortune-firefly; fortune
# Update twitter via curl
curl -u user:pass -d status="Tweeting from the shell" http://twitter.com/statuses/update.xml
# Check your unread Gmail from the command line
curl -u username:password --silent "https://mail.google.com/mail/feed/atom" | tr -d 'n' | awk -F
'<entry>' '{for (i=2; i<=NF; i++) {print $i}}' | sed -n "s/<title>(.*)</title.*name>(.*)</name>.*/2 -
1/p"
# Send email with curl and gmail
curl -n --ssl-reqd --mail-from "<user@gmail.com>" --mail-rcpt "<user@server.tld>" --url
smtps://smtp.gmail.com:465 -T file.txt
# Command Line to Get the Stock Quote via Yahoo
curl -s 'http://download.finance.yahoo.com/d/quotes.csv?s=csco&f=l1'
# Find pages returning 404 errors in apache logs
awk '$9 == 404 {print $7}' access_log | uniq -c | sort -rn | head
# grab all commandlinefu shell functions into a single file, suitable for sourcing.
export QQ=$(mktemp -d);(cd $QQ; curl -s -O
http://www.commandlinefu.com/commands/browse/sort-by-votes/plaintext/[0-2400:25];for i in
$(perl -ne 'print "$1n" if( /^(w+())/ )' *|sort -u);do grep -h -m1 -B1 $i *; done)|grep -v '^--' >
clf.sh;rm -r $QQ
# Find out how old a web page is
wget -S --spider http://osswin.sourceforge.net/ 2>&1 | grep Mod
# Get Lorum Ipsum random text from lorumipsum.com
lynx -source http://www.lipsum.com/feed/xml?amount=3|perl -p -i -e 's/n/nn/g'|sed -n
'/<lipsum>/,/</lipsum>/p'|sed -e 's/<[^>]*>//g'
# Tell Analytics to fuck itself.
gofuckanalytics() { echo "DELETE FROM moz_cookies WHERE name LIKE '__utm%';" | sqlite3
$( find ~/.mozilla -name cookies.sqlite ) }
# commit message generator - whatthecommit.com
curl http://whatthecommit.com/index.txt
# Check a server is up. If it isn't mail me.
curl -fs brandx.jp.sme 2&>1 > /dev/null || echo brandx.jp.sme ping failed | mail -ne -s'Server
unavailable' joker@jp.co.uk
# download all the presentations from UTOSC2010

16. Page 16
b="http://2010.utosc.com"; for p in $( curl -s $b/presentation/schedule/ | grep /presentation/[0-
9]*/ | cut -d""" -f2 ); do f=$(curl -s $b$p | grep "/static/slides/" | cut -d""" -f4); if [ -n "$f" ]; then
echo $b$f; curl -O $b$f; fi done
# geoip information
geo(){ curl -s "http://www.geody.com/geoip.php?ip=$(dig +short $1)"| sed
'/^IP:/!d;s/<[^>][^>]*>//g'; }
# upload a file via ftp
curl -u user:passwd -T /home/dir/local_file_to_upload ftp://your_host.com/subdir/
# Email yourself a short note
quickemail() { echo "$*" | mail -s "$*" email@email.com; }

17. Page 17
MySQL
# Get column names in MySQL
mysql -u <user> --password=<password> -e "SHOW COLUMNS FROM <table>"
<database> | awk '{print $1}' | tr "n" "," | sed 's/,$//g'
# command line to drop all table from a databse
mysql -u uname dbname -e "show tables" | grep -v Tables_in | grep -v "+" |
gawk '{print "drop table " $1 ";"}' | mysql -u uname dbname
# MySQL: Find an instance of a populated table across numerous databases
TABLE_NAME=YYZ ; for DATABASE in $(echo "SELECT TABLE_SCHEMA FROM
information_schema.tables WHERE TABLE_NAME='$TABLE_NAME'" | mysql -N) ; do
echo -n "$DATABASE: " ; echo "SELECT COUNT(*) FROM $TABLE_NAME" | mysql
$DATABASE -N ; done | fgrep -v ': 0'
# See where MySQL is looking for its config files
mysql -? | grep ".cnf"
# Monitor MySQL threads per user
mysql -BNe "SELECT user,COUNT(user) AS count FROM processlist GROUP BY user
ORDER BY count;" information_schema
# Monitor the queries being run by MySQL
watch -n 1 mysqladmin --user=<user> --password=<password> processlist
# Backup all MySQL Databases to individual files
for I in $(mysql -e 'show databases' -s --skip-column-names); do mysqldump $I
| gzip > "$I.sql.gz"; done
# Backup all MySQL Databases to individual files
for db in $(mysql -e 'show databases' -s --skip-column-names); do mysqldump
$db | gzip > "/backups/mysqldump-$(hostname)-$db-$(date +%Y-%m-%d-
%H.%M.%S).gz"; done
# Dump mySQL db from Remote Database to Local Database
mysqldump --host=[remote host] --user=[remote user] --password=[remote
password] -C db_name | mysql --host=localhost --user=[local user] --
password=[local password] db_name
# mysql DB size
mysql -u root -pPasswort -e 'select
table_schema,round(sum(data_length+index_length)/1024/1024,4) from
information_schema.tables group by table_schema;'
# Discover unoptimized MySQL tables and optimize them.
for table in $(echo "select concat(TABLE_SCHEMA, '.', TABLE_NAME) from
information_schema.TABLES where TABLE_SCHEMA NOT IN
('information_schema','mysql') and Data_free > 0" | mysql --skip-column-
names); do echo "optimize table ${table}" | mysql; done;
# Mysql extended status
mysqladmin -u root -p extended-status
# Backup all mysql databases to individual files on a remote server

18. Page 18
for I in $(mysql -e 'show databases' -u root --password=root -s --skip-
column-names); do mysqldump -u root --password=root $I | gzip -c | ssh
user@server.com "cat > /remote/$I.sql.gz"; done

19. Page 19
Ports
# Forensic tool to find hidden processes and ports
unhide (proc|sys|brute)
# Lists open ports
netstat -antuwp | egrep "(^[^t])|(^tcp.*LISTEN)"
# find an unused unprivileged TCP port
netstat -tan | awk '$1 == "tcp" && $4 ~ /:/ { port=$4; sub(/^[^:]+:/, "",
port); used[int(port)] = 1; } END { for (p = 32768; p <= 61000; ++p) if (! (p
in used)) { print p; exit(0); }; exit(1); }'
# Check if TCP port 25 is open
netstat -tln | grep :25
# Check if TCP port 25 is open
sudo lsof -iTCP:25 -sTCP:LISTEN
# find an unused unprivileged TCP port
netstat -atn | perl -0777 -ne '@ports = /tcp.*?:(d+)s+/imsg ; for $port
(32768..61000) {if(!grep(/^$port$/, @ports)) { print $port; last } }'
# tell if a port is in use
netstat -a --numeric-ports | grep 8321
# List open TCP/UDP ports
netstat -ltun
# Open Port Check
lsof -ni TCP
# list all opened ports on host
sudo lsof -P -i -n -sTCP:LISTEN
netstat -ant | grep LISTEN
# determine if tcp port is open
nmap -p 80 hostname
# For finding out if something is listening on a port and if so what the
daemon is.
fuser -n tcp {0..65535}
# List programs with open ports and connections
lsof -i
# Get list of servers with a specific port open
nmap -sT -p 80 -oG - 192.168.1.* | grep open
# List Listen Port by numbers
netstat -tlpn | sort -t: -k2 -n
# which process has a port open

20. Page 20
lsof -i :80
# Blink LED Port of NIC Card
ethtool -p eth0
# Show what PID is listening on port 80 on Linux
fuser -v 80/tcp
# Port Knocking!
knock <host> 3000 4000 5000 && ssh -p <port> user@host && knock <host> 5000
4000 3000
# which program is this port belongs to ?
lsof -i tcp:80
# List all open ports and their owning executables
lsof -i -P | grep -i "listen"
# Lists all listening ports together with the PID of the associated process
lsof -Pan -i tcp -i udp
# Detect Connections On Port - Android
netstat -lptu | grep -E "22.*ESTABLISHED" | cut -s -d ':' -f2 | awk '{print
$2}'
# Lists all listening ports together with the PID of the associated process
netstat -tunlp
# pid list by httpd listen port
lsof | awk '/*:https?/{print $2}' | sort -u
# start a tunnel from some machine's port 80 to your local post 2001
ssh -N -L2001:localhost:80 somemachine
# How to Kill Process that is Running on Certain Port in Windows?
netstat -a -o -n | grep 8080
# Get number of established sessions on a given port
netstat -anp | grep :80 | grep ESTABLISHED | wc -l
# whois surfing my web ?
watch lsof -i :80
# Displays All TCP and UDP Connections
sudo netstat|head -n2|tail -n1 && sudo netstat -a|grep udp && echo && sudo
netstat|head -n2|tail -n1 && sudo netstat -a|grep tcp

21. Page 21
File
# get size of a file
du -hs file-name
# tar the current directory wihtout the absolute path
tar -cf "../${PWD##*/}.tar" .
# Recursively search a directory tree for all .php .inc .html .htm .css .js
files for a certain string
find . -type f ( -name "*.js" -o -name "*.php" -o -name "*.inc" -o -name
"*.html" -o -name "*.htm" -o -name "*.css" ) -exec grep -il 'searchString'
{} ;
# find names of files ending in *log that have both foo and bar
grep -l bar *.log | xargs grep -l foo
# Make a directory named with the current date
mkdir `date --iso`
# Create a 100MB file for testing transfer speed
dd if=/dev/random of=bigfile bs=1024 count=102400
# ls only directories
ls -ad */
# replace strings in file names
rename 's/foo/bar/g' foobar
# List files opened by a PID
lsof -p 15857
# Find status of all symlinks
symlinks -r $(pwd)
# cleanup /tmp directory
find /tmp -type f -atime +1 -delete
# Remove Backup Files
find / -name *~ -delete

22. Page 22
# Find the 10 lusers winners of the "I take up the most disk space" award
du -sh /home/*|sort -rh|head -n 10
# Print total size of specified files and subdirectories
du -sk * | awk '{print $1} END {print "[+z1<y]synlyxnp"}' | dc
# Recursive remove files by mask
find . -name ".DS_Store" -print0 | xargs -0 rm -rf
# List only those files that has all uppercase letters in their names (e.g.
README)
ls | grep '^[A-Z0-9]*$'
# Get dimensions of an image.
identify path/to/image.jpg | awk '{print $3;}'
# Mount folder/filesystem through SSH
sshfs name@server:/path/to/folder /path/to/mount/point
# Show apps that use internet connection at the moment. (Multi-Language)
lsof -P -i -n
# Find Duplicate Files (based on size first, then MD5 hash)
find -not -empty -type f -printf "%sn" | sort -rn | uniq -d | xargs -I{} -n1
find -type f -size {}c -print0 | xargs -0 md5sum | sort | uniq -w32 --all-
repeated=separate
# Create a CD/DVD ISO image from disk.
readom dev=/dev/scd0 f=/path/to/image.iso
# replace spaces in filenames with underscores
rename 'y/ /_/' *
# Get the 10 biggest files/folders for the current direcotry
du -s * | sort -n | tail
# Mount a .iso file in UNIX/Linux
mount /path/to/file.iso /mnt/cdrom -oloop
# Sort the size usage of a directory tree by gigabytes, kilobytes, megabytes,
then bytes.
du -b --max-depth 1 | sort -nr | perl -pe 's{([0-9]+)}{sprintf "%.1f%s",
$1>=2**30? ($1/2**30, "G"): $1>=2**20? ($1/2**20, "M"): $1>=2**10? ($1/2**10,
"K"): ($1, "")}e'
# Recursively change permissions on files, leave directories alone.
find ./ -type f -exec chmod 644 {} ;
# Find files that have been modified on your system in the past 60 minutes
sudo find / -mmin 60 -type f
# ls not pattern
ls !(*.gz)
# Remove blank lines from a file using grep and save output to new file
grep . filename > newfilename

23. Page 23
# find all file larger than 500M
find / -type f -size +500M
# List all files opened by a particular command
lsof -c dhcpd
# Recover a deleted file
grep -a -B 25 -A 100 'some string in the file' /dev/sda1 > results.txt
# convert filenames in current directory to lowercase
rename 'y/A-Z/a-z/' *
# Find Duplicate Files (based on MD5 hash)
find -type f -exec md5sum '{}' ';' | sort | uniq --all-repeated=separate -w
33 | cut -c 35-
# Empty a file
truncate -s0 file
# Rename all .jpeg and .JPG files to have .jpg extension
rename 's/.jpe?g$/.jpg/i' *
# Convert all Flac in a directory to Mp3 using maximum quality variable
bitrate
for file in *.flac; do flac -cd "$file" | lame -q 0 --vbr-new -V 0 -
"${file%.flac}.mp3"; done
# List 10 largest directories in current directory
du -hs */ | sort -hr | head
# Count files beneath current directory (including subfolders)
find . -type f | wc -l
# move a lot of files over ssh
rsync -az /home/user/test user@sshServer:/tmp/
# Add prefix onto filenames
rename 's/^/prefix/' *
# Files extension change
rename .oldextension .newextension *.oldextension
# Convert camelCase to underscores (camel_case)
sed -r 's/([a-z]+)([A-Z][a-z]+)/1_l2/g' file.txt
# Create directory named after current date
mkdir $(date +%Y%m%d)
# Tail -f at your own pace
tail -fs 1 somefile
# Get the 10 biggest files/folders for the current direcotry
du -sk * |sort -rn |head
# List complete size of directories (do not consider hidden directories)
du -hs */

24. Page 24
# Recursively find top 20 largest files (> 1MB) sort human readable format
find . -mount -type f -printf "%k %pn" | sort -rg | cut -d -f 2- | xargs
-I {} du -sh {} | less
# Find the 10 users that take up the most disk space
sudo -s du -sm /Users/* | sort -nr | head -n 10
# Copy modification timestamp from one file to another.
touch -r "source_file" "destination_file"
# Top 15 processes with the largest number of open files
lsof +c 15 | awk '{print $1}' | sort | uniq -c | sort -rn | head
# LIST FILENAMES OF FILES CREATED TODAY IN CURRENT DIRECTORY
ls -l --time-style=+%Y-%m-%d | awk "/$(date +'%Y-%m-%d')/ {print $7}"
# count files by type
ls | tr [:upper:] [:lower:] | grep -oP '.[^.]+$' | sort | uniq -c | sort
# Create md5sum of a directory
find -name .git -prune -o -type f -exec md5sum {} ; | sort -k2 | md5sum
# Recursively search and replace old with new string, inside every instance
of filename.ext
find . -type f -name filename.exe -exec sed -i "s/oldstring/oldstring/g" {}
+;
# Print duplicate files
find . -type f -print0 | xargs -0 -n1 md5sum | sort -k 1,32 | uniq -w 32 -d -
-all-repeated=separate | sed -e 's/^[0-9a-f]* *//;'
# Find Duplicate Files (based on size first, then MD5 hash)
find . -type f -not -empty -printf "%-25s%pn"|sort -n|uniq -D -w25|cut -b26-
|xargs -d"n" -n1 md5sum|sed "s/ /x0/"|uniq -D -w32|awk -F"0"
'BEGIN{l="";}{if(l!=$1||l==""){printf "n%s0",$1}printf
"0%s",$2;l=$1}END{printf "n"}'|sed "/^$/d"
# List files and sizes
find / -type f -exec wc -c {} ; | sort -nr | head -100
# Print all open regular files sorted by the number of file handles open to
each.
lsof -a -d 1-99 -Fn / | grep ^n | cut -b2- | sort | uniq -c | sort -n
# underscore to camelCase
echo "hello_world" | sed -r 's/([a-z]+)_([a-z])([a-z]+)/1U2L3/'
# Copy a file over the network with 3 bounces
cat file.orig | ssh user1@host1 "ssh user2@host2 "ssh user3@server3 'cat
>file.dest'""
# Regex or
egrep expr1|expr2 file
# find all symlinks to a file
find / -lname path/to/foo.txt

25. Page 25
# sort a csv file according to a particular n th field numerically (quicker
than excel)
sort -t"," -n -k5 file.csv # according to the 5th field NUMERICALLY!!
# rename files (in this case pdfs) numerically in date order
find . -name "*.pdf" -print0 | xargs -r0 stat -c %y %n | sort|awk '{print
$4}'|gawk 'BEGIN{ a=1 }{ printf "mv %s %04d.pdfn", $0, a++ }' | bash
# Create multiple files in a single command
touch file{1,2,3,4,5}.sh
# Recursive chmod all *.sh files within the current directory
find ./ -name "*.sh" -exec chmod +x {} ;
# Find all the files more than 10MB, sort in descending order of size and
record the output of filenames and size in a text file.
find . -size +10240k -exec ls -l {} ; | awk '{ print $5,"",$9 }'|sort -rn >
message.out
# Show duplicate lines in a file
sort namesd.txt | uniq ?cd
# Remove security limitations from PDF documents using QPDF
qpdf --decrypt inputfile.pdf outputfile.pdf
# Archive all files that have not been modified in the last days
find /protocollo/paflow -type f -mtime +5 | xargs tar -cvf /var/dump-
protocollo/`date '+%d%m%Y'_archive.tar`
# Convert JSON to YAML
catmandu convert JSON to YAML < file.json > file.yaml

26. Page 26
Comics
# Use curl on Windows to bulk-download the Savitabhabhi Comic Strip (for
Adults)
for /L %%x in (1,1,16) do mkdir %%x & curl -R -e http://www.kirtu.com -o
%%x/#1.jpg http://www.kirtu.com/toon/content/sb%x/english/sb%x_en_[001-
070].jpg
# View the newest xkcd comic.
curl -s 'xkcd.com' | awk -F" '/^<img/{printf("<?xml
version="1.0"?>n<xkcd>n<item>n <title>%s</title>n
<comment>%s</comment>n <image>%s</image>n</item>n</xkcd>n", $6, $4, $2)}'
# View the newest xkcd comic.
xkcd() { wget -qO- http://xkcd.com/ | sed -n 's#^<img
src="(http://imgs.[^"]+)"s+title="(.+?)"salt.+$#eog "1"necho
'"'2'#p" | bash ; }
# Random Cyanide and Happiness comics from explosm.net
cyanide(){ display "$(wget -q http://explosm.net/comics/random/ -O - | grep -
Po 'http://www.explosm.net/db/files/Comics/*/[^"]+(png|jpg|jpeg)')"; }
Other Fun
# Rickroll your users when they sudo (doesn't work if ssh to MGTI but
really funny if you set it to play "I'm looking at porn over here!"
very loudly...
Also. Must be in correct directory...find .bash_aliases
echo "alias sudo="aplay annoyingsoundfile.ogg"" >> .bash_aliases