Hide

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

OpenID
or
Sign in Register

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Hide

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

Hide

News

2011-03-12 - Confoo 2011 presentation
Slides are available from the commandlinefu presentation at Confoo 2011: http://presentations.codeinthehole.com/confoo2011/
2011-01-04 - Moderation now required for new commands
To try and put and end to the spamming, new commands require moderation before they will appear on the site.
2010-12-27 - Apologies for not banning the trolls sooner
Have been away from the interwebs over Christmas. Will be more vigilant henceforth.
2010-09-24 - OAuth and pagination problems fixed
Apologies for the delay in getting Twitter's OAuth supported. Annoying pagination gremlin also fixed.
Hide

Tags

Hide

Functions

Hide

Credits

Site by David Winterbottom (user root).

All commands

All commands from sorted by
Terminal - All commands - 10,552 results
netstat -antu | awk '$5 ~ /[0-9]:/{split($5, a, ":"); ips[a[1]]++} END {for (ip in ips) print ips[ip], ip | "sort -k1 -nr"}'
2013-04-09 03:24:43
User: 4Aiur
Functions: awk netstat
Tags: netstat connections
0
Up
Down
Show number of connections per remote IP
Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
while :; do n=$(md5 myfile); if [ "$h" != "$n" ]; then h=$n; scp myfile myserver:mydir/myfile; fi; sleep 1; done
2013-04-08 22:23:17
User: MagisterQuis
Functions: scp sleep
1
Up
Down
Run a command when a file is changed
Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
netstat -antu | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -n
2013-04-08 19:46:41
User: wejn
Functions: awk netstat sort uniq
Tags: netstat connections
-1
Up
Down
Show number of connections per remote IP

Output contains also garbage (text parts from netstat's output) but it's good enough for quick check who's overloading your server.

Comments (4) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
tb send xmpp:user.name@gmail.com
2013-04-08 00:29:43
User: unixmonkey52862
Tags: terminal script share mkfifo
-1
Up
Down
Share your terminal session real-time

After installing Termbeamer (see termbeamer.com) you can use it to share a terminal session with one or more others even from behind a firewall or NAT.

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
lftp -e 'pget http://address_to_file; exit; '
2013-04-07 03:29:07
User: o0110o
Functions: lftp
1
Up
Down
Internet Speed Test

Make sure the file you use in your test is > 50mb to get good results.

Dependancies:

sudo apt-get install lftp iperf

Show sample output | Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
apt-get install phpmyadmin; echo "Include /etc/phpmyadmin/apache.conf" >> /etc/apache2/apache2.conf; service apache2 restart
2013-04-06 16:20:55
User: ZEROF
Functions: apt echo install
0
Up
Down
Install phpmyadmin in Debian 6

This command will install phpmyadmin, set apache2 server and restart apache2. After running this command you can open phpmyadmin on http://yoursite.com/phpmyadmin

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
ls
2013-04-06 14:23:25
User: wadi077
Functions: ls
-1
Up
Down
ps with parent/child process tree
Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
qpdf --decrypt inputfile.pdf outputfile.pdf
2013-04-06 10:20:09
User: em
Tags: pdf protect unlock qpdf
2
Up
Down
Remove security limitations from PDF documents using QPDF

Remove security restrictions from PDF documents using this very simple command on Linux and OSX. You need QPDF installed (http://qpdf.sourceforge.net/) for this to work.

Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
curl -s -u $USERNAME -X POST -d "track=obama,barack" https://stream.twitter.com/1.1/statuses/filter.json -o twitter-stream.out
2013-04-06 08:56:05
User: themiurgo
Tags: twitter twitter stream feed
0
Up
Down
Dump filtered twitter stream to a file

Dump all the tweets with the keyword "obama" or "barack", in json format, to a file.

If you want you can provide the password directly on the line:

curl -s -u $USERNAME:$PASSWORD -X POST -d "track=obama,barack" https://stream.twitter.com/1.1/statuses/filter.json -o twitter-stream.out
Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
grep -E/egrep 'word1.*word2|word2.*word1' "$@"
2013-04-06 04:07:30
User: glancesx
Functions: grep
0
Up
Down
grep 2 words existing on the same line
Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
zmv '(*.*)(.*)' '${1//./_}$2'
2013-04-06 01:57:34
User: khayyam
Tags: zsh
0
Up
Down
replace dots in filenames with dashes

Example of zsh globbing and parameter expansion.

(*.*)(.*) ... the pattern we want to act on, a period followed by a string and then period, we split the pattern into two sections which will become $1, the first part of the match, and $2, second

{1//./_}$2 ... the parameter expansion for $1 with a string substitution, followed by the match $2, the second part of the pattern.
Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
while [ 1 ]; do (ping -c 1 google.com || growlnotify -m 'ur wifiz, it has teh sad'); sleep 10; done
2013-04-06 00:47:31
User: noah
Functions: ping sleep
0
Up
Down
Pop up a Growl alert if Amtrak wifi doesn't know where to find The Google
Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
find . -name *js -type f | xargs yardstick | sort -k6 -n
2013-04-06 00:19:46
User: noah
Functions: find sort xargs
Tags: javascript yardstick static-analysis comments
0
Up
Down
Yardstick static analysis report sorted by which JavaScript files have the highest ratio of comments to code.

The number on the far right is ratio of comments to code, expressed as a percentage. For the rest of the Yardstick documentation see https://github.com/calmh/yardstick/blob/master/README.md#reported-metrics

Show sample output | Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
dbus-send --system --print-reply --dest=org.freedesktop.ConsoleKit /org/freedesktop/ConsoleKit/Manager org.freedesktop.ConsoleKit.Manager.Restart
2013-04-05 20:23:55
User: nour
1
Up
Down
Reboot without being root

For more, See: https://github.com/noureddin/bash-scripts/blob/master/user_scripts/userpower

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
for ii in $(find /path/to/docroot -type f -name \*.php); do echo $ii; wc -lc $ii | awk '{ nr=$2/($1 + 1); printf("%d\n",nr); }'; done
2013-04-05 19:06:17
User: faceinthecrowd
Functions: awk echo find wc
Tags: Security find grep PHP sysadmin malicious
0
Up
Down
find potentially malicious PHP commands used in backdoors and aliked scripts

I have found that base64 encoded webshells and the like contain lots of data but hardly any newlines due to the formatting of their payloads. Checking the "width" will not catch everything, but then again, this is a fuzzy problem that relies on broad generalizations and heuristics that are never going to be perfect.

What I have done is set an arbitrary threshold (200 for example) and compare the values that are produced by this script, only displaying those above the threshold. One webshell I tested this on scored 5000+ so I know it works for at least one piece of malware.

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
man <COMMAND>
2013-04-05 16:08:01
User: gruesome_twosome
Functions: man
-3
Up
Down
Get some useful Information

Just type man and the name of the command you want information on followed by enter.. POW!!! there you have all you need to know on the subject.

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
setenforce 0
2013-04-05 15:38:05
User: techie
Tags: selinux
-6
Up
Down
Turn off SE Linux

This will turn off SE Linux

Comments (3) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
shutdown now -r
2013-04-05 15:28:55
User: techie
Functions: shutdown
-20
Up
Down
Reboot

Reboot

Comments (7) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
function google { Q="$@"; GOOG_URL='https://www.google.de/search?tbs=li:1&q='; AGENT="Mozilla/4.0"; stream=$(curl -A "$AGENT" -skLm 10 "${GOOG_URL}${Q//\ /+}" | grep -oP '\/url\?q=.+?&amp' | sed 's|/url?q=||; s|&amp||'); echo -e "${stream//\%/\x}"; }
2013-04-05 08:04:15
User: michelsberg
Functions: echo grep sed
Tags: google
8
Up
Down
Google verbatim search on your terminal

Put it in your ~/.bashrc

usage:

google word1 word2 word3...

google '"this search gets quoted"'

Show sample output | Comments (4) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
function :h { vim +":h $1" +'wincmd o' +'nnoremap q :q!<CR>' ;}
2013-04-04 08:12:28
User: Bonster
Functions: vim
-1
Up
Down
call vim help page from shell prompt

simple function i found somewhere to open vim help page from the shell

use :h like you would in vim

Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
ls -R | grep ":$" | sed -e 's/:$//' -e 's/[^-][^\/]*\//--/g' -e 's/^/ /' -e 's/-/|/'
2013-04-04 05:08:54
User: checarsner
Functions: grep ls sed
0
Up
Down
Graphically display directory structure

A way to display directory structure

Show sample output | Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
cat /sys/block/md1/holders/dm*/dm/name | awk -F- '{print $1}' | sort -u
2013-04-03 18:01:16
User: hufman
Functions: awk cat sort
0
Up
Down
Find LVM Volume Group name for a block device
Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
cat /sys/block/{*,*/*}/holders/dm*/dm/name | awk -F- '{print $1}' | sort -u
2013-04-03 18:00:39
User: hufman
Functions: awk cat sort
0
Up
Down
List LVM Volume Groups as an unprivileged user
Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
for times in $(seq 10) ; do puppet agent -t && break ; done
2013-04-03 14:24:36
User: funollet
Functions: break seq times
Tags: seq for break repeat puppet
-1
Up
Down
Rerun a command until there are no changes, but no more than N times.

The example runs 'puppet' in a loop for 10 times, but exits the loop before if it returns 0 (that means "no changes on last run" for puppet).

Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate
find ./public_html/ -name \*.php -exec grep -HRnDskip "\(passthru\|shell_exec\|system\|phpinfo\|base64_decode\|chmod\|mkdir\|fopen\|fclose\|readfile\) *(" {} \;
2013-04-03 12:42:19
User: lpanebr
Functions: find grep
Tags: Security find grep PHP sysadmin malicious
0
Up
Down
find potentially malicious PHP commands used in backdoors and aliked scripts

Searched strings:

passthru, shell_exec, system, phpinfo, base64_decode, chmod, mkdir, fopen, fclose, readfile

Since some of the strings may occur in normal text or legitimately you will need to adjust the command or the entire regex to suit your needs.

Comments (1) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate