What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

UpGuard checks and validates configurations for every major OS, network device, and cloud provider.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:



May 19, 2015 - A Look At The New Commandlinefu
I've put together a short writeup on what kind of newness you can expect from the next iteration of clfu. Check it out here.
March 2, 2015 - New Management
I'm Jon, I'll be maintaining and improving clfu. Thanks to David for building such a great resource!

Top Tags



All commands from sorted by
Terminal - All commands - 12,422 results
[ -n "$REMOTE_USER" ] || read -p "Remote User: " -er -i "$LOGNAME" REMOTE_USER
2015-10-30 17:08:17
User: pdxdoughnut
Functions: read
Tags: read input

The read command reads input and puts it into a variable. With -i you set an initial value. In this case I used a known environment variable.

sudo -E rpm -Uvh "http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm"
2015-10-29 14:06:48
User: zlemini
Functions: rpm sudo

In this case the current user has proxy variable set which allows access to the rpm on the internet but needs root privs to install it.

Running sudo -E preserves the current user proxy var and allows the rpm install to be executed with sudo.

find / -name \*.php -exec grep -Hn .1.=.......0.=.......3.=.......2.=.......5.= {} \;
2015-10-28 20:58:53
User: UnklAdM
Functions: find grep

If this matches any files on your web server expect to find allot of malware spread throughout your server folders. Seems to target wordpress sites. Be sure to check your themes/theme-name/header.php files manually for various redirect scripting usually in the line right above the close head tag.

Good luck!

find / -name \*.php -exec grep -Hn preg_replace {} \;|grep /e|grep POST
rename 's/ //g' *
ls -1 | while read a; do mv "$a" `echo $a | sed -e 's/\ //g'`; done
grep -Pooh .*t..r,.* /etc/init.d/*
2015-10-23 17:35:28
User: drewbenn
Functions: grep

Someone quoted Pooh in an init script. Let's see it!

(Probably only works on Debian & friends)

debsecan --format detail
2015-10-22 18:46:41
User: pdxdoughnut

You can search for CVEs at https://security-tracker.debian.org/tracker/ or use --report to get full links. This can be added to cron, but unless you're going to do manual patches, you'd just be torturing yourself.

bar() { foo=$(ls -rt|tail -1) && read -ep "cat $foo? <y/n> " a && [[ $a != "n" ]] && eval "cat $foo" ;}
2015-10-21 20:09:33
User: knoppix5
Functions: eval ls read tail

This command will display the file, but you can change 'cat' to anything else

(type 'n' when prompted to cancel the command or anything else to proceed).


Some hints for newbies:


unset bar

to make 'bar' function annihilated.

For permanent usage you can put this (bar) function in your .bashrc (for bash) or in .profile (for sh).


. ~/.bashrc

you can get all new inserted functions in .bashrc (so the function 'bar'

or whatever name you choose) immediately available.

tcpdump -i eth1 -s0 -v -w /tmp/capture_`date +%d_%m_%Y__%H_%I_%S`.pcap
tcpdump -i eth1 -s0 -v -w /tmp/capture.pcap
2015-10-21 09:14:26
User: erez83
Functions: tcpdump

capture trafic for wireshark from spesific eth interface

echo ${IP} | sed "s/[0-9\.]//g"
2015-10-19 18:20:03
User: andregyn62
Functions: echo sed

This command validates if exist any character different in 0-255 and dot.

If any characters different is typed the error menssage is showing.

echo $IP | egrep '^(([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$'
echo "obase=2;$((($(date +%s)-$(date +%s -d YYYY-MM-DD))/86400))" | bc
2015-10-19 15:40:32
User: flatcap
Functions: echo

Print out your age in days in binary.

Today's my binary birthday, I'm 2^14 days old :-)


This command does bash arithmatic $(( )) on two dates:

Today: $(date +%s)

Date of birth: $(date +%s -d YYYY-MM-DD)

The dates are expressed as the number of seconds since the Unix epoch (Jan 1970),

so we devide the difference by 86400 (seconds per day).


Finally we pipe "obase=2; DAYS-OLD" into bc to convert to binary.

(obase == output base)

D="$(date "+%F %T.%N")"; [COMMAND]; find . -newermt "$D"
2015-10-15 21:09:54
User: flatcap
Functions: find

Often you run a command, but afterwards you're not quite sure what it did.

By adding this prefix/suffix around [COMMAND], you can list any files that were modified.


Take a nanosecond timestamp: YYYY-MM-DD HH:MM:SS.NNNNNNNNN

date "+%F %T.%N"


Find any files that have been modified since that timestamp:

find . -newermt "$D"


This command currently only searches below the current directory.

If you want to look elsewhere change the find parameter, e.g.

find /var/log . -newermt "$D"
touch .tardis; the command ; find . -newer .tardis; rm .tardis;
2015-10-15 19:18:54
User: BeniBela
Functions: command find rm touch

This lists all files modified after calling some command using a temporal anchor.

# journalctl -u sshd --no-pager # display sshd log entries
2015-10-15 08:48:47
User: mpb
Functions: sshd

In pre-systemd systems, something like: "# grep sshd /var/log/messages" would display log events in /var/log/messages containing "sshd".

# journalctl -u sshd --no-pager

The above command displays similar results for systemd systems.

(Note that this needs to be run with root permissions to access the log data.)

unzip -l files.zip
2015-10-15 07:07:42
User: erez83

View files in ZIP archive

unzip -l files.zip

unzip -j "myarchive.zip" "in/archive/file.txt" -d "/path/to/unzip/to"
2015-10-15 07:06:19
User: erez83

Extract only a specific file from a zipped archive to a given directory

unzip -j "myarchive.zip" "in/archive/file.txt" -d "/path/to/unzip/to"

unzip /surce/file.zip -d /dest/
bg; jobs; fg
2015-10-14 17:33:25
User: djangofan
Functions: bg


# suspend process


# background process


# list all backgrounded jobs


# bring it back to foreground


ssh(){ L="\$HOME/logs/$(date +%F_%H:%M)-$USER";/usr/bin/ssh -t "[email protected]" "mkdir -p \"${L%/*}\";screen -xRRS $USER script -f \"$L\"";}
2015-10-14 13:14:29
User: flatcap
Functions: ssh

A wrapper around ssh to automatically provide logging and session handling.

This function runs ssh, which runs screen, which runs script.


The logs and the screen session are stored on the server.

This means you can leave a session running and re-attach to it later, or from another machine.




* Log sessions on a remote server

* Transparent - nothing extra to type

* No installation - nothing to copy to the server beforehand



* Function wrapper delegating to ssh

- so nothing to remember

- uses .ssh/config as expected

- passes your command line option to ssh

* Self-contained: no scripts to install on the server

* Uses screen(1), so is:

- detachable

- re-attachable

- shareable

* Records session using script(1)

* Configurable log file location, which may contain variables or whitespace

L="$HOME" # local variable

L="\$HOME" # server variable

L="some space"



* Log dir/file may not contain '~' (which would require eval on the server)



The sessions are named by the local user connecting to the server.

Therefore if you detach and re-run the same command you will reconnect to your original session.

If you want to connect/share another's session simply run:

USER=bob ssh [email protected]


The command above is stripped down to an absolute minimum.

A fully expanded and annotated version is available as a Gist (git pastebin):



If you want to add timing info to script, change the command to:

ssh(){ L="\$HOME/logs/$(date +%F_%H:%M)-$USER";/usr/bin/ssh -t "[email protected]" "mkdir -p \"${L%/*}\";screen -xRRS $USER script --timing=\"$L-timing\" -f \"$L\"";}
cat *.jpg | ffmpeg -f image2pipe -r 1 -vcodec mjpeg -i - -vcodec libx264 out.mp4
wget -O - http://list.iblocklist.com/\?list\=ydxerpxkpcfqjaybcssw\&fileformat\=p2p\&archiveformat\=gz | gunzip > ~/ipfilter.p2p
2015-10-11 13:04:08
User: lordtoran
Functions: gunzip wget

Downloads Bluetack's level 1 IP blocklist in .p2p format, suitable for various Bittorrent clients.

adb shell screencap -p | sed 's/\r$//' > FILENAME.PNG