This is how I typically grep. -R recurse into subdirectories, -n show line numbers of matches, -i ignore case, -s suppress "doesn't exist" and "can't read" messages, -I ignore binary files (technically, process them as having no matches, important for showing inverted results with -v) I have grep aliased to "grep --color=auto" as well, but that's a matter of formatting not function.
grep searches through a file and prints out all the lines that match some pattern. Here, the pattern is some string that is known to be in the deleted file. The more specific this string can be, the better. The file being searched by grep (/dev/sda1) is the partition of the hard drive the deleted file used to reside in. The ?-a? flag tells grep to treat the hard drive partition, which is actually a binary file, as text. Since recovering the entire file would be nice instead of just the lines that are already known, context control is used. The flags ?-B 25 -A 100? tell grep to print out 25 lines before a match and 100 lines after a match. Be conservative with estimates on these numbers to ensure the entire file is included (when in doubt, guess bigger numbers). Excess data is easy to trim out of results, but if you find yourself with a truncated or incomplete file, you need to do this all over again. Finally, the ?> results.txt? instructs the computer to store the output of grep in a file called results.txt. Source: http://spin.atomicobject.com/2010/08/18/undelete?utm_source=y-combinator&utm_medium=social-media&utm_campaign=technical
This helped me find a botnet that had made into my system. Of course, this is not a foolproof or guarantied way to find all of them or even most of them. But it helped me find it.
-P activates the Perl regular expression mode.
This is very helpful to place in a shell startup file and will make grep use those options all the time. This example is nice as it won't show those warning messages, skips devices like fifos and pipes, and ignores case by default.
Tired copy paste to get opcode from objdump huh ? Get more @ http://gunslingerc0de.wordpress.com Show Sample Output
When working with jailed environments you need to copy all the shared libraries to your jail environment. This is done by running ldd on a binary which needs to run inside the jail. This command will use the output from ldd to automatically copy the shared libraries to a folder of your choice. Show Sample Output
Anyone can make the command smaller & easier? :) Show Sample Output
Skype has an internal regex which depicts the emoticons it supports. However you cannot simply search the binary file for it. This small 181 character line will do just that, provided skype is running. And of course, only works in linux. Show Sample Output
Output is from Debian Lenny Show Sample Output
Please note that binary file checking is NOT perfect. So, use it with caution. It does not delete hidden files whose name has a leading '.' character. And it regards an empty file as a binary file.
options: -n line nbrs, -i ignore case, -s no "doesn't exist", -I ignore binary args: * for all files of current dir (not hidden), .[!.]* for all hidden files I don't include by default the -R (recursive) option, which is not always useful. You add it by hand when needed.
accomplishes the same thing without unzipping the whole file, and while i have never seen a log.tar.gz file that was a binary, i will concede that it might happen, so add the -a in there:
zgrep -ia "string" log.tar.gz
it's still shorter/easier to type...
Better than the others, and actually works unlike some of them. Show Sample Output
Getting shellcode from ARM binaries - @OsandaMalith Show Sample Output
List all text files in the current directory.
first off, if you just want a random UUID, here's the actual command to use:
uuidgen
Your chances of finding a duplicate after running this nonstop for a year are about the same as being hit by a meteorite before finishing this sentence
The reason for the command I have is that it's more provably unique than the one that uuidgen creates. uuidgen creates a random one by default, or an unencrypted one based on time and network address if you give it the -t option.
Mine uses the mac address of the ethernet interface, the process id of the caller, and the system time down to nanosecond resolution, which is provably unique over all computers past, present, and future, subject to collisions in the cryptographic hash used, and the uniqueness of your mac address.
Warning: feel free to experiment, but be warned that the stdin of the hash is binary data at that point, which may mess up your terminal if you don't pipe it into something. If it does mess up though, just type
reset
Show Sample Output
Where ^M is entered by ctrl-v-m (v then m). Especially useful on cygwin when checking into a version control system. If you're not using all cygwin tools (e.g. strawberry perl instead of cygwin perl) you'll find yourself dealing with this constantly. -U tells grep to process the file as binary; it needs this to work -I ignores binary files so you won't get false positives -l only prints the filename instead of the offending lines -r recursive
This command produces no output, but its exit status is 0 ("true") if $file is text, non-0 ("false") if $file is binary (or is not accessible).
Explanation:
-q suppresses all the output of grep
-I is the trick: if a binary file is found, it is considered a non-match
-m 1: limit "output" to first match (speed up for big files)
.: the match string, "." stands for any character
Usage: e.g. run editor only on text files
grep -qIm 1 . $file && vi $file
The -a option in -aEio tells grep to treat binary files as text files. Show Sample Output
Extracts the binary from the .text section and escapes it. This puts it in a form ready to use in a program. Show Sample Output
Seems to work on Ubuntu 14.02 LTS Show Sample Output
commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.
Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.
» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10
Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):
Subscribe to the feed for: