I have found that base64 encoded webshells and the like contain lots of data but hardly any newlines due to the formatting of their payloads. Checking the "width" will not catch everything, but then again, this is a fuzzy problem that relies on broad generalizations and heuristics that are never going to be perfect. What I have done is set an arbitrary threshold (200 for example) and compare the values that are produced by this script, only displaying those above the threshold. One webshell I tested this on scored 5000+ so I know it works for at least one piece of malware.
this also can find the old command you used before
This command is useful for searching through a whole folder worth of pdf files. Show Sample Output
Requires ImageMagick. Extracts date taken from image and renames it properly. Based on StackOverflow answer. Show Sample Output
Pipes the header row of ps to STDERR, then greps for the command on the output of ps, removing the grep entry before that. Show Sample Output
This script can be used to download enclosed files from a RSS feed. For example, it can be used to download mp3 files from a podcasts RSS feed. Show Sample Output
-c will count the number of times your search matches in the file. Show Sample Output
Maps block devices to the PCIe nodes
This will highlight (with a box over it) any changes since the last refresh.
Using "wmic get * /value" within any Cygwin shell will return lots of Win/Dos newline junk ie "^M$" at the end of found value line, two lines ("$" Unix newline) above, and three below. This makes storing and or evaluating wmic queries as variables a pain. The method i suggest strips the mentioned junk, only returns the value after "OSArchitecture=", and includes only one Unix style newline. Other methods using sed|awk|cut can only handle the output of wmic cleanly when piped or using multiple sed statements.
wmic OS get OSArchitecture /value | sed 's/\r//g;s/^M$//;/^$/d;s/.*=//'
making
wmic OS get OSArchitecture /value | grep -Eo '[^=]*$'
a much cleaner and slightly less costly alternative.
Show Sample Output
Grep can search files and directories recursively. Using the -Z option and xargs -0 you can get all results on one line with escaped spaces, suitable for other commands like rm. Show Sample Output
Just pulls a quote for each day and displays it in a notification bubble...
or you can change it a bit and just have it run in the terminal
wget -q -O "quote" https://www.goodreads.com/quotes_of_the_day;echo "Quote of the Day";cat quote | grep '“\|/author/show' | sed -e 's/<[a-zA-Z\/][^>]*>//g' | sed 's/“//g' | sed 's/”//g'; rm -f quote
Show Sample Output
Original command: cat "log" | grep "text to grep" | awk '{print $1}' | sort -n | uniq -c | sort -rn | head -n 100 This is a waste of multiple cats and greps, esp when awk is being used
This shows the the filenames of tail output in color. Helpful if you have many log files to tail
Outputs / monitors the content of the LOG_FILE , which matches the SEARCH_STR. The output is cutted by spaces (as delimiter) starting from column 7 till the end.
Replace "Oct 2" in the first grep pattern to be the date to view branch work from Show Sample Output
Using egrep to search multiple patterns. Show Sample Output
commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.
Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.
» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10
Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):
Subscribe to the feed for: