Hide

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.


If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Hide

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

Hide

News

2011-03-12 - Confoo 2011 presentation
Slides are available from the commandlinefu presentation at Confoo 2011: http://presentations.codeinthehole.com/confoo2011/
2011-01-04 - Moderation now required for new commands
To try and put and end to the spamming, new commands require moderation before they will appear on the site.
2010-12-27 - Apologies for not banning the trolls sooner
Have been away from the interwebs over Christmas. Will be more vigilant henceforth.
2010-09-24 - OAuth and pagination problems fixed
Apologies for the delay in getting Twitter's OAuth supported. Annoying pagination gremlin also fixed.
Hide

Tags

Hide

Functions

Commands tagged grep from sorted by
Terminal - Commands tagged grep - 346 results
dpkg-query -Wf '${Installed-Size}\t${Status}\t${Package}\n' | sort -n | grep installed
wget -q -O- http://example-podcast-feed.com/rss | grep -o "<enclosure[ -~][^>]*" | grep -o "http://[ -~][^\"]*" | xargs wget -c
2013-09-24 12:38:08
User: talha131
Functions: grep wget xargs
0

This script can be used to download enclosed files from a RSS feed. For example, it can be used to download mp3 files from a podcasts RSS feed.

for i in `ip addr show dev eth1 | grep inet | awk '{print $2}' | cut -d/ -f1`; do echo -n $i; echo -en '\t'; host $i | awk '{print $5}'; done
function colorize() { c="--line-buffered --color=yes"; GREP_COLORS="mt=01;34" egrep $c '(^| 200 | 304 )' "${@}" | GREP_COLORS="mt=02;31" egrep $c '(^|"(GET|POST) .*[^0-9] 4[0-1][0-9] )' | GREP_COLORS="ms=02;37" egrep $c '(^|^[0-9\.]+) ';}
2013-08-14 21:05:34
User: mogsie
Functions: egrep
1

Puts a splash of color in your access logs. IP addresses are gray, 200 and 304 are green, all 4xx errors are red. Works well with e.g. "colorize access_log | less -R" if you want to see your colors while paging.

Use as inspiration for other things you might be tailing, like syslog or vmstat

Usage:

tail -f access.log | colorize
psgrep() { ps aux | tee >(head -1>&2) | grep -v " grep $@" | grep "$@" -i --color=auto; }
2013-08-02 12:44:32
User: fnl
Functions: grep head ps tee
Tags: grep ps
0

Pipes the header row of ps to STDERR, then greps for the command on the output of ps, removing the grep entry before that.

for fil in *.JPG; do datepath="$(identify -verbose $fil | grep DateTimeOri | awk '{print $2"_"$3 }' | sed s%:%_%g)"; mv -v $fil $datepath.jpg; done
2013-08-02 01:42:04
Functions: mv
0

Requires ImageMagick.

Extracts date taken from image and renames it properly.

Based on StackOverflow answer.

pgrep -lf
curl -s $1 | grep -o -i '<a href="//images.4chan.org/[^>]*>' | sed -r 's%.*"//([^"]*)".*%\1%' | xargs wget
2013-07-22 10:33:55
User: bugmenot
Functions: grep xargs
1

first grep all href images then sed the url part then wget

ps aux | grep $(echo $1 | sed "s/^\(.\)/[\1]/g")
2013-07-16 10:10:51
User: opexxx
Functions: echo grep ps sed
Tags: sed grep ps
1

grep по ps aux

grep -aEio '([[:alnum:]_.-\+\-]+@[[:alnum:]_.-]+?\.[[:alpha:].]{2,6})'
2013-06-23 21:52:14
User: binarynomad
Functions: grep
Tags: grep email
1

This will catch most separators in the section of the email:

dot .

dash -

underscore _

plus + (added for gmail)

... and the basic dash '-' of host names.

for i in *.pdf; do echo --------$i-------; echo; pdftotext $i - | grep -i Yourpattern; done
2013-05-22 05:36:06
User: fangfufu
Functions: echo grep
Tags: grep pdf
0

This command is useful for searching through a whole folder worth of pdf files.

svn info | grep ^URL | awk -F\/ '{print $NF}'
grep -A 3 -i "example" demo_text
ps -A -o rss,command | grep [C]hrome | awk '{sum+=$1} END {printf("%sMB\n",sum/1024)}'
cat $HISTFILE | grep command
history | tail -100 | grep cmd
2013-04-22 03:49:43
User: datamining
Functions: grep tail
0

this also can find the old command you used before

cat .bash_history | tail -100 | grep {command}
2013-04-10 10:40:52
User: techie
Functions: cat grep tail
-9

I know how hard it is to find an old command running through all the files because you couldn't remember for your life what it was. Heres the solution!! Grep the history for it. depending on how old the command you can head or tail or if you wanted to search all because you cannot think how long ago it was then miss out the middle part of the command. This is a very easy and effective way to find that command you are looking for.

for ii in $(find /path/to/docroot -type f -name \*.php); do echo $ii; wc -lc $ii | awk '{ nr=$2/($1 + 1); printf("%d\n",nr); }'; done
2013-04-05 19:06:17
Functions: awk echo find wc
0

I have found that base64 encoded webshells and the like contain lots of data but hardly any newlines due to the formatting of their payloads. Checking the "width" will not catch everything, but then again, this is a fuzzy problem that relies on broad generalizations and heuristics that are never going to be perfect.

What I have done is set an arbitrary threshold (200 for example) and compare the values that are produced by this script, only displaying those above the threshold. One webshell I tested this on scored 5000+ so I know it works for at least one piece of malware.

find ./public_html/ -name \*.php -exec grep -HRnDskip "\(passthru\|shell_exec\|system\|phpinfo\|base64_decode\|chmod\|mkdir\|fopen\|fclose\|readfile\) *(" {} \;
2013-04-03 12:42:19
User: lpanebr
Functions: find grep
0

Searched strings:

passthru, shell_exec, system, phpinfo, base64_decode, chmod, mkdir, fopen, fclose, readfile

Since some of the strings may occur in normal text or legitimately you will need to adjust the command or the entire regex to suit your needs.

lsof -i -n | grep ESTABLISHED
2013-04-03 09:14:09
User: techie
Functions: grep
2

Fast and easy way to find all established tcp connections without using the netstat command.

egrep -v "(^#|^\b*$)"
grep -Fvxf $(file1) $(file2) | wc -l
lsof -i -P +c 0 +M | grep -i "$1"
netstat -an | grep --color -i -E 'listen|listening'
find /some/path -type f -printf '%f\n' | grep -o '\..\+$' | sort | uniq -c | sort -rn
2013-03-18 14:42:29
User: skkzsh
Functions: find grep sort uniq
2

Get the longest match of file extension (Ex. For 'foo.tar.gz', you get '.tar.gz' instead of '.gz')