commandlinefu.com is the place to record those command-line gems that you return to again and again.
Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.
If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/
You can sign-in using OpenID credentials, or register a traditional username and password.
First-time OpenID users will be automatically assigned a username which can be changed after signing in.
Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.
Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):
Subscribe to the feed for:
To decrypt: openssl aes-256-cbc -d -in secrets.txt.enc -out secrets.txt.new
Optional parameter -a makes output base64 encoded, can be viewed in text editor or pasted in email
Create an AES256 encrypted and compressed tar archive.
User is prompted to enter the password.
openssl enc -d -aes256 -in <file> | tar --extract --file - --gzip
At times you will need to safeguard your files. Use OpenSSL's native rc4 encryption to do so.
'nopad' removes padding and 'nosalt' removes random salt being added to the file.
Strip a password from a openssl key to use with apache httpd server
regenerateCSR original.crt new.key new.csr
This will create, in the current directory, a file called 'pk.pem' containing an unencrypted 2048-bit RSA private key and a file called 'cert.pem' containing a certificate signed by 'pk.pem'. The private key file will have mode 600.
!!ATTENTION!! ==> this command will overwrite both files if present.
Another option is openssl.
No need to install yet another program when openssl is already installed. :-)
macchanger will allow you to change either 1) mfg code, 2) host id, or 3) all of the above. Use this at wifi hotspots to help reduce profiling.
Use the following variation for FreeBSD:
openssl rand 6 | xxd -p | sed 's/\(..\)/\1:/g; s/:$//'
Finds all cert files on a server and lists them, finding out, which one is a symbolic link and which is true.
You want to do this when a certificate expires and you want to know which files to substitute with the new cert.
I have a mac, and do not want to install mac ports to get the base64 binary. Using openssl will do the trick just fine. Note, to decode base64, specify a '-d' after 'base64' in the command. Note also the files base64.decoded.txt and base64.encoded.txt are text files.
eliminates "l" and "o" characters change length by changing 'x' here: cut -c 1-x
"That command will encrypt the unencrypted-data.tar file with the password you choose and output the result to encrypted-data.tar.des3. To unlock the encrypted file, use the following command:"
openssl des3 -d -salt -in encrypted-data.tar.des3 -out unencrypted-data.tar
Allows you to connect to an SMTP server over TLS, which is useful for debugging SMTP sessions. (Much like telnet to 25/tcp). Once connected you can manually issue SMTP commands in the clear (e.g. EHLO)
A quick and simple way of outputting the start and end date of a certificate, you can simply use 'openssl x509 -in xxxxxx.crt -noout -enddate' to output the end date (ex. notAfter=Feb 01 11:30:32 2009 GMT) and with the date command you format the output to an ISO format.
For the start date use the switch -startdate and for end date use -enddate.
command to decrypt:
openssl enc -aes-256-cbc -d < secret.tar.enc | tar x
Of course, don't forget to rm the original files ;) You may also want to look at the openssl docs for more options.
When you don't have c_rehash handy. Really simple - if you have a .pem file that doesn't really contain a x509 cert (let's say, newreq.pem), it will create a link, simply called '.0', pointing to that file.