What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

UpGuard checks and validates configurations for every major OS, network device, and cloud provider.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:



May 19, 2015 - A Look At The New Commandlinefu
I've put together a short writeup on what kind of newness you can expect from the next iteration of clfu. Check it out here.
March 2, 2015 - New Management
I'm Jon, I'll be maintaining and improving clfu. Thanks to David for building such a great resource!

Top Tags



Commands tagged PHP from sorted by
Terminal - Commands tagged PHP - 36 results
find / -name \*.php -exec grep -Hn .1.=.......0.=.......3.=.......2.=.......5.= {} \;
2015-10-28 20:58:53
User: UnklAdM
Functions: find grep

If this matches any files on your web server expect to find allot of malware spread throughout your server folders. Seems to target wordpress sites. Be sure to check your themes/theme-name/header.php files manually for various redirect scripting usually in the line right above the close head tag.

Good luck!

find / -name \*.php -exec grep -Hn preg_replace {} \;|grep /e|grep POST
ps axo pcpu,args | awk '/[p]hp.*pool/ { sums[$4] += $1 } END { for (pool in sums) { print sums[pool], pool } }' | sort -rn | column -t
find /srv/code -maxdepth 4 -type f -regex ".*\(\(package\|composer|npm\\|bower\)\.json\|Gemfile\|requirements\.txt\\|\.gitmodules\)"
2014-11-28 16:34:35
User: renoirb
Functions: find
Tags: bash git PHP ruby

List all dependencies manifests so you can install them.

In a scenario where you want to deploy a number of web applications and run their dependency managers, how could you run all of them in a systematic order.

One of the complexity is to ensure you get only your own top level dependencies. That way, you don recursively call development dependencies of your own dependencies.

Otherwise you might end up discovering dependency management manifests that are already been pulled by your own projects.

# Using this command

This command helps me find them and I can then run what?s required to pull them from their respective sources.

This command assumes the following:

1. Your code checkouts are in a flat repository layout (i.e. not nested).

2. Finds manifests for:

- NPM (nodejs),

- Composer (php),

- bower,

- requirements.txt (Python), and

- git submodules

wget -N --content-disposition http://www.adminer.org/latest.php
grep -r "<script" | grep -v src | awk -F: '{print $1}' | uniq
2014-07-23 06:24:31
User: sucotronic
Functions: awk grep
Tags: PHP javascript

Useful to crawl where the javascript is declared, and extract it a common file. You can redirect it to a file to review item by item.

php -r 'echo json_encode( unserialize( file_get_contents( "php://stdin" ) ) );'
find . -name '*.phtml' | xargs perl -pi -e 's/(?!(<\?(php|xml|=)))<\?/<\?php/g;'
2014-05-07 14:33:19
User: crashspeeder
Functions: find perl xargs

Tired of front end developers using short open tags in your views? This will replace all instances of

echo -n "string" | md5sum|cut -f 1 -d " "
2014-02-20 22:44:00
User: labadf
Functions: cut echo

echo defaults to include a newline character at the end of the string, which messes with the hash. If you suppress it with -n then it has the same effect as PHP's ?echo md5("string"), "\t-";? Even more, by using cut you get the exact same output, so it works as a drop-in replacement for the original command for this thread.

yum install php-tidy
phpunit --log-json php://stdout | awk '$NF ~ '/,/' && $1 ~ /"(test|time)"/' | cut -d: -f2- | sed "N;s/\n/--/" | sed "s/,//"| awk 'BEGIN{FS="--"}; {print $2 $1}' | sort -r | head -n 5
git status -s | grep -o ' \S*php$' | while read f; do php -l $f; done
2013-12-14 11:47:54
User: ruslan
Functions: grep read
Tags: git PHP lint

Checks for syntax errors in PHP files modified in current working copy of a Git repository.

echo "q+werty%3D%2F%3B" | php -r "echo urldecode(file_get_contents('php://stdin'));"
2013-07-17 11:37:36
User: kartikssj
Functions: echo
Tags: urldecod PHP

Using PHP shell to URL decode a string.

for ii in $(find /path/to/docroot -type f -name \*.php); do echo $ii; wc -lc $ii | awk '{ nr=$2/($1 + 1); printf("%d\n",nr); }'; done
2013-04-05 19:06:17
Functions: awk echo find wc

I have found that base64 encoded webshells and the like contain lots of data but hardly any newlines due to the formatting of their payloads. Checking the "width" will not catch everything, but then again, this is a fuzzy problem that relies on broad generalizations and heuristics that are never going to be perfect.

What I have done is set an arbitrary threshold (200 for example) and compare the values that are produced by this script, only displaying those above the threshold. One webshell I tested this on scored 5000+ so I know it works for at least one piece of malware.

find ./public_html/ -name \*.php -exec grep -HRnDskip "\(passthru\|shell_exec\|system\|phpinfo\|base64_decode\|chmod\|mkdir\|fopen\|fclose\|readfile\) *(" {} \;
2013-04-03 12:42:19
User: lpanebr
Functions: find grep

Searched strings:

passthru, shell_exec, system, phpinfo, base64_decode, chmod, mkdir, fopen, fclose, readfile

Since some of the strings may occur in normal text or legitimately you will need to adjust the command or the entire regex to suit your needs.

watch -d=c -n3 'lsof -itcp -iudp -c php'
2013-03-14 01:24:50
User: AskApache
Functions: watch
Tags: lsof PHP watch

Shows files and processes of the command php

php -e -c /path/to/php.ini -r 'echo "OK\n";';
php -m
perl -e "print 'yes' if `exim -bt $s_email_here | grep -c malformed`;"
2012-02-28 04:42:41
User: DewiMorgan
Functions: perl

People are *going* to post the wrong ways to do this. It's one of the most common form-validation tasks, and also one of the most commonly messed up. Using a third party tool or library like exim means that you are future-proofing yourself against changes to the email standard, and protecting yourself against the fact that actually checking whether an email address is valid is *not possible*.

Still, perhaps your boss is insisting you really do need to check them internally. OK.

Read the RFCs. The bet before the @ is specified by RFC2821 and RFC2822. The domain name part is specified by RFC1035, RFC1101, RFC1123 and RFC2181.

Generally, when people say "email address", they mean that part of the address that the RFC terms the "addr-spec": the "[email protected]" address, with no display names, comments, quotes, etc. Also "[email protected]" and "root" should be invalid, as should arbitrary addressing schemes specified by a protocol indicator, like "[email protected]:foo^bar^baz".

So... With the smallest poetic license for readability (allowing underscores in domain names so we can use "\w" instead of "[a-z0-9]"), the RFCs give us:


Not perfect, but the best I can come up with, and most compliant I've found. I'd be interested to see other people's ideas, though. It's still not going to verify you an address fersure, properly, 100% guaranteed legit, though. What else can you do? Well, you could also:

* verify that the address is either a correct dotted-decimal IP, or contains letters.

* remove reserved domains (.localhost, .example, .test, .invalid), reserved IP ranges, and so forth from the address.

* check for banned domains (whitehouse.gov, example.com...)

* check for known TLDs including alt tlds.

* see if the domain has an MX record set up: if so, connect to that host, else connect to the domain.

* see if the given address is accepted by the server as a recipient or sender (this fails for yahoo.*, which blocks after a few attempts, assuming you are a spammer, and for other domains like rediffmail.com, home.com).

But these are moving well out of the realm of generic regex checks and into the realm of application-specific stuff that should be done in code instead - especially the latter two. Hopefully, this is all you needed to point out to your boss "hey, email validation this is a dark pit with no bottom, we really just want to do a basic check, then send them an email with a link in it: it's the industry standard solution."

Of course, if you want to go nuts, here's an idea that you could do. Wouldn't like to do it myself, though: I'd rather just trust them until their mail bounces too many times. But if you want it, this (untested) code checks to see if the mail domain works. It's based on a script by John Coggeshall and Jesse Houwing that also asked the server if the specific email address existed, but I disliked that idea for several reasons. I suspect: it will get you blocked as a spambot address harvester pretty quick; a lot of servers would lie to you; it would take too much time; this way you can cache domains marked as "OK"; and I suspect it would add little to the reliability test.

// Based on work by: John Coggeshall and Jesse Houwing.

// http://www.zend.com/zend/spotlight/ev12apr.php

mailRegex = '^(?:"(?:[^"\\\\]|\\\\.)+"|[-^!#\$%&\'*+\/=?`{|}~.\w]+)';

mailRegex .= '@(?=.{3,255}$)(?:[\w][\w-]{0,62}\.){1,128}[\w][\w-]{0,62}$';

function ValidateMail($address) {

  global $mailRegex; // Yes, globals are evil. Put it inline if you want.

  if (!preg_match($mailRegex)) {

    return false;


  list ( $localPart, $Domain ) = split ("@",$Email);

  // connect to the first available MX record, or to domain if no MX record.

  $ConnectAddress = new Array();

  if (getmxrr($Domain, $MXHost)) {

    $ConnectAddress = $MXHost;

  } else {

    $ConnectAddress[0] = $Domain;


  // check all MX records in case main server is down - may take time!

  for ($i=0; $i < count($ConnectAddress); $i++ ) {

    $Connect = fsockopen ( $ConnectAddress[$i], 25 );

    if ($Connect){




  if ($Connect) {


    // Only works if socket_blocking is off.

    if (ereg("^220", $Out = fgets($Connect, 1024))) {

      fclose($Connect); // Unneeded, but let's help the gc.

      return true;


    fclose($Connect); // Help the gc.


  return false;


for FILE in $(svn status | grep ? | grep .php); do svn add $FILE; done
2011-12-27 17:49:33
Functions: grep
Tags: svn PHP

simply change extension for others programming languages

grep -Ilr "<?php" .
find . -name \*.php -exec php -l "{}" \;
php --ini
ssh -R 9000:localhost:9000 [email protected]
2011-05-28 09:39:16
User: nadavkav
Functions: ssh

If you need to xdebug a remote php application, which is behind a firewall, and you have an ssh daemon running on that machine. you can redirect port 9000 on that machine over to your local machine from which you run your xdebug client (I am using phpStorm)

So, run this command on your local machine and start your local xdebug client, to start debugging.

more info:


php -r 'function a(){$i=10;while($i--)echo str_repeat(" ",rand(1,79))."*".PHP_EOL;}$i=99;while($i--){a();echo str_repeat(" ",34)."Happy New Year 2011".PHP_EOL;a();usleep(200000);}'
2011-04-21 05:08:56
User: galymzhan
Functions: echo
Tags: Linux PHP

Requires installed command line PHP. Also, try at different dimensions of terminal window