Commands using awk (1,418)
-
0history | awk '{if ($2 == "sudo") a[$3]++; else a[$2]++}END{for(i in a){print a[i] " " i}}' | sort -rn | head
-
0finger `whoami` | awk -F: '{ print $3 }' | head -n1 | sed 's/^ //'
-
Convert Metasploit?s MSCACHE output to Hashcat version (performed in ~/.msf4/loot/):
0cat *mscache* | awk -F '"' '{print $4":"$2}' -
0aptitude purge $(dpkg -l|grep ^rc|awk '{ print $2 }')
-
Requirements: curl, grep, awk, internet connection with access to wikipedia Loaded page: http://en.wikipedia.org/wiki/List_of_programming_languages If you can make shorter version of this listgetter, you are welcome to paste it here :) Show Sample Output
0curl http://en.wikipedia.org/wiki/List_of_programming_languages | grep "<li>" | awk -F"title=" '{ print $2 }' | awk -F\" '{ print $2 }' -
if you have a capture file *.eth, and ajp protocol is in use on port 9009, you can paste the above command. You can change the fiile and port name Show Sample Output
0tshark -r *.eth -S -R "ajp13" -d tcp.port==9009,ajp13 -s 0 -l -V | awk '/Apache JServ/ {p=1} /^ *$/ {p=0;printf "\n"} (p){printf "%s\n", $0} /^(Frame|Internet Pro|Transmission Control)/ {print $0}' -
Executing pfiles will return a list of all descriptors utilized by the process We are interested in the S_IFREG entries since they are pointing usually to files In the line, there is the inode number of the file which we use in order to find the filename. The only bad thing is that in order not to search from / you have to suspect where could possibly be the file. Improvements more than welcome. lsof was not available in my case Show Sample Output
0for i in `pfiles pid|grep S_IFREG|awk '{print $5}'|awk -F":" '{print $2}'`; do find / -inum $i |xargs ls -lah; done -
This functionality seems to be missing from commands like dpkg. Ideally, I want to duplicate the behavior of rpm --verify, but it seems difficult to do this in one relatively short command pipeline. Show Sample Output
0dpkg-query -Wf '${Package}\n' | xargs dpkg --status | sed '/^Conffiles:/,/^Description:/!d;//d' | awk '{print $2 " " $1}' | md5sum -c 2>/dev/null | grep FAILED$ | cut -f1 -d':' -
0for x in `ps -u 500 u | grep java | awk '{ print $2 }'`;do ls /proc/$x/fd|wc -l;done
-
I run this via crontab every one minute on my machine occasionally to see if a process is eating up my system's resources.
0load=`uptime|awk -F',' '{print $3}'|awk '{print $3}'`; if [[ $(echo "if ($load > 1.0) 1 else 0" | bc) -eq 1 ]]; then notify-send "Load $load";fi -
This command will take the files in a directory, rename them, and then number them from 1...N. Black belt stuff. Hell of a time saver.
0find . -name '*.jpg' | awk 'BEGIN{ a=0 }{ printf "mv %s name%01d.jpg\n", $0, a++ }' | bash -
0df -H | grep -vE '^Filesystem|tmpfs|cdrom|none' | awk '{ print $5 " " $1 }'
-
Also removes translator comments. You can remove the header by omitting --keep-header, but if your msgids contain non-ASCII characters you will need the header to specify a suitable charset.
0msgfilter --keep-header --input input.po awk '{}' | sed '/^#$/d; /^#[^\:\~,\.]/d' >empty.po -
It'll print the file names preserving the spaces in their names and adding new line after every new filename. I wrote this to quickly find out how many files in any directory is owned by a particular user. This can be extended using pipe and grep to do much more. Show Sample Output
0awk '{for (i=9;i<=NF;i++) {printf "%s",$i; printf "%s", " ";}; printf "\n"}' -
completely remove those packages that leave files in debian / ubuntu marked with rc and not removed completely with traditional tools
0dpkg -l | grep ^rc | awk '{ print $2}' | xargs apt-get -y remove --purge -
On the Mac, the 'ls' function can sort based on month/day/time, but seems to lack ability to filter on the Year field (#9 among the long listed fields). The sorted list continuously increases the 'START' year for the most recently accessed set of files. The final month printed will be the highest month that appeared in that START year. The command does its magic on the current directory, and suitably discards all entries that are themselves directories. If you expect files dating prior to 2002, change the START year accordingly.
0ls -lT -rt | grep "^-" | awk 'BEGIN {START=2002} (START <= $9){ print $10 ;START=$9 }' | tail -1 -
0ps aux | grep <process> | grep -v grep | awk '{print $2}' | xargs -i -t kill -9 {}
-
0wget -O - "[PICASA ALBUM RSS LINK]" |sed 's/</\n</g' | grep media:content |sed 's/.*url='"'"'\([^'"'"']*\)'"'"'.*$/\1/' |awk -F'/' '{gsub($NF,"d/"$NF); print $0}'|wget -i -
-
0DATE=`date +"%H:%M" --date '-1 min'`; egrep "\ $DATE\:..\ " /var/log/dhcpd.log |awk '/DHCPREQUEST/ {split($3,t,":"); printf("%02d:%02d\n",t[1],t[2]);}' |uniq -c;
-
0ps aux | grep [process] | awk '{print $2}' | xargs -I % ls /proc/%/fd | wc -l
-
0cat /sys/block/{*,*/*}/holders/dm*/dm/name | awk -F- '{print $1}' | sort -u
-
0cat /sys/block/md1/holders/dm*/dm/name | awk -F- '{print $1}' | sort -u
-
I have found that base64 encoded webshells and the like contain lots of data but hardly any newlines due to the formatting of their payloads. Checking the "width" will not catch everything, but then again, this is a fuzzy problem that relies on broad generalizations and heuristics that are never going to be perfect. What I have done is set an arbitrary threshold (200 for example) and compare the values that are produced by this script, only displaying those above the threshold. One webshell I tested this on scored 5000+ so I know it works for at least one piece of malware.
0for ii in $(find /path/to/docroot -type f -name \*.php); do echo $ii; wc -lc $ii | awk '{ nr=$2/($1 + 1); printf("%d\n",nr); }'; done -
0netstat -antu | awk '$5 ~ /[0-9]:/{split($5, a, ":"); ips[a[1]]++} END {for (ip in ips) print ips[ip], ip | "sort -k1 -nr"}'
-
0dd if=/dev/zero of=/fs/to/fill/dummy00 bs=8192 count=$(df --block-size=8192 / | awk 'NR!=1 {print $4-100}')
- ‹ First < 35 36 37 38 39 > Last ›
What's this?
commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.
Check These Out
Stay in the loop…
- Follow the Tweets.
-
Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.
» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10 - Subscribe to the feeds.
-
Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):
Subscribe to the feed for:
- » all commands
- » commands with 3 up-votes (commandlinefu3)
- » commands with 10 up-votes (commandlinefu10)
- » commands using awk