Hide

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.


If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Hide

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

Hide

News

2011-03-12 - Confoo 2011 presentation
Slides are available from the commandlinefu presentation at Confoo 2011: http://presentations.codeinthehole.com/confoo2011/
2011-01-04 - Moderation now required for new commands
To try and put and end to the spamming, new commands require moderation before they will appear on the site.
2010-12-27 - Apologies for not banning the trolls sooner
Have been away from the interwebs over Christmas. Will be more vigilant henceforth.
2010-09-24 - OAuth and pagination problems fixed
Apologies for the delay in getting Twitter's OAuth supported. Annoying pagination gremlin also fixed.
Hide

Tags

Hide

Functions

Commands using strings from sorted by
Terminal - Commands using strings - 21 results
strings /dev/urandom | tr -cd '[:alnum:]' | fold -w 30 | head -n 1
2014-12-11 06:21:51
User: atoponce
Functions: fold head strings tr
1

This command is similar to the alternate, except with head(1), you can pick as many passwords as you wish to generate by changing the number of lines you wish to preview.

strings * |grep -v "Apple" |grep http |uniq |sed "s/<[^>]\+>//g"
ioreg -lw0 | grep IODisplayEDID | sed "/[^<]*</s///" | xxd -p -r | strings -6
tcpdump -l -s0 -w - tcp dst port 25 | strings | grep -i 'MAIL FROM\|RCPT TO'
2013-03-18 18:55:20
User: ene2002
Functions: grep strings tcpdump
3

This works just as well for SMTP. You could run this on your mail server to watch e-mail senders and recipients:

tcpdump -l -s0 -w - tcp dst port 25 | strings | grep -i 'MAIL FROM\|RCPT TO'

strings -1 <file>
2012-11-23 11:33:25
User: Testuser_01
Functions: strings
-1

Use this like the cat command with the additional feature to strip out unprintable characters from the input, newlines will stay.

strings /usr/lib/flashplugin-nonfree/libflashplayer.so |grep ^LNX
2012-04-25 10:34:57
User: domicius
Functions: grep strings
1

This is for Debian, simply change the path if your Flash plugin is installed elsewhere.

strings -f sample.txt
strings ~/.mozilla/firefox/*/webappsstore.sqlite|grep -Eo "^.+\.:" |rev
2011-09-26 15:23:09
Functions: grep strings
8

Someone over at Mozilla dot Org probably said, "I know, let's create a super-duper universal replacement for browser cookies that are persistent and even more creepy and then NOT give our browser users the tools they need to monitor, read, block or selectively remove them!"

.

This will let you see all the DOM object users in all your firefox profiles. Feel free to toss a `| sort -u` on the end to remove dupes.

.

I highly recommend you treat these as "session cookies" by scripting something that deletes this sqlite database during each firefox start-up.

.

note: does not do anything for so-called "flash cookies"

cat dirtyfile.txt | awk '{gsub(/[[:punct:]]/,"")}1' | tr A-Z a-z | sed 's/[0-9]*//g' | sed -e 's/ //g' | strings | tr -cs '[:alpha:]' '\ ' | sed -e 's/ /\n/g' | tr A-Z a-z | sort -u > cleanfile.txt
2011-08-28 01:26:04
User: purehate
Functions: awk cat sed sort strings tr
0

Using large wordlists is cumbersome. Using password cracking programs with rules such as Hashcat or John the ripper is much more effective. In order to do this many times we need to "clean" a wordlist removing all numbers, special characters, spaces, whitespace and other garbage. This command will covert a entire wordlist to all lowercase with no garbage.

head -100000 /dev/urandom | strings > temp.txt && for w in $(cat webster-dictionary.txt); do if [ ${#w} -gt 3 ]; then grep -io $w temp.txt; fi; done
sitepass2() {salt="this_salt";pass=`echo -n "$@"`;for i in {1..500};do pass=`echo -n $pass$salt|sha512sum`;done;echo$pass|gzip -|strings -n 1|tr -d "[:space:]"|tr -s '[:print:]' |tr '!-~' 'P-~!-O'|rev|cut -b 2-15;history -d $(($HISTCMD-1));}
2010-12-09 08:42:24
User: Soubsoub
Functions: cut gzip strings tr
Tags: Security
-4

This is a safest variation for "sitepass function" that includes a SALT over a long loop for sha512sum hash

# dd if=/dev/mem bs=1k skip=768 count=256 2>/dev/null | strings -n 8
2010-07-02 09:38:19
User: new_user
Functions: dd strings
Tags: BIOS
15

read the memory from C:0000 to F:FFFF

without the need auf dmidecode

cat /var/log/httpd/access_log | grep q= | awk '{print $11}' | awk -F 'q=' '{print $2}' | sed 's/+/ /g;s/%22/"/g;s/q=//' | cut -d "&" -f 1 | mail youremail@isp.com -s "[your-site] search strings for `date`"
2009-11-22 03:03:06
User: isma
Functions: awk cat grep sed strings
-2

It's not a big line, and it *may not* work for everybody, I guess it depends on the detail of access_log configuration in your httpd.conf. I use it as a prerotate command for logrotate in httpd section so it executes before access_log rotation, everyday at midnight.

sitepass() { echo -n "$@" | md5sum | sha1sum | sha224sum | sha256sum | sha384sum | sha512sum | gzip - | strings -n 1 | tr -d "[:space:]" | tr -s '[:print:]' | tr '!-~' 'P-~!-O' | rev | cut -b 2-11; history -d $(($HISTCMD-1)); }
2009-10-01 20:14:57
User: syssyphus
Tags: Security
14

usage: sitepass MaStErPaSsWoRd example.com

description: An admittedly excessive amount of hashing, but this will give you a pretty secure password, It also eliminates repeated characters and deletes itself from your command history.

tr '!-~' 'P-~!-O' # this bit is rot47, kinda like rot13 but more nerdy

rev # this avoids the first few bytes of gzip payload, and the magic bytes.

strings /boot/kernel-file | grep 2.6
2009-09-30 06:21:40
Functions: grep strings
-10

recently some in the #linux shared this. to find out the kernel version name from the binary without using uname

ioreg -lw0 | grep IODisplayEDID | sed "/[^<]*</s///" | xxd -p -r | strings -6
sudo cat /proc/kcore | strings | awk 'length > 20' | less
2009-03-09 02:19:47
User: nesquick
Functions: awk cat strings sudo
Tags: cat ram strings
15

This command lets you see and scroll through all of the strings that are stored in the RAM at any given time. Press space bar to scroll through to see more pages (or use the arrow keys etc).

Sometimes if you don't save that file that you were working on or want to get back something you closed it can be found floating around in here!

The awk command only shows lines that are longer than 20 characters (to avoid seeing lots of junk that probably isn't "human readable").

If you want to dump the whole thing to a file replace the final '| less' with '> memorydump'. This is great for searching through many times (and with the added bonus that it doesn't overwrite any memory...).

Here's a neat example to show up conversations that were had in pidgin (will probably work after it has been closed)...

sudo cat /proc/kcore | strings | grep '([0-9]\{2\}:[0-9]\{2\}:[0-9]\{2\})'

(depending on sudo settings it might be best to run

sudo su

first to get to a # prompt)

strings /dev/urandom | grep -o '[[:alnum:]]' | head -n 30 | tr -d '\n'; echo
2009-02-16 00:39:28
User: jbcurtis
Functions: grep head strings tr
44

Find random strings within /dev/urandom. Using grep filter to just Alphanumeric characters, and then print the first 30 and remove all the line feeds.

strings libc-2.2.5.so | grep stat.h