What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

UpGuard checks and validates configurations for every major OS, network device, and cloud provider.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:



May 19, 2015 - A Look At The New Commandlinefu
I've put together a short writeup on what kind of newness you can expect from the next iteration of clfu. Check it out here.
March 2, 2015 - New Management
I'm Jon, I'll be maintaining and improving clfu. Thanks to David for building such a great resource!

Top Tags



Commands using strings from sorted by
Terminal - Commands using strings - 22 results
wget -q -O - | strings | tail -n 2
2016-05-03 23:03:55
User: paulera
Functions: strings tail wget

The router Technicolor TC7200 has an exploit where the file is open for unauthenticated access. Even though it is binary, the 2 last strings are the username and password for the pages for router management. It can be read using the 'strings' command, 'hexdump -C' or a hexadecimal editor.

(default user/password = admin/admin)

Reveals more configuration, including SSID name and Key for the wifi network:

wget -q -O -

Hexadecimal dump of the file:

wget -q -O - | hexdump -C
strings /dev/urandom | tr -cd '[:alnum:]' | fold -w 30 | head -n 1
2014-12-11 06:21:51
User: atoponce
Functions: fold head strings tr

This command is similar to the alternate, except with head(1), you can pick as many passwords as you wish to generate by changing the number of lines you wish to preview.

strings * |grep -v "Apple" |grep http |uniq |sed "s/<[^>]\+>//g"
ioreg -lw0 | grep IODisplayEDID | sed "/[^<]*</s///" | xxd -p -r | strings -6
tcpdump -l -s0 -w - tcp dst port 25 | strings | grep -i 'MAIL FROM\|RCPT TO'
2013-03-18 18:55:20
User: ene2002
Functions: grep strings tcpdump

This works just as well for SMTP. You could run this on your mail server to watch e-mail senders and recipients:

tcpdump -l -s0 -w - tcp dst port 25 | strings | grep -i 'MAIL FROM\|RCPT TO'

strings -1 <file>
2012-11-23 11:33:25
User: Testuser_01
Functions: strings

Use this like the cat command with the additional feature to strip out unprintable characters from the input, newlines will stay.

strings /usr/lib/flashplugin-nonfree/libflashplayer.so |grep ^LNX
2012-04-25 10:34:57
User: domicius
Functions: grep strings

This is for Debian, simply change the path if your Flash plugin is installed elsewhere.

strings -f sample.txt
strings ~/.mozilla/firefox/*/webappsstore.sqlite|grep -Eo "^.+\.:" |rev
2011-09-26 15:23:09
Functions: grep strings

Someone over at Mozilla dot Org probably said, "I know, let's create a super-duper universal replacement for browser cookies that are persistent and even more creepy and then NOT give our browser users the tools they need to monitor, read, block or selectively remove them!"


This will let you see all the DOM object users in all your firefox profiles. Feel free to toss a `| sort -u` on the end to remove dupes.


I highly recommend you treat these as "session cookies" by scripting something that deletes this sqlite database during each firefox start-up.


note: does not do anything for so-called "flash cookies"

cat dirtyfile.txt | awk '{gsub(/[[:punct:]]/,"")}1' | tr A-Z a-z | sed 's/[0-9]*//g' | sed -e 's/ //g' | strings | tr -cs '[:alpha:]' '\ ' | sed -e 's/ /\n/g' | tr A-Z a-z | sort -u > cleanfile.txt
2011-08-28 01:26:04
User: purehate
Functions: awk cat sed sort strings tr

Using large wordlists is cumbersome. Using password cracking programs with rules such as Hashcat or John the ripper is much more effective. In order to do this many times we need to "clean" a wordlist removing all numbers, special characters, spaces, whitespace and other garbage. This command will covert a entire wordlist to all lowercase with no garbage.

head -100000 /dev/urandom | strings > temp.txt && for w in $(cat webster-dictionary.txt); do if [ ${#w} -gt 3 ]; then grep -io $w temp.txt; fi; done
sitepass2() {salt="this_salt";pass=`echo -n "$@"`;for i in {1..500};do pass=`echo -n $pass$salt|sha512sum`;done;echo$pass|gzip -|strings -n 1|tr -d "[:space:]"|tr -s '[:print:]' |tr '!-~' 'P-~!-O'|rev|cut -b 2-15;history -d $(($HISTCMD-1));}
2010-12-09 08:42:24
User: Soubsoub
Functions: cut gzip strings tr
Tags: Security

This is a safest variation for "sitepass function" that includes a SALT over a long loop for sha512sum hash

# dd if=/dev/mem bs=1k skip=768 count=256 2>/dev/null | strings -n 8
2010-07-02 09:38:19
User: new_user
Functions: dd strings
Tags: BIOS

read the memory from C:0000 to F:FFFF

without the need auf dmidecode

cat /var/log/httpd/access_log | grep q= | awk '{print $11}' | awk -F 'q=' '{print $2}' | sed 's/+/ /g;s/%22/"/g;s/q=//' | cut -d "&" -f 1 | mail [email protected] -s "[your-site] search strings for `date`"
2009-11-22 03:03:06
User: isma
Functions: awk cat grep sed strings

It's not a big line, and it *may not* work for everybody, I guess it depends on the detail of access_log configuration in your httpd.conf. I use it as a prerotate command for logrotate in httpd section so it executes before access_log rotation, everyday at midnight.

sitepass() { echo -n "$@" | md5sum | sha1sum | sha224sum | sha256sum | sha384sum | sha512sum | gzip - | strings -n 1 | tr -d "[:space:]" | tr -s '[:print:]' | tr '!-~' 'P-~!-O' | rev | cut -b 2-11; history -d $(($HISTCMD-1)); }
2009-10-01 20:14:57
User: syssyphus
Tags: Security

usage: sitepass MaStErPaSsWoRd example.com

description: An admittedly excessive amount of hashing, but this will give you a pretty secure password, It also eliminates repeated characters and deletes itself from your command history.

tr '!-~' 'P-~!-O' # this bit is rot47, kinda like rot13 but more nerdy

rev # this avoids the first few bytes of gzip payload, and the magic bytes.

strings /boot/kernel-file | grep 2.6
2009-09-30 06:21:40
Functions: grep strings

recently some in the #linux shared this. to find out the kernel version name from the binary without using uname

ioreg -lw0 | grep IODisplayEDID | sed "/[^<]*</s///" | xxd -p -r | strings -6
sudo cat /proc/kcore | strings | awk 'length > 20' | less
2009-03-09 02:19:47
User: nesquick
Functions: awk cat strings sudo
Tags: cat ram strings

This command lets you see and scroll through all of the strings that are stored in the RAM at any given time. Press space bar to scroll through to see more pages (or use the arrow keys etc).

Sometimes if you don't save that file that you were working on or want to get back something you closed it can be found floating around in here!

The awk command only shows lines that are longer than 20 characters (to avoid seeing lots of junk that probably isn't "human readable").

If you want to dump the whole thing to a file replace the final '| less' with '> memorydump'. This is great for searching through many times (and with the added bonus that it doesn't overwrite any memory...).

Here's a neat example to show up conversations that were had in pidgin (will probably work after it has been closed)...

sudo cat /proc/kcore | strings | grep '([0-9]\{2\}:[0-9]\{2\}:[0-9]\{2\})'

(depending on sudo settings it might be best to run

sudo su

first to get to a # prompt)

strings /dev/urandom | grep -o '[[:alnum:]]' | head -n 30 | tr -d '\n'; echo
2009-02-16 00:39:28
User: jbcurtis
Functions: grep head strings tr

Find random strings within /dev/urandom. Using grep filter to just Alphanumeric characters, and then print the first 30 and remove all the line feeds.

strings libc-2.2.5.so | grep stat.h