Hide

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.


If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Hide

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

Hide

News

2011-03-12 - Confoo 2011 presentation
Slides are available from the commandlinefu presentation at Confoo 2011: http://presentations.codeinthehole.com/confoo2011/
2011-01-04 - Moderation now required for new commands
To try and put and end to the spamming, new commands require moderation before they will appear on the site.
2010-12-27 - Apologies for not banning the trolls sooner
Have been away from the interwebs over Christmas. Will be more vigilant henceforth.
2010-09-24 - OAuth and pagination problems fixed
Apologies for the delay in getting Twitter's OAuth supported. Annoying pagination gremlin also fixed.
Hide

Tags

Hide

Functions

Commands using wc from sorted by
Terminal - Commands using wc - 151 results
num_errs=`grep ERROR /var/log/syslog | tee >(cat >&2) | wc -l`
2014-03-12 00:04:24
Functions: cat tee wc
0

Many circumstances call for creating variable of a summary result while still printing the original pipe. Inserting "tee >(cat >&2)" allows the command output to still be printed while permitting the same output to be processed into a variable.

find . -type d| while read i; do echo $(ls -1 "$i"|wc -m) $(du -s "$i"); done|sort -s -n -k1,1 -k2,2 |awk -F'[ \t]+' '{ idx=$1$2; if (array[idx] == 1) {print} else if (array[idx]) {print array[idx]; print; array[idx]=1} else {array[idx]=$0}}'
2014-02-25 22:50:09
User: knoppix5
Functions: awk du echo find ls read sort wc
0

Very quick! Based only on the content sizes and the character counts of filenames. If both numbers are equal then two (or more) directories seem to be most likely identical.

if in doubt apply:

diff -rq path_to_dir1 path_to_dir2

AWK function taken from here:

http://stackoverflow.com/questions/2912224/find-duplicates-lines-based-on-some-delimited-fileds-on-line

unzip -p doc.odt content.xml | sed 's|<[^>]*>| |g' | wc -l
for i in */; do echo $(find $i -type f -regextype posix-extended -regex ".*\.(mp3|ogg|wav|flac)" | wc -l) $i ; done
find . -type d -maxdepth 1 -print0 | xargs -0 -I{} sh -c 'find "{}" -type f | grep "ogg\|mp3\|wav\|flac$" | wc -l | tr -d "\n"; echo " {}"'
2013-12-22 13:40:29
User: dbrgn
Functions: echo find grep sh tr wc xargs
0

This lists the number of ogg/mp3/wav/flac files in each subdirectory of the current directory. The output can be sorted by piping it into "sort -n".

wc -l *c
for i in `find -L /var/ -wholename \*log\* -type d`; do COUNT=`ls -1U $i | wc -l`; if [ $COUNT -gt 10 ]; then echo $i $COUNT; fi; done
for i in {1..31}; do ls -1 *${YYYY}${MM}`printf "%02d" $i`* | wc -l; done
2013-07-26 07:08:04
User: Paulus
Functions: ls wc
Tags: bash Linux
0

RU: Найдет число файлов в папке по данной маске в цикле по дням месяца

while true; do netstat -a|grep WAIT|wc -l; sleep 5; done
2013-06-19 09:19:41
User: adimania
Functions: grep netstat sleep wc
Tags: netstat tcp
0

This has saved me many times while debugging timeout issues to "too many open files" issues. A high number of the order of thousand, indicates that somewhere connection is not being closed properly.

find /usr/include/ -name '*.[c|h]pp' -o -name '*.[ch]' -print0 | xargs -0 cat | grep -v "^ *$" | grep -v "^ *//" | grep -v "^ */\*.*\*/" | wc -l
2013-06-17 08:37:37
Functions: cat find grep wc xargs
0

Count your source and header file's line numbers. This ignores blank lines, C++ style comments, single line C style comments.

This will not ignore blank lines with tabs or multiline C style comments.

echo -n "foo" | wc -c
ls -R | wc -l
pdftotext file.pdf - | wc -w
2013-06-01 16:29:04
Functions: wc
0

Bases word count on the genreated PDF file; so make sure to update this first. The PDF file also includes references and output of any macros.

more restart_weblogic.log | grep "LISTEN" | awk '{ print $7 }' | uniq | wc -l
for ii in $(find /path/to/docroot -type f -name \*.php); do echo $ii; wc -lc $ii | awk '{ nr=$2/($1 + 1); printf("%d\n",nr); }'; done
2013-04-05 19:06:17
Functions: awk echo find wc
0

I have found that base64 encoded webshells and the like contain lots of data but hardly any newlines due to the formatting of their payloads. Checking the "width" will not catch everything, but then again, this is a fuzzy problem that relies on broad generalizations and heuristics that are never going to be perfect.

What I have done is set an arbitrary threshold (200 for example) and compare the values that are produced by this script, only displaying those above the threshold. One webshell I tested this on scored 5000+ so I know it works for at least one piece of malware.

ps aux | grep [process] | awk '{print $2}' | xargs -I % ls /proc/%/fd | wc -l
sed ?s/[sub_str]/[sub_str]\n/g? [text_file] | wc -l
grep -Fvxf $(file1) $(file2) | wc -l
read -p 'Script: ' S && C=$S.crypt H='eval "$((dd if=$0 bs=1 skip=//|gpg -d)2>/dev/null)"; exit;' && gpg -c<$S|cat >$C <(echo $H|sed s://:$(echo "$H"|wc -c):) - <(chmod +x $C)
2013-03-10 08:59:45
User: rodolfoap
Functions: cat chmod echo gpg read sed wc
5

(Please see sample output for usage)

Use any script name (the read command gets it) and it will be encrypted with the extension .crypt, i.e.:

myscript --> myscript.crypt

You can execute myscript.crypt only if you know the password. If you die, your script dies with you.

If you modify the startup line, be careful with the offset calculation of the crypted block (the XX string).

Not difficult to make script editable (an offset-dd piped to a gpg -d piped to a vim - piped to a gpg -c directed to script.new ), but not enough space to do it on a one liner.

Sorry for the chmod on parentheses, I dont like "-" at the end.

Thanks flatcap for the subshell abbreviation to /dev/null

ps -u user_name_here | grep process_name_here | wc -l
find . -type f -name "*.txt" | while read; do (($(cat $THISFILE | wc -l) < 10)) && rm -vf "$THISFILE"; done
for x in `ps -u 500 u | grep java | awk '{ print $2 }'`;do ls /proc/$x/fd|wc -l;done
echo 'foo' | tee >(wc -c) >(grep o) >(grep f)
2013-01-31 09:54:18
User: totti
Functions: echo grep tee wc
Tags: tee output input
5

Output of a command as input to many

for i in {a..z}; do echo $(cat ~/.bash_history | grep ^$i.* | wc -l) $i; done | sort -n -r
2013-01-23 18:59:13
User: yaMatt
Functions: cat echo grep sort wc
0

Kind of fun if you're that was inclined. I figured most of my commands start with s. sudo, screen, ssh etc. This script tells me what else they start with.