Commands matching grep binary (30)

  • This is how I typically grep. -R recurse into subdirectories, -n show line numbers of matches, -i ignore case, -s suppress "doesn't exist" and "can't read" messages, -I ignore binary files (technically, process them as having no matches, important for showing inverted results with -v) I have grep aliased to "grep --color=auto" as well, but that's a matter of formatting not function.


    49
    grep -RnisI <pattern> *
    birnam · 2009-09-22 15:09:43 29
  • grep searches through a file and prints out all the lines that match some pattern. Here, the pattern is some string that is known to be in the deleted file. The more specific this string can be, the better. The file being searched by grep (/dev/sda1) is the partition of the hard drive the deleted file used to reside in. The ?-a? flag tells grep to treat the hard drive partition, which is actually a binary file, as text. Since recovering the entire file would be nice instead of just the lines that are already known, context control is used. The flags ?-B 25 -A 100? tell grep to print out 25 lines before a match and 100 lines after a match. Be conservative with estimates on these numbers to ensure the entire file is included (when in doubt, guess bigger numbers). Excess data is easy to trim out of results, but if you find yourself with a truncated or incomplete file, you need to do this all over again. Finally, the ?> results.txt? instructs the computer to store the output of grep in a file called results.txt. Source: http://spin.atomicobject.com/2010/08/18/undelete?utm_source=y-combinator&utm_medium=social-media&utm_campaign=technical


    24
    grep -a -B 25 -A 100 'some string in the file' /dev/sda1 > results.txt
    olalonde · 2010-08-19 20:07:42 18
  • This helped me find a botnet that had made into my system. Of course, this is not a foolproof or guarantied way to find all of them or even most of them. But it helped me find it.


    12
    cat /var/lib/dpkg/info/*.list > /tmp/listin ; ls /proc/*/exe |xargs -l readlink | grep -xvFf /tmp/listin; rm /tmp/listin
    kamathln · 2009-09-09 18:09:14 14
  • -P activates the Perl regular expression mode.


    7
    grep -P "\x05\x00\xc0" mybinaryfile
    grinob · 2010-06-30 23:07:24 8
  • This is very helpful to place in a shell startup file and will make grep use those options all the time. This example is nice as it won't show those warning messages, skips devices like fifos and pipes, and ignores case by default.


    7
    GREP_OPTIONS='-D skip --binary-files=without-match --ignore-case'
    AskApache · 2010-11-03 23:10:09 4
  • Tired copy paste to get opcode from objdump huh ? Get more @ http://gunslingerc0de.wordpress.com Show Sample Output


    5
    objdump -d ./PROGRAM|grep '[0-9a-f]:'|grep -v 'file'|cut -f2 -d:|cut -f1-6 -d' '|tr -s ' '|tr '\t' ' '|sed 's/ $//g'|sed 's/ /\\x/g'|paste -d '' -s |sed 's/^/"/'|sed 's/$/"/g'
    gunslinger_ · 2010-07-11 15:44:48 110
  • When working with jailed environments you need to copy all the shared libraries to your jail environment. This is done by running ldd on a binary which needs to run inside the jail. This command will use the output from ldd to automatically copy the shared libraries to a folder of your choice. Show Sample Output


    4
    ldd file | grep "=> /" | awk '{print $3}' | xargs -I '{}' cp -v '{}' /destination
    rickard2 · 2012-02-11 17:50:10 10
  • Anyone can make the command smaller & easier? :) Show Sample Output


    3
    for i in $(objdump -d binary -M intel |grep "^ " |cut -f2); do echo -n '\x'$i; done;echo
    arno · 2013-04-09 09:44:31 18
  • Skype has an internal regex which depicts the emoticons it supports. However you cannot simply search the binary file for it. This small 181 character line will do just that, provided skype is running. And of course, only works in linux. Show Sample Output


    1
    S=`pidof skype`;grep heap /proc/$S/maps|cut -f1 -d' '|awk -F- '{print "0x" $1 " 0x" $2}'|xargs echo "du me t ">l;gdb -batch -p $S -x l>/dev/null 2>&1;strings t|grep \(smirk|head -n1
    alvieboy · 2009-06-26 20:03:17 6
  • Output is from Debian Lenny Show Sample Output


    1
    grep CONFIG $(which mysqlbug)
    Velenux · 2009-09-23 17:12:37 3
  • Please note that binary file checking is NOT perfect. So, use it with caution. It does not delete hidden files whose name has a leading '.' character. And it regards an empty file as a binary file.


    1
    perl -e 'unlink grep { -f -B } <*>'
    seungwon · 2011-04-05 10:32:40 3
  • options: -n line nbrs, -i ignore case, -s no "doesn't exist", -I ignore binary args: * for all files of current dir (not hidden), .[!.]* for all hidden files I don't include by default the -R (recursive) option, which is not always useful. You add it by hand when needed.


    1
    grep -nisI <pattern> * .[!.]*
    lajarre · 2013-04-18 14:33:41 4
  • accomplishes the same thing without unzipping the whole file, and while i have never seen a log.tar.gz file that was a binary, i will concede that it might happen, so add the -a in there: zgrep -ia "string" log.tar.gz it's still shorter/easier to type...


    1
    zgrep -i "string" log.tar.gz
    elfinkind · 2014-09-12 20:31:13 11
  • Better than the others, and actually works unlike some of them. Show Sample Output


    1
    objdump -d $1 | grep -Po '\s\K[a-f0-9]{2}(?=\s)' | sed 's/^/\\x/g' | perl -pe 's/\r?\n//' | sed 's/$/\n/'
    Daytona · 2015-05-23 01:21:58 10
  • Getting shellcode from ARM binaries - @OsandaMalith Show Sample Output


    1
    for i in $(objdump -d binary | grep "^ "|awk -F"[\t]" '{print $2}'); do echo -n ${i:6:2}${i:4:2}${i:2:2}${i:0:2};done| sed 's/.\{2\}/\\x&/g'
    Osanda · 2015-07-02 15:52:27 9

  • 0
    cat `whereis mysqlbug | awk '{print $2}'` | grep 'CONFIGURE_LINE='
    numbata · 2009-07-21 07:44:27 2
  • List all text files in the current directory.


    0
    find . | xargs file | grep ".*: .* text" | sed "s;\(.*\): .* text.*;\1;"
    matthewbauer · 2009-09-22 01:50:25 8
  • first off, if you just want a random UUID, here's the actual command to use: uuidgen Your chances of finding a duplicate after running this nonstop for a year are about the same as being hit by a meteorite before finishing this sentence The reason for the command I have is that it's more provably unique than the one that uuidgen creates. uuidgen creates a random one by default, or an unencrypted one based on time and network address if you give it the -t option. Mine uses the mac address of the ethernet interface, the process id of the caller, and the system time down to nanosecond resolution, which is provably unique over all computers past, present, and future, subject to collisions in the cryptographic hash used, and the uniqueness of your mac address. Warning: feel free to experiment, but be warned that the stdin of the hash is binary data at that point, which may mess up your terminal if you don't pipe it into something. If it does mess up though, just type reset Show Sample Output


    0
    printf $(( echo "obase=16;$(echo $$$(date +%s%N))"|bc; ip link show|sed -n '/eth/ {N; p}'|grep -o -E '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}'|head -c 17 )|tr -d [:space:][:punct:] |sed 's/[[:xdigit:]]\{2\}/\\x&/g')|sha1sum|head -c 32; echo
    camocrazed · 2010-07-14 14:04:53 10
  • Where ^M is entered by ctrl-v-m (v then m). Especially useful on cygwin when checking into a version control system. If you're not using all cygwin tools (e.g. strawberry perl instead of cygwin perl) you'll find yourself dealing with this constantly. -U tells grep to process the file as binary; it needs this to work -I ignores binary files so you won't get false positives -l only prints the filename instead of the offending lines -r recursive


    0
    grep -UIlr "^M" *
    randy909 · 2010-08-20 21:16:34 3

  • 0
    find -type f | xargs file | grep ".*: .* text" | sed "s;\(.*\): .* text.*;\1;"
    phunehehe · 2012-12-24 07:53:52 5
  • This command produces no output, but its exit status is 0 ("true") if $file is text, non-0 ("false") if $file is binary (or is not accessible). Explanation: -q suppresses all the output of grep -I is the trick: if a binary file is found, it is considered a non-match -m 1: limit "output" to first match (speed up for big files) .: the match string, "." stands for any character Usage: e.g. run editor only on text files grep -qIm 1 . $file && vi $file


    0
    grep -qIm1 . $file
    anon1251 · 2013-03-28 14:11:51 3
  • The -a option in -aEio tells grep to treat binary files as text files. Show Sample Output


    0
    grep -aEio '([[:alnum:]_.-]+@[[:alnum:]_.-]+?\.[[:alpha:].]{2,6})'
    nabil_kadimi · 2013-05-30 07:17:32 9

  • 0
    echo "\"$(objdump -d BINARY | grep '[0-9a-f]:' | cut -d$'\t' -f2 | grep -v 'file' | tr -d " \n" | sed 's/../\\x&/g')\""
    reiderroque · 2015-09-25 20:21:26 11
  • Extracts the binary from the .text section and escapes it. This puts it in a form ready to use in a program. Show Sample Output


    0
    objdump -d -j .text ExeHere | grep -e '^ ' | tr '[[:space:]]' '\n' | egrep '^[[:alnum:]]{2}$' | xargs | sed 's/ /\\x/g' | sed -e 's/^/\\x/g'
    keyboardsage · 2016-09-11 07:15:00 16
  • Seems to work on Ubuntu 14.02 LTS Show Sample Output


    0
    objdump -s ./HelloWorld | grep -v '^ [0-9a-f][0-9a-f][0-9a-f][0-9a-f] \b' | grep -v 'Contents' | grep -v './' | cut -d' ' -f 3-6| sed 's/ //g' | sed '/./!d' | tr -d '\n'| sed 's/.\{2\}/&\\x/g' | sed 's/^/\\x/'|sed 's/..$//'|sed 's/^/"/;s/$/"/g'
    mark20 · 2016-10-05 23:31:05 17
  •  1 2 > 

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

Which processes are listening on a specific port (e.g. port 80)
swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

Rename files in batch

Download an Entire website with wget

Set laptop display brightness
Run as root. Path may vary depending on laptop model and video card (this was tested on an Acer laptop with ATI HD3200 video). $ cat /proc/acpi/video/VGA/LCD/brightness to discover the possible values for your display.

Get AWS temporary credentials ready to export based on a MFA virtual appliance
You might want to secure your AWS operations requiring to use a MFA token. But then to use API or tools, you need to pass credentials generated with a MFA token. This commands asks you for the MFA code and retrieves these credentials using AWS Cli. To print the exports, you can use: `awk '{ print "export AWS_ACCESS_KEY_ID=\"" $1 "\"\n" "export AWS_SECRET_ACCESS_KEY=\"" $2 "\"\n" "export AWS_SESSION_TOKEN=\"" $3 "\"" }'` You must adapt the command line to include: * $MFA_IDis ARN of the virtual MFA or serial number of the physical one * TTL for the credentials

a short counter
Maybe you know shorter ?

Log colorizer for OSX (ccze alternative)
Download colorizer by @raszi @ http://github.com/raszi/colorize

add all files not under version control to repository
This should handle whitespaces well and will not get confused if your filenames have "?" in them

Sort netflow packet capture
Sort netflow packet capture by unique connections excluding source port.

back ssh from firewalled hosts
host B (you) redirects a modem port (62220) to his local ssh. host A is a remote machine (the ones that issues the ssh cmd). once connected port 5497 is in listening mode on host B. host B just do a ssh 127.0.0.1 -p 5497 -l user and reaches the remote host'ssh. This can be used also for vnc and so on.


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: