Commands matching grep binary (30)

  • This is how I typically grep. -R recurse into subdirectories, -n show line numbers of matches, -i ignore case, -s suppress "doesn't exist" and "can't read" messages, -I ignore binary files (technically, process them as having no matches, important for showing inverted results with -v) I have grep aliased to "grep --color=auto" as well, but that's a matter of formatting not function.

    grep -RnisI <pattern> *
    birnam · 2009-09-22 15:09:43 16
  • grep searches through a file and prints out all the lines that match some pattern. Here, the pattern is some string that is known to be in the deleted file. The more specific this string can be, the better. The file being searched by grep (/dev/sda1) is the partition of the hard drive the deleted file used to reside in. The ?-a? flag tells grep to treat the hard drive partition, which is actually a binary file, as text. Since recovering the entire file would be nice instead of just the lines that are already known, context control is used. The flags ?-B 25 -A 100? tell grep to print out 25 lines before a match and 100 lines after a match. Be conservative with estimates on these numbers to ensure the entire file is included (when in doubt, guess bigger numbers). Excess data is easy to trim out of results, but if you find yourself with a truncated or incomplete file, you need to do this all over again. Finally, the ?> results.txt? instructs the computer to store the output of grep in a file called results.txt. Source:

    grep -a -B 25 -A 100 'some string in the file' /dev/sda1 > results.txt
    olalonde · 2010-08-19 20:07:42 12
  • This helped me find a botnet that had made into my system. Of course, this is not a foolproof or guarantied way to find all of them or even most of them. But it helped me find it.

    cat /var/lib/dpkg/info/*.list > /tmp/listin ; ls /proc/*/exe |xargs -l readlink | grep -xvFf /tmp/listin; rm /tmp/listin
    kamathln · 2009-09-09 18:09:14 7
  • -P activates the Perl regular expression mode.

    grep -P "\x05\x00\xc0" mybinaryfile
    grinob · 2010-06-30 23:07:24 6
  • This is very helpful to place in a shell startup file and will make grep use those options all the time. This example is nice as it won't show those warning messages, skips devices like fifos and pipes, and ignores case by default.

    GREP_OPTIONS='-D skip --binary-files=without-match --ignore-case'
    AskApache · 2010-11-03 23:10:09 1
  • Tired copy paste to get opcode from objdump huh ? Get more @ Show Sample Output

    objdump -d ./PROGRAM|grep '[0-9a-f]:'|grep -v 'file'|cut -f2 -d:|cut -f1-6 -d' '|tr -s ' '|tr '\t' ' '|sed 's/ $//g'|sed 's/ /\\x/g'|paste -d '' -s |sed 's/^/"/'|sed 's/$/"/g'
    gunslinger_ · 2010-07-11 15:44:48 55
  • When working with jailed environments you need to copy all the shared libraries to your jail environment. This is done by running ldd on a binary which needs to run inside the jail. This command will use the output from ldd to automatically copy the shared libraries to a folder of your choice. Show Sample Output

    ldd file | grep "=> /" | awk '{print $3}' | xargs -I '{}' cp -v '{}' /destination
    rickard2 · 2012-02-11 17:50:10 4
  • Anyone can make the command smaller & easier? :) Show Sample Output

    for i in $(objdump -d binary -M intel |grep "^ " |cut -f2); do echo -n '\x'$i; done;echo
    arno · 2013-04-09 09:44:31 9
  • Skype has an internal regex which depicts the emoticons it supports. However you cannot simply search the binary file for it. This small 181 character line will do just that, provided skype is running. And of course, only works in linux. Show Sample Output

    S=`pidof skype`;grep heap /proc/$S/maps|cut -f1 -d' '|awk -F- '{print "0x" $1 " 0x" $2}'|xargs echo "du me t ">l;gdb -batch -p $S -x l>/dev/null 2>&1;strings t|grep \(smirk|head -n1
    alvieboy · 2009-06-26 20:03:17 2
  • Output is from Debian Lenny Show Sample Output

    grep CONFIG $(which mysqlbug)
    Velenux · 2009-09-23 17:12:37 1
  • Please note that binary file checking is NOT perfect. So, use it with caution. It does not delete hidden files whose name has a leading '.' character. And it regards an empty file as a binary file.

    perl -e 'unlink grep { -f -B } <*>'
    seungwon · 2011-04-05 10:32:40 1
  • options: -n line nbrs, -i ignore case, -s no "doesn't exist", -I ignore binary args: * for all files of current dir (not hidden), .[!.]* for all hidden files I don't include by default the -R (recursive) option, which is not always useful. You add it by hand when needed.

    grep -nisI <pattern> * .[!.]*
    lajarre · 2013-04-18 14:33:41 1
  • accomplishes the same thing without unzipping the whole file, and while i have never seen a log.tar.gz file that was a binary, i will concede that it might happen, so add the -a in there: zgrep -ia "string" log.tar.gz it's still shorter/easier to type...

    zgrep -i "string" log.tar.gz
    elfinkind · 2014-09-12 20:31:13 5
  • Better than the others, and actually works unlike some of them. Show Sample Output

    objdump -d $1 | grep -Po '\s\K[a-f0-9]{2}(?=\s)' | sed 's/^/\\x/g' | perl -pe 's/\r?\n//' | sed 's/$/\n/'
    Daytona · 2015-05-23 01:21:58 4
  • Getting shellcode from ARM binaries - @OsandaMalith Show Sample Output

    for i in $(objdump -d binary | grep "^ "|awk -F"[\t]" '{print $2}'); do echo -n ${i:6:2}${i:4:2}${i:2:2}${i:0:2};done| sed 's/.\{2\}/\\x&/g'
    Osanda · 2015-07-02 15:52:27 3

  • 0
    cat `whereis mysqlbug | awk '{print $2}'` | grep 'CONFIGURE_LINE='
    numbata · 2009-07-21 07:44:27 1
  • List all text files in the current directory.

    find . | xargs file | grep ".*: .* text" | sed "s;\(.*\): .* text.*;\1;"
    matthewbauer · 2009-09-22 01:50:25 4
  • first off, if you just want a random UUID, here's the actual command to use: uuidgen Your chances of finding a duplicate after running this nonstop for a year are about the same as being hit by a meteorite before finishing this sentence The reason for the command I have is that it's more provably unique than the one that uuidgen creates. uuidgen creates a random one by default, or an unencrypted one based on time and network address if you give it the -t option. Mine uses the mac address of the ethernet interface, the process id of the caller, and the system time down to nanosecond resolution, which is provably unique over all computers past, present, and future, subject to collisions in the cryptographic hash used, and the uniqueness of your mac address. Warning: feel free to experiment, but be warned that the stdin of the hash is binary data at that point, which may mess up your terminal if you don't pipe it into something. If it does mess up though, just type reset Show Sample Output

    printf $(( echo "obase=16;$(echo $$$(date +%s%N))"|bc; ip link show|sed -n '/eth/ {N; p}'|grep -o -E '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}'|head -c 17 )|tr -d [:space:][:punct:] |sed 's/[[:xdigit:]]\{2\}/\\x&/g')|sha1sum|head -c 32; echo
    camocrazed · 2010-07-14 14:04:53 6
  • Where ^M is entered by ctrl-v-m (v then m). Especially useful on cygwin when checking into a version control system. If you're not using all cygwin tools (e.g. strawberry perl instead of cygwin perl) you'll find yourself dealing with this constantly. -U tells grep to process the file as binary; it needs this to work -I ignores binary files so you won't get false positives -l only prints the filename instead of the offending lines -r recursive

    grep -UIlr "^M" *
    randy909 · 2010-08-20 21:16:34 1

  • 0
    find -type f | xargs file | grep ".*: .* text" | sed "s;\(.*\): .* text.*;\1;"
    phunehehe · 2012-12-24 07:53:52 2
  • This command produces no output, but its exit status is 0 ("true") if $file is text, non-0 ("false") if $file is binary (or is not accessible). Explanation: -q suppresses all the output of grep -I is the trick: if a binary file is found, it is considered a non-match -m 1: limit "output" to first match (speed up for big files) .: the match string, "." stands for any character Usage: e.g. run editor only on text files grep -qIm 1 . $file && vi $file

    grep -qIm1 . $file
    anon1251 · 2013-03-28 14:11:51 0
  • The -a option in -aEio tells grep to treat binary files as text files. Show Sample Output

    grep -aEio '([[:alnum:]_.-]+@[[:alnum:]_.-]+?\.[[:alpha:].]{2,6})'
    nabil_kadimi · 2013-05-30 07:17:32 2

  • 0
    echo "\"$(objdump -d BINARY | grep '[0-9a-f]:' | cut -d$'\t' -f2 | grep -v 'file' | tr -d " \n" | sed 's/../\\x&/g')\""
    reiderroque · 2015-09-25 20:21:26 5
  • Extracts the binary from the .text section and escapes it. This puts it in a form ready to use in a program. Show Sample Output

    objdump -d -j .text ExeHere | grep -e '^ ' | tr '[[:space:]]' '\n' | egrep '^[[:alnum:]]{2}$' | xargs | sed 's/ /\\x/g' | sed -e 's/^/\\x/g'
    keyboardsage · 2016-09-11 07:15:00 6
  • Seems to work on Ubuntu 14.02 LTS Show Sample Output

    objdump -s ./HelloWorld | grep -v '^ [0-9a-f][0-9a-f][0-9a-f][0-9a-f] \b' | grep -v 'Contents' | grep -v './' | cut -d' ' -f 3-6| sed 's/ //g' | sed '/./!d' | tr -d '\n'| sed 's/.\{2\}/&\\x/g' | sed 's/^/\\x/'|sed 's/..$//'|sed 's/^/"/;s/$/"/g'
    mark20 · 2016-10-05 23:31:05 6
  •  1 2 > 

What's this? is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

Install pip with Proxy
Installs pip packages defining a proxy

Kill process by pid
To kill a process in windows by using the PID. Change 10728 to the PID of the process you want to kill.

Mount a Windows share on the local network (Ubuntu) with user rights and use a specific samba user

batch convert Nikon RAW (nef) images to JPG
converts RAW files from a Nikon DSLR to jpg for easy viewing etc. requires ufraw package

Watch movies in your terminal
requires mplayer

Get your outgoing IP address

list block devices
Shows all block devices in a tree with descruptions of what they are.

Reset hosed terminal,
stty sane resets the tty to basic usable function. The ^J is a newline -- sometimes CR/LF interpretation is broken so use the ^J explicitly.

Recursively remove .svn directories

Get Cisco network information
This gives you lots of nifty Cisco network information like VLAN tag, port and switch information.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.


Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: