Commands tagged virus (5)

  • Find Malware in the current and sub directories by MD5 hashes

    Command makes use of the Malware Hash Registry (http://www.team-cymru.org/Services/MHR/). It parses the current directory and subdirectories and calculates the md5 hash of the files, then prints the name and sends the hash to the MHR for a lookup in their database. The 3rd value in the result is the detection percentage across a mix of AV packages. Show Sample Output


    11
    IFS=$'\n' && for f in `find . -type f -exec md5sum "{}" \;`; do echo $f | sed -r 's/^[^ ]+/Checking:/'; echo $f | cut -f1 -d' ' | netcat hash.cymru.com 43 ; done
    Neo23x0 · 2011-10-15 03:38:47 7
  • The NMAP command you can use scan for the Conficker virus on your LAN

    This was posted on reddit. replace 192.168.0.1-256 with the IP's you want to check.


    6
    nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 192.168.0.1-254
    cowholio4 · 2009-03-31 15:15:17 16
  • Create an eicar.com test virus

    Test whether real-time virus detection is working by running this command and checking for eicar.com in /tmp. Requires real-time scanning to be enabled and active on the /tmp directory. If scanning is active, the file should be quarantined/deleted (depending on your settings) moments after running this command. If not, the (harmless) test file should remain in your /tmp directory.


    1
    echo 'K5B!C%@NC[4\CMK54(C^)7PP)7}$RVPNE-FGNAQNEQ-NAGVIVEHF-GRFG-SVYR!$U+U*' | tr '[A-Za-z]' '[N-ZA-Mn-za-m]' > /tmp/eicar.com
    cyberscribe · 2010-08-13 21:39:35 7
  • Find Malware in the current and sub directories by MD5 hashes

    This command does something similar using dig which is usually more available. Show Sample Output


    0
    for i in $(find . -type f); do echo -n "$i " ;dig +short $(md5sum $i | cut -d' ' -f1).malware.hash.cymru.com TXT; echo ; done
    cerasus · 2015-07-28 09:58:04 8
  • Search entire server for Q4 2015 obfuscated PHP malware of unknown origin.

    If this matches any files on your web server expect to find allot of malware spread throughout your server folders. Seems to target wordpress sites. Be sure to check your themes/theme-name/header.php files manually for various redirect scripting usually in the line right above the close head tag. Good luck! Show Sample Output


    0
    find / -name \*.php -exec grep -Hn .1.=.......0.=.......3.=.......2.=.......5.= {} \;
    UnklAdM · 2015-10-28 20:58:53 10

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

geoip lookup

Re-use the previous command output
The $(!!) will expand to the previous command output (by re-running the command), which becomes the parameter of the new command newcommand.

Capture video of a linux desktop
This is identical to the original command, but allows you to specify an offset if you have multiple monitors. In this case you'll record a 1366x768 window that's offset by 1366 pixels in the x axis and 0 pixels in the y axis. Note also that the -sameq option has been replaced by -qscale - at least in ffmpeg version 1.2.1 on Fedora 19.

Alert on high ping to know if it's really laggy while playing
Online games have pretty good lag compensation nowadays, Sometimes though, you really want to get some warning about your latency, e.g. while playing Diablo III in Hardcore mode, so you know when to carefully quit the game b/c your flatmate started downloading all his torrents at once. This is done on Darwin. On Linux/*nix you would need to find another suitable command instead of `say` to spell out your latency. And I used fping because it's a little bit easier to get the latency value needed. Something similar with our regular ping command could look like this: $ while :; do a=$(ping -c1 google.com | grep -o 'time.*' | cut -d\= -f2 | cut -d\ -f1 | cut -b1-4); [[ $a > 40 ]] && say "ping is $a"; sleep 3; done

Convert Youtube videos to MP3
youtube-dl has this functionality built in. If you're running an older version of youtube-dl, you can update it using `youtube-dl -U` (although if you have an older version, it probably doesn't download youtube videos anyway.) youtube-dl --help will show you other options that may come in useful.

Embed next line on the end of current line using sed
N: On the current line, sed will display it on pattern space, plus a \n (new line); but s/\n//: Will get rid of new line displayed on pattern space, joining the current line's end with the start of the next line Useful in scripts.

Use CreationDate metadata on .mov files to rename and modify the created/modify file dates on Mac

Find usb device
I often use it to find recently added ou removed device, or using find in /dev, or anything similar. Just run the command, plug the device, and wait to see him and only him

convert hex to decimal ; decimal to hex

Set laptop display brightness
Run as root. Path may vary depending on laptop model and video card (this was tested on an Acer laptop with ATI HD3200 video). $ cat /proc/acpi/video/VGA/LCD/brightness to discover the possible values for your display.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: