Commands tagged virus (5)

  • Command makes use of the Malware Hash Registry (http://www.team-cymru.org/Services/MHR/). It parses the current directory and subdirectories and calculates the md5 hash of the files, then prints the name and sends the hash to the MHR for a lookup in their database. The 3rd value in the result is the detection percentage across a mix of AV packages. Show Sample Output


    11
    IFS=$'\n' && for f in `find . -type f -exec md5sum "{}" \;`; do echo $f | sed -r 's/^[^ ]+/Checking:/'; echo $f | cut -f1 -d' ' | netcat hash.cymru.com 43 ; done
    Neo23x0 · 2011-10-15 03:38:47 0
  • This was posted on reddit. replace 192.168.0.1-256 with the IP's you want to check.


    6
    nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 192.168.0.1-254
    cowholio4 · 2009-03-31 15:15:17 6
  • Test whether real-time virus detection is working by running this command and checking for eicar.com in /tmp. Requires real-time scanning to be enabled and active on the /tmp directory. If scanning is active, the file should be quarantined/deleted (depending on your settings) moments after running this command. If not, the (harmless) test file should remain in your /tmp directory.


    1
    echo 'K5B!C%@NC[4\CMK54(C^)7PP)7}$RVPNE-FGNAQNEQ-NAGVIVEHF-GRFG-SVYR!$U+U*' | tr '[A-Za-z]' '[N-ZA-Mn-za-m]' > /tmp/eicar.com
    cyberscribe · 2010-08-13 21:39:35 1
  • This command does something similar using dig which is usually more available. Show Sample Output


    0
    for i in $(find . -type f); do echo -n "$i " ;dig +short $(md5sum $i | cut -d' ' -f1).malware.hash.cymru.com TXT; echo ; done
    cerasus · 2015-07-28 09:58:04 0
  • If this matches any files on your web server expect to find allot of malware spread throughout your server folders. Seems to target wordpress sites. Be sure to check your themes/theme-name/header.php files manually for various redirect scripting usually in the line right above the close head tag. Good luck! Show Sample Output


    0
    find / -name \*.php -exec grep -Hn .1.=.......0.=.......3.=.......2.=.......5.= {} \;
    UnklAdM · 2015-10-28 20:58:53 0

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

View the newest xkcd comic.
This function displays the latest comic from xkcd.com. One of the best things about xkcd is the title text when you hover over the comic, so this function also displays that after you close the comic. To get a random xkcd comic, I also use the following: $xkcdrandom(){ wget -qO- dynamic.xkcd.com/comic/random|tee >(feh $(grep -Po '(?

shell equivalent of a boss button
Nobody wants the boss to notice when you're slacking off. This will fill your shell with random data, parts of it highlighted. Note that 'highlight' is the Perl module App::highlight, not "a universal sourcecode to formatted text converter." You'll also need Term::ANSIColor.

Lists all files and directories with modified time newer than a given date
This is great for looking for files that have been updated recently. Logs especially or monitoring what files were added during an install.

Forget remembered path locations of previously ran commands
i.e.: Useful if you add ~/bin to your $PATH and you want to override locations of previously ran commands and you don't want to log out and log back in to be able to use them.

Create a mirror of a local folder, on a remote server
Create a exact mirror of the local folder "/root/files", on remote server 'remote_server' using SSH command (listening on port 22) (all files & folders on destination server/folder will be deleted)

Remove everything except that file
it will remove everything except the file names matching you can use also use wildcards

Which processes are listening on a specific port (e.g. port 80)
swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

Readd all files is missing from svn repo
When working on a big proeject with SVN, you create quite much files, for now! Can just sit here and type svn add for all of them! svn status will return a list of all of file which get ?(not add), "M"(Modified), "D"(Deleted)! This code just grep "?" flag, then add it into SVN again!

Which processes are listening on a specific port (e.g. port 80)
swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

Run a command as root, with a delay
$ sleep 1h ; sudo command or $ sudo sleep 1h ; sudo command won't work, because by the time the delay is up, sudo will want your password again.


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: