sudo
runs a single command with root permissions.
su
switches user to it's first argument (defaults to root).
su -c whoami
would have the same output as sudo whoami
, but they use different auth mechanisms.
The sudoers file at /etc/sudoers
should be edited using visudo
.
Prefer dig
as nslookup
is deprecated.
sudo apt-get install nsutils
to install both of them
nslookup
uses it's own libraries instead of the OS's ones and has inconsistent behaviours.
Ex. dig miguelp.com NS +short
.
host
defaults the query type to A
records.
host -t SOA miguelp.com
provides roughly the same output as dig miguelp.com SOA +short
.
host
is more user friendly while dig
is often prefered as it has more options and provides more detail in it's output.
both support regexes.
sed
parses and transforms char streams. It's simpler, use it to append/insert/delete/substitute pattern.
awk
has if/else, while, do/while constructs as well. It's complex and robust, use it when you have a table-like output.
Ex. printf 'Jose 1234567\nMiguel 1234567' | awk 'BEGIN { print "Name______ Number\n---------- ------"}{ printf "%-10s %s\n", $1, $2 }'
.
Ex. printf "3 2\n21 30\n4 5" | awk '{var+=$1/$2} END {print var/NR}'
.
Ex. echo 'ip: 127.0.0.1' | sed 's/127.0.0.1/35.23.65.2/'
.
Ex. echo '1 2 3' | awk '{print $2+2}'
.
Ex.
printf "one\nthree" | sed '/one/a\
two
'
Ex. printf "x\nx\nx\nmarker\nfirst line" | sed '1,/marker/d'
.
sudo apt-get install traceroute
to install.
The -m option limits the amount of hops, so traceroute -m 1 miguelp.com
can be used to get your gateway.
Ex. traceroute -m 2 miguelp.com
.
use -t
to get rid of the header.
use -n
as in to change the interval in seconds (defaults to 2).
Ex. watch -t -n 1 free
watch -n 1 netstat -lt
.
-sn
to not do any port scan.
-sV
to enable version detection.
-T
is for timing (paranoid (0), sneaky (1), polite (2), normal (3), aggressive (4), and insane (5)) (defaults to 3), It's about timeouts and retries. Pick according to your rudeness and network bandwidth.
Various "port scanning techniques" are avaiable, the defaullt one is -sS
(TCP SYN scan), which does not complete TCP connections, it's quick and stealthy.
Ex. nmap -sn 10.0.0.0/24
pings all that newtwork.
Ex. nmap -p 1-65535 -sV -T4 miguelp.com
full TCP port scan using service version detection.
Ex. nmap -sV --script ssl-enum-ciphers -p 443 miguelp.com
gets TLS cyphers.
Works over ICMP (which is a network layer protocol, sybling and very related to IP), it also gives you the IP of a domain as it does has to resolve it.
Ex. ping miguelp.com -n 5
.
You don't get curl preinstalled on the Cloud Shell.
curl
lets you build requests however you want to and supports a long list of protocols.
wget
is specialized in downloads but can send post requests too.
wget
has recursive downloads with -r
(curls doesn't). It follows links breadth-first with -l
depth (defaults to 5).
wget
has --convert-links
which after downloading, converts all links to be suitable for local viewing.
wget
can mirror webpages with --mirror
, it is equivalent to -r -N -l inf --no-remove-listing
.
wget
has a -w
option to introduce a waiting time between accesses to the server.
Ex. wget -r https://www.kernel.org/doc/man-pages/
.
gives you info about a domain (registrar and nameservers) or an ip (who owns it).
Output details depend on the whois server you are reaching.
Ex. whois miguelp.com
whois 200.57.250.162
sudo apt-get install tcpdump
to install.
packet sniffer.
-i eth0
will only capture from interface eth0.
-c 5
will only capture 5 packets.
-A
prints in ASCII, use it for web traffic.
TCP flags shown are: S (SYN), F (FIN), P (PUSH), R (RST), U (URG), W (ECN CWR), E (ECN-Echo) or . (ACK).
Ex. do a sudo tcpdump -A host man7.org
while loading http://man7.org/linux/man-pages/man1/tcpdump.1.html on your browser. That man7 link does not use HTTPS so you will be able to read packets. Now try to get a 304 back.
sudo arp -a
displays all the table.
sudo arp -d ip
deletes an entry.
sudo arp -s ip mac
adds a new entry in.
Opens TCP and UDP connections, can be useful for filetransfers.
sudo apt-get install netcat
.
Ex. nc -l -p 1234 > out.file
echo 'hola2' | nc 127.0.0.1 1234\
.
Ex. dd if=/dev/hda3 | gzip -9 | nc -l 3333\
nc [destination] 3333 | pv -b > hdImage.img.gz\
.
-exec
runs commands against each entry.
-size
can help you filter by size and -user
by owner.
Ex. find . -type d -empty -delete
will delete empty directories.
Ex. tail -n +1 `find . -type f`
(tail + find + backticks combo).
Ex. make all script files executable: find . -name "*.sh" -type f -exec chmod +x '{}' \;
.
-c
gives you the count.
-n
gives you the line numbers.
-r
searches recursively.
Ex. grep -rn . -e 'TODO'
to find your todo's.
Ex. grep -c 'word' file1.txt
.
-h
for human output.
Ex. watch free -h
(watch + free combo).
converts lines into parameters for the next command.
Ex. find . -type f | xargs ls -l | awk '{total += $5} END {print total/1024"KB"}'
.
Ex. find . -type f -name "*.txt" | xargs zip out.zip
.
Debian/Ubuntu use apt-get .deb files
RedHat/CentOS use yum .rpm files
Yum automatically refreshes the list of packages, whilst with apt-get you must execute a command apt-get update
.
apt-get upgrade
to actually get updates installed (from your local list).
list all: netstat -a
.
list all tcp: netstat -at
.
list TCP active listening ports: netstat -lt
.
list unix active listening TCP ports: netstat -lx
.
-pt
gets the pid and programm names.
Ex. nc -l -p 1234 > out.txt & netstat -lt -pt
do a ps
and a kill
afterwards to kill the nc process.
cat /etc/*-release\
to get the OS.
cat /proc/cpuinfo\
to get CPU info.
Sometimes you want a binary to be treated as text, so you can see/copy/paste/send all the characters.
echo 'a is 64 in hex' > binary
xxd -p binary > intermediate.txt
xxd -r -p intermediate.txt > binary
The dump could also be made with od
which means "octal dump" (it supports decimal, hex and binary as well) or with hexdump
tee - reads from stdin and outputs to stout and files, use -a to append to files.
Ex. df -h | tee disk_usage.txt
.
tee -a out.txt < numbers.txt
is equivalent to cat numbers.txt | tee -a out.txt
.
(|, <, > and >>) are not programs but shell operators.
pipe (|) send the output of one program to the input of another.
output redirection (>) the file on the right is open for writing from the stout (file descriptor 1) of the program on the left.
you can precede the > sign with a file descriptor like in 2>
to redirect stderr instead
Ex. printf 'three\ntwo\none\n' > numbers.txt
.
input redirection (<) the file on the right is open for reading on stdin of the program on the left.
you can precede the < sign with a file descriptor.
Ex. cat < numbers.txt
.
Use an amphersand to reference another file descriptor.
Ex. swap stdout and stderr with 3>&1 1>&2 2>&3
.
"Here documents" can be thought of as anonymous files. Ex.
sed 's/0/zero/' <<end
> 0
> one
> two
> end
zero
one
two
"Here strings" are similar. Ex.
sed 's/0/zero/' <<< '0 1 2'
zero 1 2