Merge branch 'master' of github.com:chrisallenlane/cheat

* 'master' of github.com:chrisallenlane/cheat: (24 commits)
  [APT-GET] Change <cat | grep> to grep [PACMAN] Change the AUR instructions
  Make cheat working with python3 :)
  [DD] Watch the progress of `dd` with `pv` and `zenity`
  [APT−GET] Show apt-get installed packages
  [DD] Add some tricks for dd
  [APT-GET] Donwload deb withtou installing it
  [NMAP] Speed up nmap scan
  [NMAP] Correct a bug
  [FIND] add a cheat to find all files that have the same node (hard link) as MY_FILE
  [NMAP] Update nmap
  [IPTABLES] Add some cheats for iptables
  [SSH] add a cheat for ssh (encryption)
  [IPTABLES,TCPDUMP] Add cheats for iptables and tcpdump
  [XARGS] Add xargs example
  - Cheatsheets added for a couple of my favourite commands:    - rsync: file copy and backup multi-tool    - indent: one liner to nicely format C/C++ source.
  [PS,GREP] Exclude grep from your grepped output of ps.
  Update wget
  Update wget
  Adding two invaluable commands to tmux cheatsheet
  include commands to mirror locally
  ...

cheat

@@ -179,7 +179,7 @@ class CheatSheets(object):
                                      "Please retry usig sudo." % cheat)
                         print >> sys.stderr, error_msg
                         exit(1)
-        except OSError, errno:
+        except OSError as errno:
             print >> sys.stderr, ("Could not launch `%s` as your editor : %s"
                                   % (editor[0], errno.strerror))
             exit(1)
@@ -216,7 +216,7 @@ class CheatSheets(object):
                     output += ''.join(["    " + line + '\n' for line
                                        in block.split('\n')])
             if output:
-                print output,
+                sys.stdout.write(output);
 
 
 # Custom action for argparse
@@ -230,7 +230,7 @@ class ListDirectories(argparse.Action):
 class ListCheatsheets(argparse.Action):
     """List cheatsheets and exit"""
     def __call__(self, parser, namespace, values, option_string=None):
-        print sheets.list()
+        print(sheets.list());
         parser.exit()
 
 

cheatsheets/apt-get

@@ -14,3 +14,12 @@ apt-get update && apt-get dist-upgrade
 
 # To install a new package(s)
 apt-get install package(s)
+
+# Download a package without installing it. (The package will be downloaded in your current working dir)
+apt-get download modsecurity-crs
+
+# Change Cache dir and archive dir (where .deb are stored).
+apt-get -o Dir::Cache="/path/to/destination/dir/" -o Dir::Cache::archives="./" install ...
+
+# Show apt-get installed packages.
+grep 'install ' /var/log/dpkg.log

cheatsheets/dd

@@ -2,3 +2,16 @@
 # Note: At the first iteration, we read 512 Bytes.
 # Note: At the second iteration, we read 512 Bytes.
 dd if=/dev/urandom of=/tmp/test.txt count=512 bs=2
+
+# Watch the progress of 'dd'
+dd if=/dev/zero of=/dev/null bs=4KB &; export dd_pid=`pgrep '^dd'`; while [[ -d /proc/$dd_pid ]]; do kill -USR1 $dd_pid && sleep 1 && clear; done
+
+# Watch the progress of 'dd' with `pv` and `dialog` (apt-get install pv dialog)
+(pv -n /dev/zero | dd of=/dev/null bs=128M conv=notrunc,noerror) 2>&1 | dialog --gauge "Running dd command (cloning), please wait..." 10 70 0
+
+# Watch the progress of 'dd' with `pv` and `zenity` (apt-get install pv zenity)
+(pv -n /dev/zero | dd of=/dev/null bs=128M conv=notrunc,noerror) 2>&1 | zenity --title 'Running dd command (cloning), please wait...' --progress
+
+# DD with "graphical" return
+dcfldd if=/dev/zero of=/dev/null bs=500K
+

cheatsheets/find

@@ -39,3 +39,6 @@ find . -maxdepth 2 -name build -type d
 
 # To search all files who are not in .git directory
 find . ! -iwholename '*.git*' -type f
+
+# Find all files that have the same node (hard link) as MY_FILE_HERE
+find / -type f -samefile MY_FILE_HERE 2>/dev/null

cheatsheets/git

@@ -47,6 +47,7 @@ git checkout master                                     # Checkout local master
 git checkout -b new_branch                              # Create and checkout a new branch
 git merge upstream/master                               # Merge remote into local repo
 git show 83fb499                                        # Show what a commit did.
+git show 83fb499:path/fo/file.ext                       # Shows the file as it appeared at 83fb499.
 git diff branch_1 branch_2                              # Check difference between branches
 git log                                                 # Show all the commits
 git status                                              # Show the changes from last commit

cheatsheets/grep

@@ -20,3 +20,7 @@ grep -E "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" file  #Find IP add
 # Find all files who contain {pattern} in the directory {directory}.
 # This will show: "file:line my research"
 grep -rnw 'directory' -e "pattern"
+
+# Exclude grep from your grepped output of ps.
+# Add [] to the first letter. Ex: sshd -> [s]shd
+ps aux | grep '[h]ttpd'

cheatsheets/indent

@@ -0,0 +1,2 @@
+# format C/C++ source according to the style of Kernighan and Ritchie (K&R), no tabs, 3 spaces per indent, wrap lines at 120 characters.
+indent -i3 -kr -nut -l120

cheatsheets/iptables

@@ -0,0 +1,40 @@
+# Show hit for rules with auto refresh
+watch --interval 0 'iptables -nvL | grep -v "0     0"'
+
+# Show hit for rule with auto refresh and highlight any changes since the last refresh
+watch -d -n 2 iptables -nvL
+
+# Block the port 902 and we hide this port from nmap.
+iptables -A INPUT -i eth0 -p tcp --dport 902 -j REJECT --reject-with icmp-port-unreachable
+
+# Note, --reject-with accept:
+#	icmp-net-unreachable
+#	icmp-host-unreachable
+#	icmp-port-unreachable <- Hide a port to nmap
+#	icmp-proto-unreachable
+#	icmp-net-prohibited
+#	icmp-host-prohibited or
+#	icmp-admin-prohibited
+#	tcp-reset
+
+# Add a comment to a rule:
+iptables ... -m comment --comment "This rule is here for this reason"
+
+
+# To remove or insert a rule:
+# 1) Show all rules
+iptables -L INPUT --line-numbers
+# OR iptables -nL --line-numbers
+
+# Chain INPUT (policy ACCEPT)
+#     num  target prot opt source destination
+#     1    ACCEPT     udp  --  anywhere  anywhere             udp dpt:domain
+#     2    ACCEPT     tcp  --  anywhere  anywhere             tcp dpt:domain
+#     3    ACCEPT     udp  --  anywhere  anywhere             udp dpt:bootps
+#     4    ACCEPT     tcp  --  anywhere  anywhere             tcp dpt:bootps
+
+# 2.a) REMOVE (-D) a rule. (here an INPUT rule)
+iptables -D INPUT 2
+
+# 2.b) OR INSERT a rule.
+iptables -I INPUT {LINE_NUMBER} -i eth1 -p tcp --dport 21 -s 123.123.123.123 -j ACCEPT -m comment --comment "This rule is here for this reason"

cheatsheets/journalctl

@@ -0,0 +1,21 @@
+# Actively follow log (like tail -f)
+journalctl -f
+
+# Display all errors since last boot
+journalctl -b -p err
+
+# Filter by time period
+journalctl --since=2012-10-15 --until="2011-10-16 23:59:59"
+
+# Show list of systemd units logged in journal
+journalctl -F _SYSTEMD_UNIT
+
+# Filter by specific unit
+journalctl -u dbus
+
+# Filter by executable name
+journalctl /usr/bin/dbus-daemon
+
+# Filter by PID
+journalctl _PID=123
+

cheatsheets/nmap

@@ -8,7 +8,7 @@ nmap -iL [list.txt]
 nmap -6 [target]
 
 # OS detection:
-nmap -O [target]
+nmap -O --osscan_guess [target]
 
 # Save output to text file:
 nmap -oN [output.txt] [target]
@@ -22,6 +22,9 @@ nmap -source-port [port] [target]
 # Do an aggressive scan:
 nmap -A [target]
 
+# Speedup your scan:
+nmap -T5 --min-parallelism=50 [target]
+
 # Traceroute:
 nmap -traceroute [target]
 
@@ -34,3 +37,21 @@ nmap -traceroute [target]
 
 # Example: Ping scan all machines on a class C network
 nmap -sP 192.168.0.0/24
+
+# Use some script:
+nmap --script default,safe
+
+# Loads the script in the default category, the banner script, and all .nse files in the directory /home/user/customscripts.
+nmap --script default,banner,/home/user/customscripts
+
+# Loads all scripts whose name starts with http-, such as http-auth and http-open-proxy.
+nmap --script 'http-*'
+
+# Loads every script except for those in the intrusive category.
+nmap --script "not intrusive"
+
+# Loads those scripts that are in both the default and safe categories.
+nmap --script "default and safe"
+
+# Loads scripts in the default, safe, or intrusive categories, except for those whose names start with http-.
+nmap --script "(default or safe or intrusive) and not http-*"

cheatsheets/pacman

@@ -32,12 +32,17 @@ pacman -Qdt
 
 
 # You can't directly install packages from the Arch User Database (AUR) with pacman.
-# You need yaourt to perform that. But considering yaourt itself is in the AUR, here is how to 
-build a package from its tarball.
-# First, get the .tar.gz archive and unpack it
-wget <archive url>
-tar -xzf <archive file>
-cd <unpacked folder>
-# Then build the package and install it
+# You need yaourt to perform that. But considering yaourt itself is in the AUR, here is how to build a package from its tarball.
+# Installing a package from AUR is a relatively simple process:
+# - Retrieve the archive corresponding to your package from AUR website
+# - Extract the archive (preferably in a folder for this purpose)
+# - Run makepkg in the extracted directory. (makepkg-s allows you to install any dependencies automatically from deposits.)
+# - Install the package created using pacman
+# Assuming $pkgname contains the package name.
+wget "https://aur.archlinux.org/packages/${pkgname::2}/$pkgname/$pkgname.tar.gz"
+tar zxvf "$pkgname.tar.gz"
+cd "$pkgname"
+# Build the package
 makepkg -s
-pacman -U <package file (.pkg.tar.xz)>
+# Install
+sudo pacman -U <package file (.pkg.tar.xz)>

cheatsheets/ps

@@ -9,3 +9,7 @@ ps -aufoouser
 
 # To list every process with a user-defined format:
 ps -eo pid,user,command
+
+# Exclude grep from your grepped output of ps.
+# Add [] to the first letter. Ex: sshd -> [s]shd
+ps aux | grep '[h]ttpd'

cheatsheets/rsync

@@ -0,0 +1,6 @@
+# copy files from remote to local, maintaining file propertires and sym-links (-a), zipping for faster transfer (-z), verbose (-v).  
+rsync -avz host:file1 :file1 /dest/
+rsync -avz /source host:/dest
+
+# Copy files using checksum (-c), rather than time, to detect if the file has changed. (Useful for validating backups). 
+rsync -avc /source/ /dest/

cheatsheets/ssh

@@ -16,5 +16,8 @@ ssh -X -t user@example.com 'chromium-browser'
 # To create a SOCKS proxy on localhost and port 9999
 ssh -D 9999 user@example.com
 
+# -X use an xsession, -C compress data, "-c blowfish" use the encryption blowfish
+ssh user@example.com -C -c blowfish -X
+
 # For more information, see:
 # http://unix.stackexchange.com/q/12755/44856

cheatsheets/tar

@@ -21,3 +21,6 @@ tar -cjvf /path/to/foo.tgz /path/to/foo/
 
 # To list the content of an .bz2 archive:
 tar -jtvf /path/to/foo.tgz
+
+# To create a .gz archive and exclude all jpg,gif,... from the tgz
+tar czvf /path/to/foo.tgz --exclude=\*.{jpg,gif,png,wmv,flv,tar.gz,zip} /path/to/foo/

cheatsheets/tcpdump

@@ -0,0 +1,63 @@
+# TCPDump is a packet analyzer. It allows the user to intercept and display TCP/IP
+# and other packets being transmitted or received over a network. (cf Wikipedia).
+# Note: 173.194.40.120 => google.com
+
+# Intercepts all packets on eth0
+tcpdump -i eth0
+
+# Intercepts all packets from/to 173.194.40.120
+tcpdump host 173.194.40.120
+
+# Intercepts all packets on all interfaces from / to 173.194.40.120 port 80
+# -nn => Disables name resolution for IP addresses and port numbers.
+tcpdump -nn -i any host 173.194.40.120 and port 80
+
+# Make a grep on tcpdump (ASCII)
+# -A  => Show only ASCII in packets.
+# -s0 => By default, tcpdump only captures 68 bytes.
+tcpdump -i -A any host 173.194.40.120 and port 80 | grep 'User-Agent'
+
+# With ngrep
+# -d eth0 => To force eth0 (else ngrep work on all interfaces)
+# -s0 => force ngrep to look at the entire packet. (Default snaplen: 65536 bytes)
+ngrep 'User-Agent' host 173.194.40.120 and port 80
+
+# Intercepts all packets on all interfaces from / to 8.8.8.8 or 173.194.40.127 on port 80
+tcpdump 'host ( 8.8.8.8 or 173.194.40.127 ) and port 80' -i any
+
+# Intercepts all packets SYN and FIN of each TCP session.
+tcpdump 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0'
+
+# To display SYN and FIN packets of each TCP session to a host that is not on our network
+tcpdump 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net local_addr'
+
+# To display all IPv4 HTTP packets that come or arrive on port 80 and that contain only data (no SYN, FIN no, no packet containing an ACK)
+tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
+
+# Saving captured data
+tcpdump -w file.cap
+
+# Reading from capture file
+tcpdump -r file.cap
+
+# Show content in hexa
+# Change -x to -xx => show extra header (ethernet).
+tcpdump -x
+
+# Show content in hexa and ASCII
+# Change -X to -XX => show extra header (ethernet).
+tcpdump -X
+
+# Note on packet maching:
+# Port matching:
+# - portrange 22-23
+# - not port 22
+# - port ssh
+# - dst port 22
+# - src port 22
+#
+# Host matching:
+# - dst host 8.8.8.8
+# - not dst host 8.8.8.8
+# - src net 67.207.148.0 mask 255.255.255.0
+# - src net 67.207.148.0/24

cheatsheets/tmux

@@ -7,6 +7,9 @@ Ctrl-b d
 # Restore tmux session:
 tmux attach
 
+# Detach an already attached session (great if you are moving devices with different screen resolutions)
+tmux attach -d 
+
 # Display session:
 tmux ls
 
@@ -20,6 +23,9 @@ Ctrl-b ?
 # Scroll in window:
 Ctrl-b PageUp/PageDown
 
+# Reload configuation file
+Ctrl-b : source-file /path/to/file
+
 # Window management
 # =================
 

cheatsheets/wget

@@ -4,6 +4,9 @@ wget http://path.to.the/file
 # To download a file and change its name
 wget http://path.to.the/file -o newname
 
+# To download a file into a directory
+wget -P path/to/directory http://path.to.the/file
+
 # To continue an aborted downloaded
 wget -c http://path.to.the/file
 
@@ -13,6 +16,12 @@ wget URL1 URL2
 # To parse a file that contains a list of URLs to fetch each one
 wget -i url_list.txt
 
+# To mirror a whole page locally
+wget -pk http://path.to.the/page.html
+
+# To mirror a whole site locally
+wget -mk http://site.tl/
+
 # To download files according to a pattern
 wget http://www.myserver.com/files-{1..15}.tar.bz2
 

cheatsheets/xargs

@@ -0,0 +1,12 @@
+# find all file name ending with .pdf and remove them
+find -name *.pdf | xargs rm -rf
+
+# if file name contains spaces you should use this instead
+find -name *.pdf | xargs -I{} rm -rf '{}'
+
+# Will show every .pdf like:
+#	&toto.pdf=
+#	&titi.pdf=
+# -n1 => One file by one file. ( -n2 => 2 files by 2 files )
+
+find -name *.pdf | xargs -I{} -n1 echo '&{}='