Merge branch 'master' of github.com:chrisallenlane/cheat

* 'master' of github.com:chrisallenlane/cheat: (24 commits)
  [APT-GET] Change <cat | grep> to grep [PACMAN] Change the AUR instructions
  Make cheat working with python3 :)
  [DD] Watch the progress of `dd` with `pv` and `zenity`
  [APT−GET] Show apt-get installed packages
  [DD] Add some tricks for dd
  [APT-GET] Donwload deb withtou installing it
  [NMAP] Speed up nmap scan
  [NMAP] Correct a bug
  [FIND] add a cheat to find all files that have the same node (hard link) as MY_FILE
  [NMAP] Update nmap
  [IPTABLES] Add some cheats for iptables
  [SSH] add a cheat for ssh (encryption)
  [IPTABLES,TCPDUMP] Add cheats for iptables and tcpdump
  [XARGS] Add xargs example
  - Cheatsheets added for a couple of my favourite commands:    - rsync: file copy and backup multi-tool    - indent: one liner to nicely format C/C++ source.
  [PS,GREP] Exclude grep from your grepped output of ps.
  Update wget
  Update wget
  Adding two invaluable commands to tmux cheatsheet
  include commands to mirror locally
  ...
This commit is contained in:
Chris Lane 2014-04-24 18:09:10 -04:00
commit c03cca9298
19 changed files with 238 additions and 13 deletions

6
cheat
View File

@ -179,7 +179,7 @@ class CheatSheets(object):
"Please retry usig sudo." % cheat)
print >> sys.stderr, error_msg
exit(1)
except OSError, errno:
except OSError as errno:
print >> sys.stderr, ("Could not launch `%s` as your editor : %s"
% (editor[0], errno.strerror))
exit(1)
@ -216,7 +216,7 @@ class CheatSheets(object):
output += ''.join([" " + line + '\n' for line
in block.split('\n')])
if output:
print output,
sys.stdout.write(output);
# Custom action for argparse
@ -230,7 +230,7 @@ class ListDirectories(argparse.Action):
class ListCheatsheets(argparse.Action):
"""List cheatsheets and exit"""
def __call__(self, parser, namespace, values, option_string=None):
print sheets.list()
print(sheets.list());
parser.exit()

View File

@ -14,3 +14,12 @@ apt-get update && apt-get dist-upgrade
# To install a new package(s)
apt-get install package(s)
# Download a package without installing it. (The package will be downloaded in your current working dir)
apt-get download modsecurity-crs
# Change Cache dir and archive dir (where .deb are stored).
apt-get -o Dir::Cache="/path/to/destination/dir/" -o Dir::Cache::archives="./" install ...
# Show apt-get installed packages.
grep 'install ' /var/log/dpkg.log

View File

@ -2,3 +2,16 @@
# Note: At the first iteration, we read 512 Bytes.
# Note: At the second iteration, we read 512 Bytes.
dd if=/dev/urandom of=/tmp/test.txt count=512 bs=2
# Watch the progress of 'dd'
dd if=/dev/zero of=/dev/null bs=4KB &; export dd_pid=`pgrep '^dd'`; while [[ -d /proc/$dd_pid ]]; do kill -USR1 $dd_pid && sleep 1 && clear; done
# Watch the progress of 'dd' with `pv` and `dialog` (apt-get install pv dialog)
(pv -n /dev/zero | dd of=/dev/null bs=128M conv=notrunc,noerror) 2>&1 | dialog --gauge "Running dd command (cloning), please wait..." 10 70 0
# Watch the progress of 'dd' with `pv` and `zenity` (apt-get install pv zenity)
(pv -n /dev/zero | dd of=/dev/null bs=128M conv=notrunc,noerror) 2>&1 | zenity --title 'Running dd command (cloning), please wait...' --progress
# DD with "graphical" return
dcfldd if=/dev/zero of=/dev/null bs=500K

View File

@ -39,3 +39,6 @@ find . -maxdepth 2 -name build -type d
# To search all files who are not in .git directory
find . ! -iwholename '*.git*' -type f
# Find all files that have the same node (hard link) as MY_FILE_HERE
find / -type f -samefile MY_FILE_HERE 2>/dev/null

View File

@ -47,6 +47,7 @@ git checkout master # Checkout local master
git checkout -b new_branch # Create and checkout a new branch
git merge upstream/master # Merge remote into local repo
git show 83fb499 # Show what a commit did.
git show 83fb499:path/fo/file.ext # Shows the file as it appeared at 83fb499.
git diff branch_1 branch_2 # Check difference between branches
git log # Show all the commits
git status # Show the changes from last commit

View File

@ -20,3 +20,7 @@ grep -E "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" file #Find IP add
# Find all files who contain {pattern} in the directory {directory}.
# This will show: "file:line my research"
grep -rnw 'directory' -e "pattern"
# Exclude grep from your grepped output of ps.
# Add [] to the first letter. Ex: sshd -> [s]shd
ps aux | grep '[h]ttpd'

2
cheatsheets/indent Normal file
View File

@ -0,0 +1,2 @@
# format C/C++ source according to the style of Kernighan and Ritchie (K&R), no tabs, 3 spaces per indent, wrap lines at 120 characters.
indent -i3 -kr -nut -l120

40
cheatsheets/iptables Normal file
View File

@ -0,0 +1,40 @@
# Show hit for rules with auto refresh
watch --interval 0 'iptables -nvL | grep -v "0 0"'
# Show hit for rule with auto refresh and highlight any changes since the last refresh
watch -d -n 2 iptables -nvL
# Block the port 902 and we hide this port from nmap.
iptables -A INPUT -i eth0 -p tcp --dport 902 -j REJECT --reject-with icmp-port-unreachable
# Note, --reject-with accept:
# icmp-net-unreachable
# icmp-host-unreachable
# icmp-port-unreachable <- Hide a port to nmap
# icmp-proto-unreachable
# icmp-net-prohibited
# icmp-host-prohibited or
# icmp-admin-prohibited
# tcp-reset
# Add a comment to a rule:
iptables ... -m comment --comment "This rule is here for this reason"
# To remove or insert a rule:
# 1) Show all rules
iptables -L INPUT --line-numbers
# OR iptables -nL --line-numbers
# Chain INPUT (policy ACCEPT)
# num target prot opt source destination
# 1 ACCEPT udp -- anywhere anywhere udp dpt:domain
# 2 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
# 3 ACCEPT udp -- anywhere anywhere udp dpt:bootps
# 4 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
# 2.a) REMOVE (-D) a rule. (here an INPUT rule)
iptables -D INPUT 2
# 2.b) OR INSERT a rule.
iptables -I INPUT {LINE_NUMBER} -i eth1 -p tcp --dport 21 -s 123.123.123.123 -j ACCEPT -m comment --comment "This rule is here for this reason"

21
cheatsheets/journalctl Normal file
View File

@ -0,0 +1,21 @@
# Actively follow log (like tail -f)
journalctl -f
# Display all errors since last boot
journalctl -b -p err
# Filter by time period
journalctl --since=2012-10-15 --until="2011-10-16 23:59:59"
# Show list of systemd units logged in journal
journalctl -F _SYSTEMD_UNIT
# Filter by specific unit
journalctl -u dbus
# Filter by executable name
journalctl /usr/bin/dbus-daemon
# Filter by PID
journalctl _PID=123

View File

@ -8,7 +8,7 @@ nmap -iL [list.txt]
nmap -6 [target]
# OS detection:
nmap -O [target]
nmap -O --osscan_guess [target]
# Save output to text file:
nmap -oN [output.txt] [target]
@ -22,6 +22,9 @@ nmap -source-port [port] [target]
# Do an aggressive scan:
nmap -A [target]
# Speedup your scan:
nmap -T5 --min-parallelism=50 [target]
# Traceroute:
nmap -traceroute [target]
@ -34,3 +37,21 @@ nmap -traceroute [target]
# Example: Ping scan all machines on a class C network
nmap -sP 192.168.0.0/24
# Use some script:
nmap --script default,safe
# Loads the script in the default category, the banner script, and all .nse files in the directory /home/user/customscripts.
nmap --script default,banner,/home/user/customscripts
# Loads all scripts whose name starts with http-, such as http-auth and http-open-proxy.
nmap --script 'http-*'
# Loads every script except for those in the intrusive category.
nmap --script "not intrusive"
# Loads those scripts that are in both the default and safe categories.
nmap --script "default and safe"
# Loads scripts in the default, safe, or intrusive categories, except for those whose names start with http-.
nmap --script "(default or safe or intrusive) and not http-*"

View File

@ -32,12 +32,17 @@ pacman -Qdt
# You can't directly install packages from the Arch User Database (AUR) with pacman.
# You need yaourt to perform that. But considering yaourt itself is in the AUR, here is how to
build a package from its tarball.
# First, get the .tar.gz archive and unpack it
wget <archive url>
tar -xzf <archive file>
cd <unpacked folder>
# Then build the package and install it
# You need yaourt to perform that. But considering yaourt itself is in the AUR, here is how to build a package from its tarball.
# Installing a package from AUR is a relatively simple process:
# - Retrieve the archive corresponding to your package from AUR website
# - Extract the archive (preferably in a folder for this purpose)
# - Run makepkg in the extracted directory. (makepkg-s allows you to install any dependencies automatically from deposits.)
# - Install the package created using pacman
# Assuming $pkgname contains the package name.
wget "https://aur.archlinux.org/packages/${pkgname::2}/$pkgname/$pkgname.tar.gz"
tar zxvf "$pkgname.tar.gz"
cd "$pkgname"
# Build the package
makepkg -s
pacman -U <package file (.pkg.tar.xz)>
# Install
sudo pacman -U <package file (.pkg.tar.xz)>

View File

@ -9,3 +9,7 @@ ps -aufoouser
# To list every process with a user-defined format:
ps -eo pid,user,command
# Exclude grep from your grepped output of ps.
# Add [] to the first letter. Ex: sshd -> [s]shd
ps aux | grep '[h]ttpd'

6
cheatsheets/rsync Normal file
View File

@ -0,0 +1,6 @@
# copy files from remote to local, maintaining file propertires and sym-links (-a), zipping for faster transfer (-z), verbose (-v).
rsync -avz host:file1 :file1 /dest/
rsync -avz /source host:/dest
# Copy files using checksum (-c), rather than time, to detect if the file has changed. (Useful for validating backups).
rsync -avc /source/ /dest/

View File

@ -16,5 +16,8 @@ ssh -X -t user@example.com 'chromium-browser'
# To create a SOCKS proxy on localhost and port 9999
ssh -D 9999 user@example.com
# -X use an xsession, -C compress data, "-c blowfish" use the encryption blowfish
ssh user@example.com -C -c blowfish -X
# For more information, see:
# http://unix.stackexchange.com/q/12755/44856

View File

@ -21,3 +21,6 @@ tar -cjvf /path/to/foo.tgz /path/to/foo/
# To list the content of an .bz2 archive:
tar -jtvf /path/to/foo.tgz
# To create a .gz archive and exclude all jpg,gif,... from the tgz
tar czvf /path/to/foo.tgz --exclude=\*.{jpg,gif,png,wmv,flv,tar.gz,zip} /path/to/foo/

63
cheatsheets/tcpdump Normal file
View File

@ -0,0 +1,63 @@
# TCPDump is a packet analyzer. It allows the user to intercept and display TCP/IP
# and other packets being transmitted or received over a network. (cf Wikipedia).
# Note: 173.194.40.120 => google.com
# Intercepts all packets on eth0
tcpdump -i eth0
# Intercepts all packets from/to 173.194.40.120
tcpdump host 173.194.40.120
# Intercepts all packets on all interfaces from / to 173.194.40.120 port 80
# -nn => Disables name resolution for IP addresses and port numbers.
tcpdump -nn -i any host 173.194.40.120 and port 80
# Make a grep on tcpdump (ASCII)
# -A => Show only ASCII in packets.
# -s0 => By default, tcpdump only captures 68 bytes.
tcpdump -i -A any host 173.194.40.120 and port 80 | grep 'User-Agent'
# With ngrep
# -d eth0 => To force eth0 (else ngrep work on all interfaces)
# -s0 => force ngrep to look at the entire packet. (Default snaplen: 65536 bytes)
ngrep 'User-Agent' host 173.194.40.120 and port 80
# Intercepts all packets on all interfaces from / to 8.8.8.8 or 173.194.40.127 on port 80
tcpdump 'host ( 8.8.8.8 or 173.194.40.127 ) and port 80' -i any
# Intercepts all packets SYN and FIN of each TCP session.
tcpdump 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0'
# To display SYN and FIN packets of each TCP session to a host that is not on our network
tcpdump 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net local_addr'
# To display all IPv4 HTTP packets that come or arrive on port 80 and that contain only data (no SYN, FIN no, no packet containing an ACK)
tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
# Saving captured data
tcpdump -w file.cap
# Reading from capture file
tcpdump -r file.cap
# Show content in hexa
# Change -x to -xx => show extra header (ethernet).
tcpdump -x
# Show content in hexa and ASCII
# Change -X to -XX => show extra header (ethernet).
tcpdump -X
# Note on packet maching:
# Port matching:
# - portrange 22-23
# - not port 22
# - port ssh
# - dst port 22
# - src port 22
#
# Host matching:
# - dst host 8.8.8.8
# - not dst host 8.8.8.8
# - src net 67.207.148.0 mask 255.255.255.0
# - src net 67.207.148.0/24

View File

@ -7,6 +7,9 @@ Ctrl-b d
# Restore tmux session:
tmux attach
# Detach an already attached session (great if you are moving devices with different screen resolutions)
tmux attach -d
# Display session:
tmux ls
@ -20,6 +23,9 @@ Ctrl-b ?
# Scroll in window:
Ctrl-b PageUp/PageDown
# Reload configuation file
Ctrl-b : source-file /path/to/file
# Window management
# =================

View File

@ -4,6 +4,9 @@ wget http://path.to.the/file
# To download a file and change its name
wget http://path.to.the/file -o newname
# To download a file into a directory
wget -P path/to/directory http://path.to.the/file
# To continue an aborted downloaded
wget -c http://path.to.the/file
@ -13,6 +16,12 @@ wget URL1 URL2
# To parse a file that contains a list of URLs to fetch each one
wget -i url_list.txt
# To mirror a whole page locally
wget -pk http://path.to.the/page.html
# To mirror a whole site locally
wget -mk http://site.tl/
# To download files according to a pattern
wget http://www.myserver.com/files-{1..15}.tar.bz2

12
cheatsheets/xargs Normal file
View File

@ -0,0 +1,12 @@
# find all file name ending with .pdf and remove them
find -name *.pdf | xargs rm -rf
# if file name contains spaces you should use this instead
find -name *.pdf | xargs -I{} rm -rf '{}'
# Will show every .pdf like:
# &toto.pdf=
# &titi.pdf=
# -n1 => One file by one file. ( -n2 => 2 files by 2 files )
find -name *.pdf | xargs -I{} -n1 echo '&{}='