Skip to content

Instantly share code, notes, and snippets.

@dohsimpson

dohsimpson/Learning SA Stuff.markdown

Last active November 15, 2018 17:46
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dohsimpson/deb8553c09f3cb4357a40b95bbe3f575 to your computer and use it in GitHub Desktop.
Save dohsimpson/deb8553c09f3cb4357a40b95bbe3f575 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Learning SA Stuff.markdown

Networking Tools

netstat

  • -i interface config info (use ifconfig -a on Linux for verbose interface info)
  • -a all ports(listening and non-listening)
  • -l all listening ports
  • -t listening TCP ports
  • -p display PID and program names
  • -c it's like watch
  • -rn list routes but don't resolve ip
  • -n numeric ports
  • -tulpn -u only udp, -t only tcp, use tu to filter out UNIX socket and others
  • the above command tulpn will give you open port and their listening program, very useful!
  • ss -ltu: alternative to netstat -nat

lsof

  • NO ARGUMENT: list all open files to all active processes
  • FILE list processes opened a file
  • -i [tcp][udp][:PORT][:PORT-PORT] find the process that opened a local internet port
  • -t output the process id (PID) only
  • -u USER by user
  • -c STRING by command starting with string
  • -p PID by process
  • -iTCP -sTCP:LISTEN all listening TCP ports
  • +D DIR list processes that opened files under a directory
  • +d DIR same as +D except non recursive
  • -a AND instead of OR
  • | grep LISTEN grep listening port

tcpdump

  • -i eth0 specify interface, if unspecified, then use a default one. specify any for all interfaces
  • -A print packet in ASCII
  • --------FILTERS--------
  • host HOST from or to a host
  • src HOST from a host
  • dst HOST to a host
  • dst port PORT to port
  • net 192.168.1.0/24 specify a network
  • -w dumpfile.pcap write traffic to file
  • and, or, not logical operator

iptables

  • -L list all rules
  • -S list all rules (commands format)
  • -n IP address and ports will be printed in numeric format
  • -v verbose shows interface name, packets counter, etc.
  • -p specify protocol
  • -s specify source ip address(es)
  • -d specify destination ip address(es)
  • --sport: source port
  • --dport: destination port
  • ----------modify----------
  • -A append (lowest priority)
  • -I insert (top priority)
  • -D RULENUM/RULESPEC delete
  • -C check, useful before delete
  • -F, --flush flush
  • -j specify rule. e.g. "ACCEPT, DENY"
  • -P set default policy
  • ------------save/restore------------
  • iptables-save iptables-restore save/restore
  • install iptables-persistent modify permenant

nmap

  • NO ARGUMENT: ping scan and port scan(1~1000 TCP)
  • -sn HOST -port scan
  • -A HOST +OS detection, version detection, script scanning and traceroute
  • -p PORT1,PORT2.../PORT1-PORT2 HOST port scan specified ports
  • -sSU HOST TCP and UDP scan
  • -sU HOST UDP scan

traceroute

  • -n: numeric, no hostname lookup
  • -T: send TCP SYN packet (default send UDP packet)
  • -I: send ICMP ECHO packet
  • -p: port (default 80 for tcp)

whois

  • domain: whois info for domain name, useful for finding out who registered the domain name
  • ip: whois info for ip address, useful for finding out who owns the ip

wget

  • -m, --mirror: == -r -N -l inf --no-remove-listing
    • -r, --recursive: recurisve crawling
    • -l, --level DEPTH: maximum crawl depth (default 5), inf for infinite
    • -N, --timestamping: turn on time stamp, no newer than
    • --no-remove-listing: some FTP setting, irrelevant
  • -np, --no-parent: will not go to parent directory, important for mirroring
  • -nd, --no-directories: will not create directory hiearchy, dump all files in current dir(caution!), unless -P specified
  • -nH, --no-host-directories: will not create host-prefixed directories, dump all files in current dir(caution!), unless -P specified
  • -P, --directory-prefix PREFIX: save to this directory
  • -E, --adjust-extension: append .html extension to files that is not ended with html but is of type html. Useful for dynamic generated pages.
  • -k, --convert-links: convert links for offline views
  • -p, --page-requisites: download all resources for offline view (css, img, etc.)
  • -H, --span-hosts: also go to foreign hosts, including different sub-domain or different domain.
  • -D, --domains DOMAIN_LIST: comma-seperated list of domains, used with -H. E.g. example.com == *.example.com
  • --exclude-domains DOMAIN_LIST: comma-seperated list of domains that will not be crawled, used with -H
  • -I, --include-directories DIR_LIST: follow these sub directories
  • -X, --exclude-directories DIR_LIST: do not follow these sub directories
  • -A, --accept EXT_LIST: accept these extensions, e.g. *.mp3
  • -R, --reject EXT_LIST: reject these extensions, e.g. *.mp3
  • --spider: dry run, will not download files, but will create directory (use -nd to turn off)
  • --load-cookies COOKIE: use cookie
  • -U, --user-agent AGENT: specify user agent
  • -nv, --no-verbose: no verbose, wget is verbose by default
  • -q, --quiet: no output
  • wget -nv -nH -m -H -k -p -E -Delastic.co https://www.elastic.co/guide/en/elasticsearch/reference/current/: this is what I use to mirror a site

nc

  • nc HOST PORT
  • -z: port scan only, with nc -z HOST PORT-PORT
  • -v: verbose
  • -l: listen
  • -k: must use with -l, listen forever. Accept new socket, but block others except current socket.
  • -u: use UDP instead of TCP

openssl (credit)

  • req certificate request
  • -x509 generate self-signed cert instead of cert request
  • -newkey rsa:N generate an RSA private key of N bit
  • -nodes no passphrase protection for priv key
  • -keyout PRIV-KEY write priv key to file
  • -out CERT write certificate to file
  • -days N days until expiration (default: 30 days)
  • -subj '/CN=DOMAIN' suppress interactive prompt for cert content (e.g. CN: country name)
  • -subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.example.com" full version of above
  • -sha256 use SHA-2 encryption algorithm (default: SHA-1)
  • openssl req -x509 -sha256 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 3650 one liner for generating self-signed certificate and private key

ssh-keygen

  • Without Argument: interactively generate RSA key
  • -f KEY: use file
  • -E md5 -l -f KEY: check key fingerprint in MD5 Hex
  • -E md5 -l -f FILE: check authorized_keys or known_hosts fingerprint in MD5 Hex
  • -p -f KEY: change key password
  • -s CA_PRIV_KEY -I CA_IDENTIFIER -h -n DOMAIN_NAME -V +TIME HOST_PUB_KEY: sign a HOST_PUB_KEY with CA_PRIV_KEY
  • -y -f PRIV_KEY: Generate Pub Key from PRIV_KEY
  • e.g. ssh-keygen -s server_ca -I host_auth_server -h -n auth.example.com -V +52w /etc/ssh/ssh_host_rsa_key.pub

sshpass

  • OPT SSH_COMMAND: e.g. sshpass -p password ssh -p 22 root@remote_box
  • -p PASSWROD: specify password
  • -f FILE: read password from FILE

postfix

  • apt install postfix mailutils: install postfix and mailx

mailx

  • echo CONTENT | mailx -s SUBJECT EMAIL: send email with subject

Text Manipulation Tools

grep

  • -i case-insensitive
  • -I case-sensitive
  • -r recursive grep directory
  • -E extended-regex (supporting ?, +, {}, (), |)
  • -C|B|A 3 print 3 lines of [C]ontext around | [B]efore | [A]fter
  • -c count number of matches
  • -v inverse match
  • -l print file names with matches
  • -n print line number
  • -w whole words (seperated not by letters, digits or underscore)

diff

  • diff <(CMD1) <(CMD2) get diff of the output from two commands
  • diff - FILE get diff between a file and stdin
  • -y side-by-side diff
  • -W NUM set width
  • --suppress-common-lines do not show common lines
  • -w ignore diffing white space

uniq

  • -c: count number of occurance
  • -d: print repeated only
  • -u: print non-repeated only
  • -i: case insensitive

jq

  • -r: raw output. No Double quoted, character escaped safe output
  • --stream: streaming mode, easier for dealing with large files
  • ------------QUERY-------------
  • keys: returns all keys without values (use keys_unsorted for unsorted)
  • A[INDEX]: query array A, leave out "INDEX" to iterate over all array (NOTE: iterator is different from array in that when you use aggregation functions on them, they will branch instead of acting as a whole)
  • [Q1]: Wrap Q1 result with an array
  • [A[]]: this query will turn iterator into array, useful for applying aggregation functions
  • flatten: nested array gets flattened
  • Q1 | Q2: pipe, reset starting level to Q1
  • F1, F2: comma, output both F1 and F2
  • A.B: dot, descend level
  • "\(Q1) XXX": string interpolation, replace parathensis with queried value
  • ----------AGGREGATION----------
  • group_by(Q1): group by Q1, into array of arrays
  • min max min_by(Q1) max_by(Q1): min/max (numeric)
  • unique unique_by(Q1): unique
  • split(STR) join(STR): split/join
  • @csv @tsv @html @text @json @uri @base64: output format
  • now | todate: return current time

Bash History Expansion link

User Management

useradd

  • -m create home (not on by default)
  • -s SHELL specify shell
  • -U create group with same name
  • -u UID specify UID
  • -G GROUP1,GROUP2 add user to additional groups

usermod

  • -l change user name
  • -aG add user to a group
  • -md create a new home directory and move everything there

userdel

  • -r remove home directory as well

passwd

  • passwd: change password for self
  • passwd USER: change password of USER
  • -d: remove password
  • head /dev/urandom | tr -dc A-Za-z0-9 | head -c 13 ; echo '': generate a random password

System

ls

  • --time atime/mtime/ctime atime: last read access; mtime (default): last write; ctime: last chown or chmod;

chmod

  • only owner and root can chmod
  • ----------FOR DIRECTORY----------
  • r: list inside
  • w: rename, create, delete inside. Still need x
  • x: pass through, cd, access inside.
  • sticky: files/dir inside can only be deleted/renamed by owner and root

ps

  • aux a: all processes; u: for human; -x: include process without control TTY
  • lax l: long format (faster than aux)
  • f proc hierachy tree
  • w wide format
  • -p PID -o lstart shows when process was started

kill

  • pkill -u USER kill process owned by user

sudo

  • sudo OPTIONS command
  • -u USER run as user
  • -H set $HOME to user home directory

su

  • su - USER login shell for user
  • su USER become another user
  • -p preserve current environment

strace

  • strace CMD: run a new command to trace
  • -p PID: attach to a running process
  • -e trace=SYSCALL1,SYSCALL2...: filter by syscall, e.g. read, open, close, write. Also meta tags: file, network, signal. See man page for detail
  • -c: display a summary at the end containing count, errors, duration, percentage instead of playing at real time
  • -C: same as -c but also play at real time
  • -o OUTFILE: output to file
  • -T: append syscall time duration
  • -t[tt]: prepend absolute timestamp
  • -r: prepend relative timestamp
  • -f: trace child process as well

File System

fallocate

  • fallocate -l SIZE FILE

dd

  • if=IN_FILE of=OUT_FIteLE
  • bs=SIZE: size (default in bytes). E.g. 1024M
  • if no bs specified, copy the size of ifile to ofile

mv

  • mv * .* SUBDIR: move everything to sub-directory
  • mv * .[^.]* ..: move everything to parent-directory

LVM

  • Physical Volume
  • pvcreate DEV mark physical volume
  • pvdisplay show physical volumes
  • vgcreate GROUP_NAME DEV create volume group
  • vgdisplay show groups
  • lvcreate -L SIZE -n VOLUME_NAME GROUP create logical volume
  • lvdisplay show volumes
  • lsblk list partition
  • growpart /dev/xvdf 1 reize partition
  • resize2fs /dev/xvdf1 resize filesystem

Printing (credit)

  • lpc status all: list printers
  • lpr -P PRINTER FILE: print file on PRINTER
  • lpq -P PRINTER: see PRINTER queue
  • lprm ID: remove job from queue
  • lprm -: remove all jobs

Arcane Knowledge

Get When the filesystem is created (server creation date)

  • tune2fs -l /dev/sda2 | grep created
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment