sudo runs a single command with root permissions.
su switches user to it's first argument (defaults to root).
su -c whoami would have the same output as sudo whoami, but they use different auth mechanisms.
The sudoers file at /etc/sudoers should be edited using visudo.
Prefer dig as nslookup is deprecated.
sudo apt-get install nsutils to install both of them
nslookup uses it's own libraries instead of the OS's ones and has inconsistent behaviours.
Ex. dig miguelp.com NS +short.
host defaults the query type to A records.
host -t SOA miguelp.com provides roughly the same output as dig miguelp.com SOA +short.
host is more user friendly while dig is often prefered as it has more options and provides more detail in it's output.
both support regexes.
sed parses and transforms char streams. It's simpler, use it to append/insert/delete/substitute pattern.
awk has if/else, while, do/while constructs as well. It's complex and robust, use it when you have a table-like output.
Ex. printf 'Jose 1234567\nMiguel 1234567' | awk 'BEGIN { print "Name______ Number\n---------- ------"}{ printf "%-10s %s\n", $1, $2 }'.
Ex. printf "3 2\n21 30\n4 5" | awk '{var+=$1/$2} END {print var/NR}'.
Ex. echo 'ip: 127.0.0.1' | sed 's/127.0.0.1/35.23.65.2/'.
Ex. echo '1 2 3' | awk '{print $2+2}'.
Ex.
printf "one\nthree" | sed '/one/a\
two
'
Ex. printf "x\nx\nx\nmarker\nfirst line" | sed '1,/marker/d'.
sudo apt-get install traceroute to install.
The -m option limits the amount of hops, so traceroute -m 1 miguelp.com can be used to get your gateway.
Ex. traceroute -m 2 miguelp.com.
use -t to get rid of the header.
use -n as in to change the interval in seconds (defaults to 2).
Ex. watch -t -n 1 free watch -n 1 netstat -lt.
-sn to not do any port scan.
-sV to enable version detection.
-T is for timing (paranoid (0), sneaky (1), polite (2), normal (3), aggressive (4), and insane (5)) (defaults to 3), It's about timeouts and retries. Pick according to your rudeness and network bandwidth.
Various "port scanning techniques" are avaiable, the defaullt one is -sS (TCP SYN scan), which does not complete TCP connections, it's quick and stealthy.
Ex. nmap -sn 10.0.0.0/24 pings all that newtwork.
Ex. nmap -p 1-65535 -sV -T4 miguelp.com full TCP port scan using service version detection.
Ex. nmap -sV --script ssl-enum-ciphers -p 443 miguelp.com gets TLS cyphers.
Works over ICMP (which is a network layer protocol, sybling and very related to IP), it also gives you the IP of a domain as it does has to resolve it.
Ex. ping miguelp.com -n 5.
You don't get curl preinstalled on the Cloud Shell.
curl lets you build requests however you want to and supports a long list of protocols.
wget is specialized in downloads but can send post requests too.
wget has recursive downloads with -r (curls doesn't). It follows links breadth-first with -l depth (defaults to 5).
wget has --convert-links which after downloading, converts all links to be suitable for local viewing.
wget can mirror webpages with --mirror, it is equivalent to -r -N -l inf --no-remove-listing.
wget has a -w option to introduce a waiting time between accesses to the server.
Ex. wget -r https://www.kernel.org/doc/man-pages/.
gives you info about a domain (registrar and nameservers) or an ip (who owns it).
Output details depend on the whois server you are reaching.
Ex. whois miguelp.com whois 200.57.250.162
sudo apt-get install tcpdump to install.
packet sniffer.
-i eth0 will only capture from interface eth0.
-c 5 will only capture 5 packets.
-A prints in ASCII, use it for web traffic.
TCP flags shown are: S (SYN), F (FIN), P (PUSH), R (RST), U (URG), W (ECN CWR), E (ECN-Echo) or . (ACK).
Ex. do a sudo tcpdump -A host man7.org while loading http://man7.org/linux/man-pages/man1/tcpdump.1.html on your browser. That man7 link does not use HTTPS so you will be able to read packets. Now try to get a 304 back.
sudo arp -a displays all the table.
sudo arp -d ip deletes an entry.
sudo arp -s ip mac adds a new entry in.
Opens TCP and UDP connections, can be useful for filetransfers.
sudo apt-get install netcat.
Ex. nc -l -p 1234 > out.file echo 'hola2' | nc 127.0.0.1 1234\.
Ex. dd if=/dev/hda3 | gzip -9 | nc -l 3333\ nc [destination] 3333 | pv -b > hdImage.img.gz\.
-exec runs commands against each entry.
-size can help you filter by size and -user by owner.
Ex. find . -type d -empty -delete will delete empty directories.
Ex. tail -n +1 `find . -type f` (tail + find + backticks combo).
Ex. make all script files executable: find . -name "*.sh" -type f -exec chmod +x '{}' \;.
-c gives you the count.
-n gives you the line numbers.
-r searches recursively.
Ex. grep -rn . -e 'TODO' to find your todo's.
Ex. grep -c 'word' file1.txt.
-h for human output.
Ex. watch free -h (watch + free combo).
converts lines into parameters for the next command.
Ex. find . -type f | xargs ls -l | awk '{total += $5} END {print total/1024"KB"}'.
Ex. find . -type f -name "*.txt" | xargs zip out.zip.
Debian/Ubuntu use apt-get .deb files
RedHat/CentOS use yum .rpm files
Yum automatically refreshes the list of packages, whilst with apt-get you must execute a command apt-get update.
apt-get upgrade to actually get updates installed (from your local list).
list all: netstat -a.
list all tcp: netstat -at.
list TCP active listening ports: netstat -lt.
list unix active listening TCP ports: netstat -lx.
-pt gets the pid and programm names.
Ex. nc -l -p 1234 > out.txt & netstat -lt -pt do a ps and a kill afterwards to kill the nc process.
cat /etc/*-release\ to get the OS.
cat /proc/cpuinfo\ to get CPU info.
Sometimes you want a binary to be treated as text, so you can see/copy/paste/send all the characters.
echo 'a is 64 in hex' > binary
xxd -p binary > intermediate.txt
xxd -r -p intermediate.txt > binary
The dump could also be made with od which means "octal dump" (it supports decimal, hex and binary as well) or with hexdump
tee - reads from stdin and outputs to stout and files, use -a to append to files.
Ex. df -h | tee disk_usage.txt.
tee -a out.txt < numbers.txt is equivalent to cat numbers.txt | tee -a out.txt.
(|, <, > and >>) are not programs but shell operators.
pipe (|) send the output of one program to the input of another.
output redirection (>) the file on the right is open for writing from the stout (file descriptor 1) of the program on the left.
you can precede the > sign with a file descriptor like in 2> to redirect stderr instead
Ex. printf 'three\ntwo\none\n' > numbers.txt.
input redirection (<) the file on the right is open for reading on stdin of the program on the left.
you can precede the < sign with a file descriptor.
Ex. cat < numbers.txt.
Use an amphersand to reference another file descriptor.
Ex. swap stdout and stderr with 3>&1 1>&2 2>&3.
"Here documents" can be thought of as anonymous files. Ex.
sed 's/0/zero/' <<end
> 0
> one
> two
> end
zero
one
two
"Here strings" are similar. Ex.
sed 's/0/zero/' <<< '0 1 2'
zero 1 2