💻
Application Security Cheat Sheet
  • Application Security Cheat Sheet
  • Android Application
    • Overview
      • Application Data & Files
      • Application Package
      • Application Sandbox
      • Application Signing
      • Deployment
      • Package Manager
    • Intent Vulnerabilities
      • Deep Linking Vulnerabilities
    • WebView Vulnerabilities
      • WebResourceResponse Vulnerabilities
      • WebSettings Vulnerabilities
  • CI/CD
    • Dependency
      • Dependency Confusion
      • Dependency Hijaking
      • Typosquatting
    • GitHub
      • GitHub Actions
      • Code owners
      • Dependabot
      • Redirect
      • Releases
  • Cloud
    • AWS
      • Amazon API Gateway
      • Amazon Cognito
      • Amazon S3
  • Container
    • Overview
      • Container Basics
      • Docker Engine
    • Escaping
      • CVE List
      • Exposed Docker Socket
      • Excessive Capabilities
      • Host Networking Driver
      • PID Namespace Sharing
      • Sensitive Mounts
    • Container Analysis Tools
  • Framework
    • Spring
      • Overview
      • Mass Assignment
      • Routing Abuse
      • SpEL Injection
      • Spring Boot Actuators
      • Spring Data Redis Insecure Deserialization
      • Spring View Manipulation
    • React
      • Overview
      • Security Issues
  • Linux
    • Overview
      • Philosophy
      • File
      • File Descriptor
      • I/O Redirection
      • Process
      • Inter Process Communication
      • Shell
      • Signals
      • Socket
      • User Space vs Kernel Space
    • Bash Tips
  • iOS Application
    • Overview
      • Application Data & Files
      • Application Package
      • Application Sandbox
      • Application Signing
      • Deployment
    • Getting Started
      • IPA Patching
      • Source Code Patching
      • Testing with Objection
  • Resources
    • Lists
      • Payloads
      • Wordlists
    • Researching
      • Web Application
      • Write-ups
    • Software
      • AWS Tools
      • Azure Tools
      • Component Analysis
      • Docker Analysis
      • Dynamic Analysis
      • Fuzzing
      • GCP Tools
      • Reverse Engineering
      • Static Analysis
      • Vulnerability Scanning
    • Training
      • Secure Development
  • Web Application
    • Abusing HTTP hop-by-hop Request Headers
    • Broken Authentication
      • Two-Factor Authentication Vulnerabilities
    • Command Injection
      • Argument Injection
    • Content Security Policy
    • Cookie Security
      • Cookie Bomb
      • Cookie Jar Overflow
      • Cookie Tossing
    • CORS Misconfiguration
    • File Upload Vulnerabilities
    • GraphQL Vulnerabilities
    • HTML Injection
      • base
      • iframe
      • link
      • meta
      • target attribute
    • HTTP Header Security
    • HTTP Request Smuggling
    • Improper Rate Limits
    • JavaScript Prototype Pollution
    • JSON Web Token Vulnerabilities
    • OAuth 2.0 Vulnerabilities
      • OpenID Connect Vulnerabilities
    • Race Condition
    • Server Side Request Forgery
      • Post Exploitation
    • SVG Abuse
    • Weak Random Generation
    • Web Cache Poisoning
Powered by GitBook
On this page
  • Bash multiprocessing
  • Useful commands
  • cheat.sh
  • aria2c
  • chmod
  • curl
  • find
  • grep
  • ipython
  • ncdu
  • pv
  • ssh
  • tar
  • youtube-dl
  • Modern Unix
  1. Linux

Bash Tips

PreviousUser Space vs Kernel SpaceNextOverview

Last updated 2 years ago

Bash multiprocessing

Useful commands

cheat.sh

# To get a cheat sheet just use the following command
# Change <command> to command name, for instance, ls, id, curl, etc.
$ curl cheat.sh/<command>

# Cheat sheet for curl
$ curl cheat.sh/curl

aria2c

# Multi-thread downloading
$ aria2c -x5 <URL>

# Restarting aria2c continues unfinished download
$ aria2c -x5 <URL>
^C
$ aria2c -x5 <URL> # downloading continues

# Download torrent files (just pass the torrent file to the input)
$ aria2c <name>.torrent

chmod

# Enable all permissions for the owner, write permissions to the group and execute permissions to others
# or rwx-w---x
$ chmod 721 <name>

### Verbose form
# Enable user for rwx
$ chmod u+rwx <name>

# Enable group for w
$ chmod g+w <name>

# Enable others for x
$ chmod o+x <name>

# Enable everyone for x
$ chmod a+x <file>

### Remove permissions (use '-' instead of '+')
# Disable group and others for x
$ chmod og-x <name>

### setuid (4), setgid (2), sticky (1) bits
# Set setgid bit
# or rwxr-sr-x
$ chmod 2755 <name>

## Verbose form
# Set setuid bit 
$ chmod u+s <name>

# Set setgid bit
$ chmod g+s <name>

# Set sticky bit
$ chmod o+t <name>

curl

Useful operation mode:

find

# Case sensitive search
$ find / -name '*some*'

# Case insensitive search
$ find / -iname '*some*'

# ls style output formatting
$ find / -iname '*some*' -ls

# Delete found files (danger: there is no confirmation)
$ find dir_to_delete/ -delete

# Executing a script with search results
# Format: 
#   -exec <command> {} \;
#   <commad> - script/command to execute
#   {} - place for the found file
#   \; - end of <command>
$ find / -iname '*some*' -exec ./script.sh {} \;

grep

# Search string without using regex
# fgrep is an alias for grep -F
$ fgrep

# Using perl-compatible regex (or "real" regex)
$ grep -P

# Searching inside gz archives
$ zgrep

# Highlight found words in search results
$ grep --color=force

# Invert the sense of matching
$ grep -v

# grep by file contents
$ grep -rnw '/path/to/somewhere/' -e 'pattern'

ipython

  • Tab completion

  • Help by .method? + enter

  • Embedding in a script for debugging using the interactive shell:

    from IPython import embed; embed()

ncdu

$ ncdu /

Useful hotkeys:

  • Navigation by arrows

  • s - sort by size

  • C - sort by quantity

  • c - show quantity

  • d - delete

pv

$ ./app1 | pv | ./app2
$ cat /dev/urandom | pv | xxd > /dev/null

# cat-like behavior with a progress bar
$ pv file | ./app
$ pv some_file.txt | bzip2 > /dev/null

# tar compression progress bar
$ tar cz /folder | pv > folder.tar.gz

# Network data transfer progress bar
$ pv folder.tar.gz | nc -nlvp 1337

# Monitor other process
$ pv -d PID

# Limit speed
$ pv file.txt -L 2 # 2 bytes per second
$ pv file.txt -L -l 2 # 2 lines per second

ssh

tar

Useful operation mode:

  • -c - create a new archive

  • -f - use archive file or device ARCHIVE

  • -j, --bzip2 - compress/decompress the archive through bzip2

  • -z, --gzip - compress/decompress the archive through gzip

  • -t, --list - list the contents of an archive

  • -x - extract files from an archive

  • -C, --directory=DIR - change output directory to DIR

  • -v verbosely list files processed

# Create tar archive
$ tar cf archive.tar foo bar

# Create bzip2 archive
$ tar cf archive.tar.bz2 foo bar

# Create gzip archive
$ tar cf archive.tar.gz foo bar

# Extract archive
$ tar xf archive.tar.gz

youtube-dl

$ youtube-dl https://youtu.be/somth12asd34

Modern Unix

provides unified access to the best community driven cheat sheets repositories of the world.

is a lightweight multi-protocol & multi-source, cross platform download utility operated in command-line.

a command line tool and library for transferring data with URL syntax.

- write output to file instead of stdout.

- specifies a custom request method to use when communicating with the HTTP server.

- extra header to include in the request when sending HTTP to a server.

- adds body to the request.

- tell curl to not handle sequences of /../ or /./ in the given URL path.

- makes curl verbose during the operation.

is a handy command shell for python, which supports:

is a disk usage analyzer with an ncurses interface.

- monitor the progress of data through a pipe.

saves many files together into a single tape or disk archive, and can restore individual files from the archive.

is a command-line program to download videos from youtube and other video sites.

cheat.sh
aria2
curl
-o, --output
-X, --request
-H, --header
header/@file
-d, --data
--path-as-is
-v, --verbose
ipython
ncdu
pv
tar
youtube-dl
LogoSupercharge Your Bash Scripts with MultiprocessingFr1nge's Personal Blog
LogoA Visual Guide to SSH Tunnels (with labs)
LogoGitHub - ibraheemdev/modern-unix: A collection of modern/faster/saner alternatives to common unix commands.GitHub