Command Quick Reference

COMMAND LINE WIZARDRY

grep find file
Search the contents of files Search the system for files Identify file type by magic number

-c Count matching lines -exec Execute specified command -f Read list from specified file
-E Enable extended regex for each file found -k List all type matches
-i Ignore case -name Search by filename -z Look inside compressed files
-P Enable Perl regex -size Search by file size
-R Recursively search -type Search by file type cut

Regular Expressions Extract portions of data from a file

Character Meaning -c Character(s) to extract

. Single wildcard character -d Field delimiter
-f Field(s) to extract
? Preceding item is optional
* Match the preceding item zero or more times head
+ Match the preceding item one or more times
Output the first few lines/bytes of file
^ Anchor pattern to the beginning of the string
$ Anchor pattern to the end of the string -n Number of lines to output
-c Number of bytes to output
[ ] Character classes and ranges
( ) Group tail
{ } Quantifier
Output the last few lines of a file
uniq curl -f Continuously monitor end of file
Remove duplicate lines from a file Network data transfer -n Number of lines to output

-c Print number of times line is -A Specify user agent sort

repeated -d Send using HTTP POST Order the lines of a file
-f Ignore the specified number of -G Send using HTTP GET
fields -I Only fetch header -r Sort in descending order
-i Ignore case -L Follow redirects -f Ignore case
-s Do not show errors -n Use numerical ordering
join -k Sort based on key
vi commands -o Write output to file
Combine two files
b Back one word
-j Join using specified field cc Replace current line xxd
-t Field delimiter cw Replace current word
Display file in binary or hexadecimal
dw Delete current word
sdiff dd Delete current line
-b Display using binary rather than hex
w Forward one word
Compare two files :q! Quit without save -l Print specified number of bytes
:wq Quit with save -s Start printing at specified position
-a Treat files as text / Search forward
-i Ignore case
wevtutil
? Search backward
-s Suppress common lines n Find next occurrence View and manage Windows logs
-w Max characters to output per line
tr el Enumerate available logs
base64 qe Query a log’s events
Translate one character to another /c Specify max number of events
Encode/decode data using Base64 /f Format output as XML
-d Delete character /rd Read direction, if true read most
-d Decode -s Squeeze repeated characters recent first

© Digadel Corporation v1.0 https://www.commandlinewizardry.com

 AWK Quick Reference
COMMAND LINE WIZARDRY
Syntax Variables While Loop
awk 'pattern {action} Assigning a Variable while (Condition)
pattern {action} {
... MYVAR="Hello" body
pattern {action}’ }
MYVAR=$1
One line of input may match several
patterns, and will execute the
For Loop
Referencing a Variable
corresponding actions in order. No Numerical looping
pattern means all input lines; no print MYVAR
action will print the whole line. for (i=0; i < 100; i++)
MYVAR=MYVAR + $3 {
Referencing Fields body
Arrays }
The awk command parses input
lines into fields using whitespace as Assigning an Array Element Iterating over an array
the default field delimiter
name["index"] = "value" for (i in array)
Syntax Field
{
$1 Field 1 Accessing an Element body with array[i]
$2 Field 2 }
print name["index"]
$n N'th field
$0 Entire Line Deleting an Element Keywords and Functions
$NF Last field next
NF Number of fields delete name["index"] Skip to next input line

Use the –F option to specify a field Deleting an Entire Array nextfile

delimiter other than whitespace. Skip to next input file
delete name
Patterns exit
If Statement Exit the awk program
Testing Equality
if (Condition)
index(str1,str2)
body
$1=="Hello" Returns index in str1 where str2
else
occurs; returns 0 if not found.
body
Conditional Operators
int(str)
Enclose the statement body in curly- Truncate to integer
! != == < <= > >=
brackets if it is more than one line.
Regex can also be used as a pattern length(str)
Output String length of argument
by enclosing the expression in / /
Writing to standard out rand()
BEGIN {action}
Random number between 0 and 1
Action executes before any input print "Hello World"
is processed split(str,array,separator)
print $1 Separate str into array using
END {action} separator. FS is used if no
Action executes after all input is printf "Hello World\n" separator is given.
processed
printf "%s %d\n", $1, var system(cmd)
Execute command, returns exit status

© Digadel Corporation v1.0 https://www.commandlinewizardry.com

 Bash Quick Reference
COMMAND LINE WIZARDRY
Output Variables While Loop
Writing to the screen Declaring a Variable i=0
while (( i < 1000 ))
echo 'Hello World' MYVAR='Hello' do
echo $i
printf 'Hello World\n' let i++
Referencing a Variable done
Format Strings echo $MYVAR
Format strings for printf
For Loop
echo "$MYVAR World" Numerical looping
%s String
%d Decimal Assigning Shell Output for ((i=0; i < 1000; i++))
%f Floating point do
%x Hexadecimal CMDOUT=$(pwd) echo $i
\n Newline done
\r Carriage return
\t Horizontal tab
If Statements
Iterating over a list
Command conditional (cmd will
Positional Parameters return 0 if success) for VAL in 20 3 dog 7
Script parameters do
if cmd echo $VAL
$# Number of parameters then done
$0 Name of the script some cmds
$1 else
First parameter
other cmds Case Statement
$2 Second parameter …
fi case $MYVAR in
Default parameters "carl")
File and numeric conditionals echo 'Hi Carl!'
MYVAR=${1:-Cake} ;;
if [[ -e $FILENAME ]] "paul")
then echo 'Hi Paul!'
Note: If parameter 1 is unset, the ;;
echo $FILENAME exists
value of MYVAR will default to Cake fi *) # default
echo 'Goodbye'
User Input exit
;;
Read from stdin File Test Use esac
read MYVAR -d Directory exists
-e File exists Functions
Prompting -r File is readable Declaring a function
-w File is writable
read –p 'Name: ' USRNAME
-x File is executable function myfun ()
{
Reading a File # function body
while IFS="" read MYLINE echo 'This is myfun()'
do Numeric Test Use }
echo "$MYLINE" -eq Equal
done < "somefile.txt" Invoking a function
-gt Greater than
Note: IFS="" preserves whitespace -lt Less than myfun param1 param2

© Digadel Corporation v1.0 https://www.commandlinewizardry.com

 Windows Batch Script Quick Reference
COMMAND LINE WIZARDRY
Output Variables While Loop
Write to the screen Declaring a Variable set i=0

echo Hello World set MYVAR=Hello :Top

echo %i%
Turn off command echoing set /a "i = i + 1"
Referencing a Variable if %i% lss 10 goto Top
@echo off echo %MYVAR%
Note – This is simulated while loop
Comments echo %MYVAR% World!
functionality
rem This is a comment For Loop
If Statements
::This is a comment too Numerical looping
Single-line
Positional Parameters for /l %%i in (0,1,10) do (
if %VAR%==%VAL% echo True echo %%i
%0 Name of the script as called )
%1 First parameter Multi-line
%~1 First parameter, quotes removed Iterating over a list
%2 Second parameter … if %VAR%==%VAL% (
%* All parameters echo True
for %%i in (a, 7, t) do (
echo VAR is 5
echo %%i
Note - Use shift to move all ) else (echo False)
)
parameter indexes one to the left.
File Exists Functions
User Input if exist file.txt ( Declaring a function
Read user input echo File exists
) :Function1
set /p USERIN= echo This is function 1
Comparison Operators echo 1st parameter: %1
Prompting echo 2nd parameter: %2
Comparator Use exit /b 0
set /p USERIN="Name: “ EXIST File exists
Invoking a function
== Equal
Wait for user input
EQU Equal call :Function1 p1 p2
pause NEQ Not equal
LSS Less than Error Handling
Goto LEQ Less than or equal Execute if command is successful
if %MYVAR%==1 goto Place1 GTR Greater than
if %MYVAR%==2 goto Place2 whoami && echo Success!
GEQ Greater than or
equal
:Place1 Execute if command fails
NOT Inverse
echo Place 1
goto END whoami || echo Failure!
Reading a File
:Place2: Previous command execution result
echo Place 2 for /f %%L in (f.txt) do (
echo %%L whoami
:END ) echo %errorlevel%

© Digadel Corporation v1.0 https://www.commandlinewizardry.com

 Level Up!

Learn how you can leverage

the command line to enhance
your capabilities as a
security practitioner,
penetration tester, or
system administrator.

Master the Command Line

If you hope to outmaneuver threat actors, speed and
efficiency are key components of cybersecurity
operations. Mastery of the standard command line
interface (CLI) is an invaluable skill in times of
crisis because no other software application can
match the CLI’s availability, flexibility, and
agility. This practical guide shows you how to use
the CLI with the bash shell to perform tasks such as
data collection and analysis, intrusion detection,
reverse engineering, and administration.

https://www.commandlinewizardry.com/cyberops