ShellSpells
  • 🧙‍♂️Welcome!
    • ShellSpells
    • FAQs
    • License & Disclaimer
  • 🐧Linux
    • System Ops
      • Transcripts
      • Help
      • System Info
        • Date/Time
        • System Details
        • Patches & Updates
        • Init System Identification
        • Hostname / Host ID
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Shares
        • Packages
        • Connected Devices
        • Kernel Modules (Drivers)
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Jobs
        • Enumerate
        • Modify
      • Processes
        • Enumerate
        • Modify
        • Custom Script and Shared Object
        • Process I/O Redirection
      • Services
        • Enumerate
        • Modify
        • Create a Service
      • Startup/Boot Scripts
        • Enumerate
        • Modify
      • Security
        • Antivirus
        • Firewall
        • SSH Keys
      • History & Logs
        • History
        • Logs
    • File Ops
      • Search
        • Filename
        • Content
        • Users (Owners)
        • Time
        • Size
        • Permission
        • Hidden Files
        • Inode
        • Find + Exec
        • Notes
      • Enumerate Metadata
      • Modify Metadata
      • Read Content
      • Modify Content
      • Extract Content
      • Sort / Compare / Count
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
    • Terminal Ops
      • Keyboard Shortcuts
      • Tmux Shortcuts
  • 🪟Windows
    • System Ops
      • Transcripts
      • Help
      • System Info
        • One-liners
        • Date/Time
        • System Details
        • Hotfixes
        • Domain or Workgroup
        • Data Execution Prevention
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Installed Software
        • Drivers
        • Shares
      • Registry
        • Enumerate
        • Modify
        • Forensically Relevant Keys
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Tasks
      • Processes
        • Enumerate
        • Modify
      • Services
        • Enumerate
        • Modify
      • Autorun / Startup
        • Enumerate
        • Modify
      • Security
        • Permissions
          • Enumerate
          • Page
        • Antivirus
        • Firewall
          • Enumerate
          • Modify
        • Audit Policies
        • Remoting
          • Enumerate
          • Modify
          • Registry Locations
        • Stored Credentials
      • Remote Command Execution
      • Active Directory
        • Enumerate
        • Modify
      • History & Logs
        • History
        • Logs
      • PowerShell Config
      • Scripting
      • WMIC Notes
    • File Ops
      • Search
        • Filename
        • Time
        • Size
        • Permissions
        • Attributes
        • Wildcarding
      • Enumerate Metadata
        • One Liners
        • Users (Owners)
        • Timestamps
        • Size
        • Permissions
        • Attributes
      • Modify Metadata
        • Change Owner
        • Timestamps
        • Size
        • Attributes
      • Read Content
      • Modify Content
        • Overwrite
        • Insert
        • Append
        • Replace / Remove
        • Convert Case
        • Alternate Data Streams
      • Extract Content
      • Sort / Compare / Count
        • Sort
        • Count
        • Compare
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
      • Output Formatting / Filtering
      • File Formatting
      • Operators
  • ⛓️Network
    • Traffic Manipulation
      • iptables
        • Option List
        • General Commands
        • Filter Tables
        • NAT
        • Mangle
        • Filter for SSH Traffic (Example)
      • nftables
    • Packet Capture
      • Syntax
      • TCPDump Examples
    • Packet Analysis
      • Wireshark
  • 🚗Maneuver
    • SSH
    • Control Sockets
    • RDP
    • Windows Port Proxy
  • 🛩️Data Transfer
    • SCP
    • FTP
    • Netcat
      • Netcat Relays
    • Server Interactions
    • Alternate Methods
  • 🪄REGEX
    • Examples
Powered by GitBook
On this page
  • Filenames
  • File Extensions
  • Search Multiple Dirs
  • Inverse
  • Weird Filenames
  • Executables

Was this helpful?

  1. Linux
  2. File Ops
  3. Search

Filename

Filenames

grep -rli file*

Pattern match

grep -rli "filename" /path/to/search

Recursive

ls -R [directory] | grep "filename"

Recursive

find / -a -iname "filename"

Case insensitive

find / -a -type f -name password.txt

Recursive exact match

find / -a -name "pat*tern"

Pattern match "pat" and ending with "tern"

find / -a -type d -name config

Exact directory match

find / -a -type d -name "\*687-250\*"

Pattern directory match

find / -a -regex "regex_pattern"

Regex

locate "[filename]"

Uses a database updated by updatedb to quickly locate files

locate -i "[filename]"

Case-insensitive

Use extended regex syntax:

find / -a -regextype egrep -regex "pat.+?ern"

Use Perl regex syntax:

find / -a -regextype perl -regex "^user_[0-9]+.sh$"

Uses xargs for efficiency with a large number of files

find / -a -type f -print0 | xargs -0 grep -l "[string]"

Finds files by name and then executes ls -lh:

find / -a -type f -name "[filename]" -exec ls -lh {} +

Find development tools and supported languages:

find / -a -name perl*
find / -a -name python*
find / -a -name gcc*

File Extensions

ls [directory]/*.ext

Not Recursive

find / -a -type f \( -name "*.txt" -o -name "*.sh" \)

Multiple file extensions.

find / -a -type f -name "*.txt"

Recursive

find / -a -type f -iname "*.txt"

Case-insensitive.

find / -a -type f -regex ".*\.txt"

Use regular expressions.

find / -a -regextype posix -regex ".+\.log$"

Matches all files ending with .log, using POSIX regex syntax.

grep -rli "\.txt$" /path/to/search

Recursive

grep -rli --include=\*.ext "pattern" [directory]

Recursively searches for files with the .ext extension containing "pattern" in the specified directory.

Search Multiple Dirs

find /opt /usr /var -a -type f -name foo.scala

Search specific directories

find /directory* -name foo.txt

Wildcard

Loop: Iterates through each directory and runs the find command inside each, effectively searching them all.

for dir in /path/to/directory1 /path/to/directory2 ; do
  find "$dir" -name your_search_term
done

Inverse

grep -L

Lists files that do not contain a specified pattern.

ls / | grep -v "[pattern]"

Lists files in the root directory that do not match the specified pattern.

find / -a -not -name "[pattern]"

Finds files not matching a specific pattern.

find / -a -type f -not -name "*.html"

Finds files that do not end in ".html".

find / -a ! -name "[pattern]"

An alternative to -not, finds files not matching a specific pattern.

find / -a ! -name "pattern1" ! -name "pattern2"

Finds files not matching multiple patterns.

find / -a -type f ! -exec grep -q "[pattern]" {} \; -print

Finds files that do not contain a specified pattern using -exec.

find / -a -type f -print0 | xargs -0 grep -L "[pattern]"

Finds files that do not contain a specified pattern using xargs.

awk '!/[pattern]/' [file]

Uses awk to print lines from a file that do not match a specific pattern.

sed -n '/[pattern]/!p' [file]

Uses sed to print lines from a file that do not match a specific pattern.

Weird Filenames

find / -a -type d -name " \*" -exec ls -ladtri {} 2>/dev/null +

Directories with a space

find / -a -type f -name " \*" -exec ls -latriQ {} 2>/dev/null +

Files with a space

find / -a -type f -name '*[![:alnum:]_\-\.]*'

Files with non-alphanumeric characters in their filenames.

find / -a -type f -regex '.*[^[:alnum:]_\-\.].*'

Files with non-alphanumeric characters in their filenames using regex.

Executables

which grep

Single binary

which python java gcc

Multiple binaries

type ls

Shows how the command is interpreted by the shell.

command -v ls

Shows how the command is interpreted by the shell.

which -a python

All instances of "python" in the path.

PreviousSearchNextContent

Last updated 1 year ago

Was this helpful?

🐧