ShellSpells
  • 🧙‍♂️Welcome!
    • ShellSpells
    • FAQs
    • License & Disclaimer
  • 🐧Linux
    • System Ops
      • Transcripts
      • Help
      • System Info
        • Date/Time
        • System Details
        • Patches & Updates
        • Init System Identification
        • Hostname / Host ID
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Shares
        • Packages
        • Connected Devices
        • Kernel Modules (Drivers)
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Jobs
        • Enumerate
        • Modify
      • Processes
        • Enumerate
        • Modify
        • Custom Script and Shared Object
        • Process I/O Redirection
      • Services
        • Enumerate
        • Modify
        • Create a Service
      • Startup/Boot Scripts
        • Enumerate
        • Modify
      • Security
        • Antivirus
        • Firewall
        • SSH Keys
      • History & Logs
        • History
        • Logs
    • File Ops
      • Search
        • Filename
        • Content
        • Users (Owners)
        • Time
        • Size
        • Permission
        • Hidden Files
        • Inode
        • Find + Exec
        • Notes
      • Enumerate Metadata
      • Modify Metadata
      • Read Content
      • Modify Content
      • Extract Content
      • Sort / Compare / Count
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
    • Terminal Ops
      • Keyboard Shortcuts
      • Tmux Shortcuts
  • 🪟Windows
    • System Ops
      • Transcripts
      • Help
      • System Info
        • One-liners
        • Date/Time
        • System Details
        • Hotfixes
        • Domain or Workgroup
        • Data Execution Prevention
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Installed Software
        • Drivers
        • Shares
      • Registry
        • Enumerate
        • Modify
        • Forensically Relevant Keys
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Tasks
      • Processes
        • Enumerate
        • Modify
      • Services
        • Enumerate
        • Modify
      • Autorun / Startup
        • Enumerate
        • Modify
      • Security
        • Permissions
          • Enumerate
          • Page
        • Antivirus
        • Firewall
          • Enumerate
          • Modify
        • Audit Policies
        • Remoting
          • Enumerate
          • Modify
          • Registry Locations
        • Stored Credentials
      • Remote Command Execution
      • Active Directory
        • Enumerate
        • Modify
      • History & Logs
        • History
        • Logs
      • PowerShell Config
      • Scripting
      • WMIC Notes
    • File Ops
      • Search
        • Filename
        • Time
        • Size
        • Permissions
        • Attributes
        • Wildcarding
      • Enumerate Metadata
        • One Liners
        • Users (Owners)
        • Timestamps
        • Size
        • Permissions
        • Attributes
      • Modify Metadata
        • Change Owner
        • Timestamps
        • Size
        • Attributes
      • Read Content
      • Modify Content
        • Overwrite
        • Insert
        • Append
        • Replace / Remove
        • Convert Case
        • Alternate Data Streams
      • Extract Content
      • Sort / Compare / Count
        • Sort
        • Count
        • Compare
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
      • Output Formatting / Filtering
      • File Formatting
      • Operators
  • ⛓️Network
    • Traffic Manipulation
      • iptables
        • Option List
        • General Commands
        • Filter Tables
        • NAT
        • Mangle
        • Filter for SSH Traffic (Example)
      • nftables
    • Packet Capture
      • Syntax
      • TCPDump Examples
    • Packet Analysis
      • Wireshark
  • 🚗Maneuver
    • SSH
    • Control Sockets
    • RDP
    • Windows Port Proxy
  • 🛩️Data Transfer
    • SCP
    • FTP
    • Netcat
      • Netcat Relays
    • Server Interactions
    • Alternate Methods
  • 🪄REGEX
    • Examples
Powered by GitBook
On this page
  • Format
  • Table
  • -Wrap
  • List
  • Wide
  • GroupBy
  • Paging
  • Select-Object
  • Where-Object
  • Creating Custom Columns and List Entries

Was this helpful?

  1. Windows
  2. File Ops

Output Formatting / Filtering

Format

Table

Get-Process | Format-Table -Property *
Get-Process | Format-Table -Property ID,Name,Responding
Get-Process | Format-Table *
Get-Process | ft

-Wrap

Get-Command | Select-Object Name,Source | ft -Wrap

Format Process list with Virtual and Paged Memory in MBs and no Decimals

Understand the "Name" is a property from Get-Process, but also a property for Format-Table. See next example if that doesn't make sense.

get-process | Format-Table name,id, @{name='VM(MB)'; expression={$_.VM / 1MB -as [int]}}, @{name='PM(MB)'; expression={$_.PM / 1MB -as [int]}}

Formatting Process List to Include Select Fields:

Get-Process | Format-Table Name,ID,Responding -Wrap

List

Format-List is another way of displaying the properties of an object. Unlike get-member, Format-List (fl) will also display the values for those properties so that you can see what kind of information each property contains

Most parameters are the same as Format-Table.

gci | Format-List -property name

Formatting output of a command (Format-List)

ls | Format-List -property name

Formatting output of a command (Format-List)

Get-Help Format-List

Formats the help output as a list

Wide

It’s able to display only the values of a single property, so its -Property parameter accepts only one property name, not a list, and it can’t accept wildcards.

Get-Process | Format-Wide name -col 4

Formats the output to a specified width and writes to a new file.

Get-Content C:\path\to\file.txt | Out-File C:\path\to\newfile.txt -Width 120

GroupBy

Get-AzVM -Status | Sort-Object PowerState | ft -Property Name,Location,ResourceGroupName -GroupBy PowerState

Paging

Paginating output:

gci -recurse | Out-Host -paging

Select-Object

Select-Objector Select

Selects a specified property from an object.

Get-Process | Select Name,ID,CPU,PM

Selects multiple properties.

Get-Process | Select -First 10

Selects first 10.

Get-Process | Select -Last 10

Selects last 10.

Displays the Get-Process Properties of 'Name, ID, Path' for every process

Get-Process | Select-Object Name, ID, path

Where-Object

Where-Object

Filters objects out of the pipeline.

Get-Content C:\path\to\file.txt | Where-Object {$_ -match "pattern"}

Filters lines that match a specific pattern.

Get-Process | Where-Object {$_.name -eq "notepad"}

Where-Object condition (alias where or ?).

Creating Custom Columns and List Entries

You can use this to provide a column header that’s different from the property name being displayed:

Get-AzStorageAccount | Format-Table @{name='Name';expression={$_.StorageAccountName}},Location,ResourceGroupName

This creates a special hash table to create a custom column that will be labeled VM(MB) and changes the value of that property to MBs. It then converst that value to a whole number rather than a decimal.

Get-Process | Format-Table Name, @{name='VM(MB)';expression={$_.VM / 1MB -as [int]}}

NOTE: PowerShell recognizes the shortcuts KB, MB, GB, TB, and PB as denoting kilobyte, megabyte, gigabyte, terabyte, and petabyte, respectively

Format custom number of columns. Need to use Format-Wide:

get-childitem C:\Users\fleezy\ | Format-List Name -col 4

Format list that contains specific fields with one custom field:

gci $PSHOME | Format-List Name,VersionInfo,@{name='Size'; expression={$_.Length}}

Format custom headers for Get-Module's Name and Version:

Get-Module | Format-Table @{Name='ModuleName'; expression={$_.Name}}, @{Name='ModuleVersion'; expression={$_.Version}}
PreviousWorking With Weird FilenamesNextFile Formatting

Last updated 1 year ago

Was this helpful?

🪟