Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- ## ---------------------------------------------- ##
- ## [+] Xe1phix-lsof]-Cheatsheet-[v*.*.**].sh
- ## ---------------------------------------------- ##
- ## ------------------------------------------------------------------------------------------- ##
- lsof +D /var/log ## shows open files recursively
- lsof +d /var/log ## See All Open Files In A Given Directory:
- ## ------------------------------------------------------------------------------------------- ##
- lsof /var/log/*
- ## ------------------------------------------------------------------------------------------- ##
- lsof /var/lib/mysql/mysqld.pid # List mysql processes
- ## ------------------------------------------------------------------------------------------- ##
- lsof -u syslog
- ## ------------------------------------------------------------------------------------------- ##
- kill `lsof -t /home` ## Kill all processes that have files open under /home.
- kill $(lsof -t /home)
- ## ------------------------------------------------------------------------------------------------- ##
- kill -9 `lsof -t -u $1`
- ## ------------------------------------------------------------------------------------------------- ##
- lsof -iTCP:ssh ## Show all SSH sockets
- lsof -t -c sshd
- lsof -t -i :22 ## show all SSH (port 22) sockets
- lsof -p $( pgrep sshd )
- ## ------------------------------------------------------------------------------------------------- ##
- lsof -u ^root
- lsof -a -c bash -u root # open files by bash as root user
- ## ------------------------------------------------------------------------------------------------- ##
- ## ------------------------------------------------------------------------------------------- ##
- lsof -nPi tcp ## Show all TCP sockets
- lsof -nPi udp ## Show all UDP sockets
- ## ------------------------------------------------------------------------------------------- ##
- lsof -nPi | awk '/LISTEN/' ## Show All Listening Sockets
- lsof -iTCP -sTCP:LISTEN ## listening tcp sockets
- lsof -nP -iUDP:LISTEN ## Listening UDP Sockets
- lsof -nP -i TCP -s TCP:LISTEN
- lsof -i -n | grep ESTABLISHED
- lsof -i -nP | grep ESTABLISHED | awk '{print $1, $9}' | sort -u
- lsof -nP -iTCP -sTCP:ESTABLISHED | grep HTTPS
- ## ------------------------------------------------------------------------------------------- ##
- lsof -nPi tcp:80
- lsof -nPi tcp:443
- lsof -i TCP:https
- lsof -i TCP:8443
- lsof -i TCP:10-1024
- ## ------------------------------------------------------------------------------------------- ##
- lsof -i udp:5353 -t
- ## ------------------------------------------------------------------------------------------- ##
- ## ------------------------------------------------------------------------------------------------- ##
- lsof -i :8080 | awk '{l=$2} END {print l}' | xargs kill
- ## ------------------------------------------------------------------------------------------------- ##
- lsof | grep -e "[[:digit:]]\+w"
- ## ------------------------------------------------------------------------------------------------- ##
- lsof -i -P |grep
- ## ------------------------------------------------------------------------------------------- ##
- lsof -nPi | awk '/LISTEN/' ## Show All Listening Sockets
- ## ------------------------------------------------------------------------------------------- ##
- lsof -iTCP:ssh ## Show all SSH sockets
- ## ------------------------------------------------------------------------------------------- ##
- ########################################################"
- ## || <lsof> || --> List of networking packet states:"
- ########################################################"
- lsof -iTCP -sTCP:CLOSED
- lsof -iTCP -sTCP:BOUND
- lsof -iTCP -sTCP:SYN_RCDV
- lsof -iTCP -sTCP:CLOSING
- lsof -iTCP -sTCP:CLOSE_WAIT
- lsof -iTCP -sTCP:SYN_SENT
- lsof -iTCP -sTCP:FIN_WAIT1
- lsof -iTCP -sTCP:FIN_WAIT_2
- lsof -iTCP -sTCP:LAST_ACK
- lsof -iTCP -sTCP:TIME_WAIT
- ## ------------------------------------------------------------------------------------------- ##
- lsof -iUDP -sUDP:Idle ## idle udp sockets
- ## ------------------------------------------------------------------------------------------- ##
- lsof -iTCP -sTCP:LISTEN ## listening tcp sockets
- ## ------------------------------------------------------------------------------------------- ##
- lsof -Di ## disable device cache
- ## ------------------------------------------------------------------------------------------- ##
- lsof -i6 ## IPv6 only
- ## ------------------------------------------------------------------------------------------- ##
- lsof TCP:25 ## TCP and port 25
- ## ------------------------------------------------------------------------------------------- ##
- lsof @1.2.3.4 ## @ Internet IPv4 host address 1.2.3.4
- ## ------------------------------------------------------------------------------------------- ##
- lsof @[3ffe:1ebc::1]:1234 ## @ Internet IPv6 host address:port 1234
- ## ------------------------------------------------------------------------------------------- ##
- lsof 3ffe:1ebc::1, port 1234 ## Internet IPv6 host address:port 1234
- ## ------------------------------------------------------------------------------------------- ##
- lsof UDP:who ## UDP who service port
- ## ------------------------------------------------------------------------------------------- ##
- lsof TCP@lsof.itap:513 ## TCP, @ port 513 and host name lsof.itap
- ## ------------------------------------------------------------------------------------------- ##
- lsof tcp@foo:1-10,smtp,99 ## TCP, @ ports 1 through 10,
- ## ------------------------------------------------------------------------------------------- ##
- lsof :time ## either TCP, UDP or UDPLITE time service port
- ## ------------------------------------------------------------------------------------------- ##
- lsof -i udp -a -u ^root
- ## ------------------------------------------------------------------------------------------- ##
- lsof service name smtp, ## TCP, ports 1 through smtp, host bar
- port 99, host name foo tcp@bar:1-smtp
- ## ------------------------------------------------------------------------------------------- ##
- lsof service name $Service
- lsof port $Port
- ## ------------------------------------------------------------------------------------------- ##
- lsof -t -c sshd
- ## ------------------------------------------------------------------------------------------- ##
- lsof -a -i :22 -c /d$/
- ## ------------------------------------------------------------------------------------------- ##
- lsof -i -nlP | awk '{print $1, $8, $9}' | sort -u
- ## ------------------------------------------------------------------------------------------- ##
- lsof -a -p $pid -d txt | awk '/txt/ {print $9}' | head -1;
- ## ------------------------------------------------------------------------------------------- ##
- lsof -a -p 4107 -d txt | awk '/txt/ {print $9 " " $10}' | head -1
- ## ------------------------------------------------------------------------------------------- ##
- lsof -nP -i | awk '/LISTEN/ {print $2 " " $7 " " $8}'
- ## ------------------------------------------------------------------------------------------- ##
- lsof -nP -i | awk '/LISTEN/ {print $2 " " $7 " " $8}' | sed -r 's/:([0-9]+)$/ \1/'
- ## ------------------------------------------------------------------------------------------- ##
- lsof -a -p $pid -d txt | awk '/txt/ {print $9}' | head -1
- ## ------------------------------------------------------------------------------------------- ##
- lsof -i | grep ":[0-9]\+->" -o | grep "[0-9]\+" -o | sort | uniq # list out the opened ports from the current machine, use
- ## ------------------------------------------------------------------------------------------- ##
- lsof -nPi | awk '/LISTEN/ {print $1, $2, $3, $8, $9}' ## use awk to parse the output of: Process name, PID, and process owner ##
- ## ------------------------------------------------------------------------------------------- ##
- lsof -i udp:5353 -t
- ## ------------------------------------------------------------------------------------------- ##
- lsof -i udp -u root
- ## ------------------------------------------------------------------------------------------- ##
- lsof -i tcp:ssh
- ## ------------------------------------------------------------------------------------------- ##
- lsof -i tcp:22
- ## ------------------------------------------------------------------------------------------- ##
- lsof -i udp:mdns -a -u ^root
- ## ------------------------------------------------------------------------------------------- ##
- lsof ‐i ‐nlP | awk '{print $9, $8, $1}' | sed 's/.*://' | sort ‐u
- ## ------------------------------------------------------------------------------------------- ##
- lsof -P -i -n | cut -f 1 -d " "| uniq | tail -n +2
- ## ------------------------------------------------------------------------------------------- ##
- kill -9 $(lsof -i udp:5353 -t)
- ## ------------------------------------------------------------------------------------------- ##
- while :; do kill -9 `lsof -t -i :47145`; done
- ## ------------------------------------------------------------------------------------------- ##
- kill $(lsof -t /home)
- ## ------------------------------------------------------------------------------------------- ##
- watch -n 1 lsof -nPi :47145
- ## ------------------------------------------------------------------------------------------- ##
- watch -n 1 lsof -nPi tcp:22
- ## ------------------------------------------------------------------------------------------- ##
- ##-================================================-##
- ## [+] Check which files are opened by Firefox
- ## [+] Then sort by largest size.
- ##-================================================-##
- lsof -p $(pidof firefox) | awk '/.mozilla/ { s = int($7/(2^20)); if(s>0) print (s)" MB -- "$9 | "sort -rn" }'
- ##-======================================-##
- ## [+] List .log files open by a PID
- ##-======================================-##
- lsof -p 1234 | grep -E "\.log$" | awk '{print $NF}'
- ##-===============================================================-##
- ## [+] Show top running processes by the number of open files
- ##-===============================================================-##
- lsof | awk '{print $1}' | sort | uniq -c | sort -rn | head
- ##-================================================-##
- ## [+] List all active access_logs
- ## for running Apache or Lighttpd processes
- ##-================================================-##
- lsof -p $(netstat -ltpn|awk '$4 ~ /:80$/ {print substr($7,1,index($7,"/")-1)}')| awk '$9 ~ /access.log$/ {print $9| "sort -u"}'
- ##-=====================================-##
- ## [+] Count open files on a system:
- ##-=====================================-##
- sudo lsof | awk '{printf("%s %s %s\n", $1, $3, $NF)}' | grep -v "(" | sort -k 4 | gawk '$NF==prv{ct++;next} {printf("%d %s\n",ct,$0);ct=1;prv=$NF}' | uniq | sort -nr
- ##-============================================-##
- ## [+] find all open files by named process
- ##-============================================-##
- lsof -c $processname | egrep 'w.+REG' | awk '{print $9}' | sort | uniq
- ##-============================================================-##
- ## [+] Show apps that use internet connection at the moment
- ##-============================================================-##
- lsof -P -i -n | cut -f 1 -d " "| uniq | tail -n +2
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement