API tools faq
paste
Advertisement
xe1phix

Xe1phix-[lsof]-Cheatsheet-[v4.6.82].sh

xe1phix
Oct 6th, 2022
1,352
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 11.95 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. ## ---------------------------------------------- ##
  3. ##   [+] Xe1phix-lsof]-Cheatsheet-[v*.*.**].sh
  4. ## ---------------------------------------------- ##
  5.  
  6.  
  7.  
  8.  
  9. ## ------------------------------------------------------------------------------------------- ##
  10.       lsof +D /var/log      ## shows open files recursively
  11.       lsof +d /var/log      ## See All Open Files In A Given Directory:
  12. ## ------------------------------------------------------------------------------------------- ##
  13.       lsof /var/log/*
  14. ## ------------------------------------------------------------------------------------------- ##
  15.       lsof /var/lib/mysql/mysqld.pid               # List mysql processes
  16. ## ------------------------------------------------------------------------------------------- ##
  17.       lsof -u syslog
  18. ## ------------------------------------------------------------------------------------------- ##
  19.       kill `lsof -t /home`      ## Kill all processes that have files open under /home.
  20.       kill $(lsof -t /home)
  21. ## ------------------------------------------------------------------------------------------------- ##
  22.       kill -9 `lsof -t -u $1`
  23. ## ------------------------------------------------------------------------------------------------- ##
  24.       lsof -iTCP:ssh                      ## Show all SSH sockets
  25.       lsof -t -c sshd
  26.       lsof -t -i :22                      ## show all SSH (port 22) sockets
  27.       lsof -p $( pgrep sshd )
  28. ## ------------------------------------------------------------------------------------------------- ##
  29.       lsof -u ^root
  30.       lsof -a -c bash -u root    # open files by bash as root user
  31. ## ------------------------------------------------------------------------------------------------- ##
  32.  
  33.  
  34. ## ------------------------------------------------------------------------------------------- ##
  35.       lsof -nPi tcp                 ## Show all TCP sockets
  36.       lsof -nPi udp                 ## Show all UDP sockets
  37. ## ------------------------------------------------------------------------------------------- ##
  38.       lsof -nPi | awk '/LISTEN/'          ## Show All Listening Sockets
  39.       lsof -iTCP -sTCP:LISTEN             ## listening tcp sockets
  40.       lsof -nP -iUDP:LISTEN               ## Listening UDP Sockets
  41.       lsof -nP -i TCP -s TCP:LISTEN
  42.       lsof -i -n | grep ESTABLISHED
  43.       lsof -i -nP | grep ESTABLISHED | awk '{print $1, $9}' | sort -u
  44.       lsof -nP -iTCP -sTCP:ESTABLISHED | grep HTTPS
  45. ## ------------------------------------------------------------------------------------------- ##
  46.       lsof -nPi tcp:80
  47.       lsof -nPi tcp:443
  48.       lsof -i TCP:https
  49.       lsof -i TCP:8443
  50.       lsof -i TCP:10-1024
  51. ## ------------------------------------------------------------------------------------------- ##
  52.       lsof -i udp:5353 -t
  53. ## ------------------------------------------------------------------------------------------- ##
  54.  
  55.  
  56.  
  57. ## ------------------------------------------------------------------------------------------------- ##
  58.       lsof -i :8080 | awk '{l=$2} END {print l}' | xargs kill
  59. ## ------------------------------------------------------------------------------------------------- ##
  60.       lsof | grep -e "[[:digit:]]\+w"
  61. ## ------------------------------------------------------------------------------------------------- ##
  62.       lsof -i -P |grep
  63. ## ------------------------------------------------------------------------------------------- ##
  64.       lsof -nPi | awk '/LISTEN/'          ## Show All Listening Sockets
  65. ## ------------------------------------------------------------------------------------------- ##
  66.       lsof -iTCP:ssh                      ## Show all SSH sockets
  67. ## ------------------------------------------------------------------------------------------- ##
  68.  
  69.  
  70. ########################################################"
  71. ## || <lsof> || --> List of networking packet states:"
  72. ########################################################"
  73. lsof -iTCP -sTCP:CLOSED
  74. lsof -iTCP -sTCP:BOUND
  75. lsof -iTCP -sTCP:SYN_RCDV
  76. lsof -iTCP -sTCP:CLOSING
  77. lsof -iTCP -sTCP:CLOSE_WAIT
  78. lsof -iTCP -sTCP:SYN_SENT
  79. lsof -iTCP -sTCP:FIN_WAIT1
  80. lsof -iTCP -sTCP:FIN_WAIT_2
  81. lsof -iTCP -sTCP:LAST_ACK
  82. lsof -iTCP -sTCP:TIME_WAIT
  83.  
  84.  
  85. ## ------------------------------------------------------------------------------------------- ##
  86.       lsof -iUDP -sUDP:Idle               ## idle udp sockets
  87. ## ------------------------------------------------------------------------------------------- ##
  88.       lsof -iTCP -sTCP:LISTEN             ## listening tcp sockets
  89. ## ------------------------------------------------------------------------------------------- ##
  90.       lsof -Di                            ## disable device cache
  91. ## ------------------------------------------------------------------------------------------- ##
  92.       lsof -i6                            ## IPv6 only
  93. ## ------------------------------------------------------------------------------------------- ##
  94.       lsof TCP:25                         ## TCP and port 25
  95. ## ------------------------------------------------------------------------------------------- ##
  96.       lsof @1.2.3.4                       ## @ Internet IPv4 host address 1.2.3.4
  97. ## ------------------------------------------------------------------------------------------- ##
  98.       lsof @[3ffe:1ebc::1]:1234           ## @ Internet IPv6 host address:port 1234
  99. ## ------------------------------------------------------------------------------------------- ##
  100.       lsof 3ffe:1ebc::1, port 1234            ## Internet IPv6 host address:port 1234
  101. ## ------------------------------------------------------------------------------------------- ##
  102.       lsof UDP:who                        ## UDP who service port
  103. ## ------------------------------------------------------------------------------------------- ##
  104.       lsof TCP@lsof.itap:513              ## TCP, @ port 513 and host name lsof.itap
  105. ## ------------------------------------------------------------------------------------------- ##
  106.       lsof tcp@foo:1-10,smtp,99           ## TCP, @ ports 1 through 10,
  107. ## ------------------------------------------------------------------------------------------- ##
  108.       lsof :time                          ## either TCP, UDP or UDPLITE time service port
  109. ## ------------------------------------------------------------------------------------------- ##
  110.       lsof -i udp -a -u ^root
  111. ## ------------------------------------------------------------------------------------------- ##
  112.       lsof service name smtp,             ## TCP, ports 1 through smtp, host bar
  113. port 99, host name foo tcp@bar:1-smtp
  114. ## ------------------------------------------------------------------------------------------- ##
  115.       lsof service name $Service
  116.       lsof port $Port
  117. ## ------------------------------------------------------------------------------------------- ##
  118.       lsof -t -c sshd
  119. ## ------------------------------------------------------------------------------------------- ##
  120.       lsof -a -i :22 -c /d$/
  121. ## ------------------------------------------------------------------------------------------- ##
  122.       lsof -i -nlP | awk '{print $1, $8, $9}' | sort -u
  123. ## ------------------------------------------------------------------------------------------- ##
  124.       lsof -a -p $pid -d txt | awk '/txt/ {print $9}' | head -1;
  125. ## ------------------------------------------------------------------------------------------- ##
  126.       lsof -a -p 4107 -d txt | awk '/txt/ {print $9 " " $10}' | head -1
  127. ## ------------------------------------------------------------------------------------------- ##
  128.       lsof -nP -i | awk '/LISTEN/ {print $2 " " $7 " " $8}'
  129. ## ------------------------------------------------------------------------------------------- ##
  130.       lsof -nP -i | awk '/LISTEN/ {print $2 " " $7 " " $8}' | sed -r 's/:([0-9]+)$/ \1/'
  131. ## ------------------------------------------------------------------------------------------- ##
  132.       lsof -a -p $pid -d txt | awk '/txt/ {print $9}' | head -1
  133. ## ------------------------------------------------------------------------------------------- ##
  134.       lsof -i | grep ":[0-9]\+->" -o | grep "[0-9]\+" -o | sort | uniq      # list out the opened ports from the current machine, use
  135. ## ------------------------------------------------------------------------------------------- ##
  136.       lsof -nPi | awk '/LISTEN/ {print $1, $2, $3, $8, $9}'                 ## use awk to parse the output of: Process name, PID, and process owner ##
  137. ## ------------------------------------------------------------------------------------------- ##
  138.       lsof -i udp:5353 -t
  139. ## ------------------------------------------------------------------------------------------- ##
  140.       lsof -i udp -u root
  141. ## ------------------------------------------------------------------------------------------- ##
  142.       lsof -i tcp:ssh
  143. ## ------------------------------------------------------------------------------------------- ##
  144.       lsof -i tcp:22
  145. ## ------------------------------------------------------------------------------------------- ##
  146.       lsof -i udp:mdns -a -u ^root
  147. ## ------------------------------------------------------------------------------------------- ##
  148.       lsof ‐i ‐nlP | awk '{print $9, $8, $1}' | sed 's/.*://' | sort ‐u
  149. ## ------------------------------------------------------------------------------------------- ##
  150.       lsof -P -i -n | cut -f 1 -d " "| uniq | tail -n +2
  151. ## ------------------------------------------------------------------------------------------- ##
  152.       kill -9 $(lsof -i udp:5353 -t)
  153. ## ------------------------------------------------------------------------------------------- ##
  154.       while :; do kill -9 `lsof -t -i :47145`; done
  155. ## ------------------------------------------------------------------------------------------- ##
  156.       kill $(lsof -t /home)
  157. ## ------------------------------------------------------------------------------------------- ##
  158.       watch -n 1 lsof -nPi :47145
  159. ## ------------------------------------------------------------------------------------------- ##
  160.       watch -n 1 lsof -nPi tcp:22
  161. ## ------------------------------------------------------------------------------------------- ##
  162.  
  163.  
  164. ##-================================================-##
  165. ##   [+] Check which files are opened by Firefox
  166. ##   [+] Then sort by largest size.
  167. ##-================================================-##
  168. lsof -p $(pidof firefox) | awk '/.mozilla/ { s = int($7/(2^20)); if(s>0) print (s)" MB -- "$9 | "sort -rn" }'
  169.  
  170.  
  171. ##-======================================-##
  172. ##   [+] List .log files open by a PID
  173. ##-======================================-##
  174. lsof -p 1234 | grep -E "\.log$" | awk '{print $NF}'
  175.  
  176.  
  177. ##-===============================================================-##
  178. ##   [+] Show top running processes by the number of open files
  179. ##-===============================================================-##
  180. lsof | awk '{print $1}' | sort | uniq -c | sort -rn | head
  181.  
  182.  
  183. ##-================================================-##
  184. ##   [+] List all active access_logs
  185. ##       for running Apache or Lighttpd processes
  186. ##-================================================-##
  187. lsof -p $(netstat -ltpn|awk '$4 ~ /:80$/ {print substr($7,1,index($7,"/")-1)}')| awk '$9 ~ /access.log$/ {print $9| "sort -u"}'
  188.  
  189.  
  190. ##-=====================================-##
  191. ##   [+] Count open files on a system:
  192. ##-=====================================-##
  193. sudo lsof | awk '{printf("%s %s %s\n", $1, $3, $NF)}' | grep -v "(" | sort -k 4 | gawk '$NF==prv{ct++;next} {printf("%d %s\n",ct,$0);ct=1;prv=$NF}' | uniq | sort -nr
  194.  
  195.  
  196. ##-============================================-##
  197. ##   [+] find all open files by named process
  198. ##-============================================-##
  199. lsof -c $processname | egrep 'w.+REG' | awk '{print $9}' | sort | uniq
  200.  
  201.  
  202. ##-============================================================-##
  203. ##   [+] Show apps that use internet connection at the moment
  204. ##-============================================================-##
  205. lsof -P -i -n | cut -f 1 -d " "| uniq | tail -n +2
  206.  
  207.  
  208.  
Tags: debian xe1phix ParrotSec pid lsof
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!