MINI LIB
Files
Rename
Rename all files in dir to new extension
for filename in *.ext; do
mv "$filename" "${filename//[pattern]/}"
done
Rename file to filename + remove anything between two patterns – example here is dots.
for filename in ./*; do
mv "$filename" "./$(echo "$filename" | sed -e 's/.*.//g')";
done
Rename files dumped by Volatility2 plugin to pretty/OG name:
for filename in *.text; do
mv "$filename" "$(echo "$filename" | sed -e '/\..*\./s/^[^.]*\.//')";
done
Rename files to first line of the file:
for file in *
do
if [ -f "$file" ]
then
newname=`head -1 $file`
if [ -f "$newname" ]
then
echo "Cannot rename $file to $newname - file already exists"
else
mv "$file" "$newname"
fi
fi
done
Move
Loop to create new directory and move x amounts of files to it (useful if you have loooooooads of file in dir)
#/bin/bash
i=0;
for f in *;
do
d=dir_$(printf %03d $((i/1000+1)));
mkdir -p $d;
mv "$f" $d;
let i++;
done
LOOP
Loop through files, execute command and output to filename + new extension, doesn’t have to be a pipe command to work if command/program has an output-file option.
for file in *
do
if [ -f "$file" ]
then
newname=$file.txt
[do_command] "$file" > "$newname"
fi
done
FIND
Find files by parameters
#find by date
find . -type f -newermt "2000-00-00 00:00:00" ! -newermt "2000-00-00 23:59:59"
Copy Files from List
grep -l [pattern] [path] > matches
mkdir match
xargs -a matches cp -t match
SPLIT
Split file by x amount of bytes
split -b 500 [file]
GREP + SED
GREP REGEX
Replace values before regex to the value you are looking for. This site can translate dates to timestamps.
For Timestamps:
#CocoaCore
"111[0-9][0-9][0-9][0-9][0-9][0-9]"
grep -r 1111{00000..50000}
#WebKit
"11111[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]"
#Unix
"11111[0-9][0-9][0-9][0-9][0-9]"
For Coordinates:
#If looking for particular coordinate
grep -rEo '11\.[0-9]{1,15}'
#If looking for any coordinate
grep -rEo '[0-9]{1,3}\.[0-9]{1,15}'
For Strings :
Source for IP
#for String starting with letter + x amount of characters after
grep -r "S[a-Z]{1,10}"
#for IP address
grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" file
#for either pattern1 or pattern2
egrep "123[4-9]|986[0-3]"
For Bytes :
#for file heder -- ex- SqliteDB
grep -obUaPr "[^\x53\x51\x4C\x69\x74\x65}"
SED Patterns
LOVE LOVE LOVE SED 4 EVER
#replace from pattern to pattern with nothing
sed 's/[pattern1].*[pattern2]//g' file
#replace pattern1 with pattern2 at n occurance:
sed 's/[pattern1]/[pattern2]/n' file
#delete lines matching
sed '/pattern/d' file
#no idea but I think it's useful
sed -s 'N;/pattern/!P;D' file
sed '/^[0-9]*/{N;s/\n//;}' file
OpenSSL
Parse asn1
openssl asn1parse -i -inform DER -in
