简介
-
项目地址:https://github.com/chubin/cheat.sh -
特点 -
简明扼要 — 它应该只包含您需要的东西,而不是其他内容。 -
快速 — 应该可以立即使用它。 -
全面 — 它应该包含每个可能问题的答案。 -
通用 — 它应该随时随地可用,无需任何准备。 -
它不应该分散您对主要任务的注意力。 -
它应该可以帮助您学习该主题。 -
应该可以在完全不被注意的情况下使用它。 -
涵盖 56 种编程语言、多种 DBMS 和 1000 多个最重要的 UNIX/Linux 命令。 -
随处可用,无需安装,但可以安装以供离线使用。 -
![值得尝试的终端命令行技巧]( "值得尝试的终端命令行技巧")
安装
curl cht.sh/tar
❯ curl cht.sh/tar
cheat.sheets:tar
# tar
# GNU version of the tar archiving utility
# An approach to backing up the current user's HOME, using tar(1) and Gzip
# compression. Permissions (modes) will be preserved. The filename format will
# be: UID:GID_DATE.tgz
#
# Replace 'DEVICE' with whichever device is applicable to you, but note that it
# must be in the '/media/USER' (where USER is the username) directory, else
# this won't work, unless you edit the formatting section of `printf`.
tar -czvpf "$(printf '/media/%s/%s/%d:%d_%(%F)T.tgz' "$USER" 'DEVICE' ${UID:-`id -u`} ${GID:-`id -g`} -1)" "$HOME"
# Delete file 'xdm' from the archive given to the `-f` flag. This only works on
# non-compressed archives, unfortunately, but those can always be uncompressed
# first, then altered with the `--delete` flag, after which you can recompress.
tar --delete -f xdm_edited.tar.gz xdm
# Extract the contents of the given archive (which is not compressed) to the
# destination given to the `-C` flag; not many seem to know of this flag.
#
# If a destination (path given to `-C`) is not provided, the CWD will be used.
tar -C /mnt -xvf Tarball.tar
cheat:tar
---
tags: [ compression ]
---
# To extract an uncompressed archive:
tar -xvf /path/to/foo.tar
# To extract a .tar in specified directory:
tar -xvf /path/to/foo.tar -C /path/to/destination/
# To create an uncompressed archive:
tar -cvf /path/to/foo.tar /path/to/foo/
# To extract a .tgz or .tar.gz archive:
tar -xzvf /path/to/foo.tgz
tar -xzvf /path/to/foo.tar.gz
# To create a .tgz or .tar.gz archive:
tar -czvf /path/to/foo.tgz /path/to/foo/
tar -czvf /path/to/foo.tar.gz /path/to/foo/
# To list the content of an .tgz or .tar.gz archive:
tar -tzvf /path/to/foo.tgz
tar -tzvf /path/to/foo.tar.gz
# To extract a .tar.bz2 archive:
tar -xjvf /path/to/foo.tar.bz2
# To create a .tar.bz2 archive:
tar -cjvf /path/to/foo.tar.bz2 /path/to/foo/
# To list the content of an .tar.bz2 archive:
tar -tjvf /path/to/foo.tar.bz2
# To create a .tgz archive and exclude all jpg,gif,... from the tgz:
tar -czvf /path/to/foo.tgz --exclude=*.{jpg,gif,png,wmv,flv,tar.gz,zip} /path/to/foo/
# To use parallel (multi-threaded) implementation of compression algorithms:
tar -z ... -> tar -Ipigz ...
tar -j ... -> tar -Ipbzip2 ...
tar -J ... -> tar -Ipixz ...
# To append a new file to an old tar archive:
tar -rf <archive.tar> <new-file-to-append>
tldr:tar
# tar
# Archiving utility.
# Often combined with a compression method, such as gzip or bzip2.
# More information: <https://www.gnu.org/software/tar>.
# [c]reate an archive and write it to a [f]ile:
tar cf path/to/target.tar path/to/file1 path/to/file2 ...
# [c]reate a g[z]ipped archive and write it to a [f]ile:
tar czf path/to/target.tar.gz path/to/file1 path/to/file2 ...
# [c]reate a g[z]ipped archive from a directory using relative paths:
tar czf path/to/target.tar.gz --directory=path/to/directory .
# E[x]tract a (compressed) archive [f]ile into the current directory [v]erbosely:
tar xvf path/to/source.tar[.gz|.bz2|.xz]
# E[x]tract a (compressed) archive [f]ile into the target directory:
tar xf path/to/source.tar[.gz|.bz2|.xz] --directory=path/to/directory
# [c]reate a compressed archive and write it to a [f]ile, using [a]rchive suffix to determine the compression program:
tar caf path/to/target.tar.xz path/to/file1 path/to/file2 ...
# Lis[t] the contents of a tar [f]ile [v]erbosely:
tar tvf path/to/source.tar
# E[x]tract files matching a pattern from an archive [f]ile:
tar xf path/to/source.tar --wildcards "*.html"
使用
查询某个命令的使用案例:curl cht.sh/sqlmap
❯ curl cht.sh/sqlmap
cheat:sqlmap
---
tags: [ database ]
---
# Test URL and POST data and return database banner (if possible)
./sqlmap.py --url="<url>" --data="<post-data>" --banner
# Parse request data and test | request data can be obtained with burp
./sqlmap.py -r <request-file> <options>
# Fingerprint | much more information than banner
./sqlmap.py -r <request-file> --fingerprint
# Get database username, name, and hostname
./sqlmap.py -r <request-file> --current-user --current-db --hostname
# Check if user is a database admin
./sqlmap.py -r <request-file> --is-dba
# Get database users and password hashes
./sqlmap.py -r <request-file> --users --passwords
# Enumerate databases
./sqlmap.py -r <request-file> --dbs
# List tables for one database
./sqlmap.py -r <request-file> -D <db-name> --tables
# Other database commands
./sqlmap.py -r <request-file> -D <db-name> --columns
--schema
--count
# Enumeration flags
./sqlmap.py -r <request-file> -D <db-name>
-T <tbl-name>
-C <col-name>
-U <user-name>
# Extract data
./sqlmap.py -r <request-file> -D <db-name> -T <tbl-name> -C <col-name> --dump
# Execute SQL Query
./sqlmap.py -r <request-file> --sql-query="<sql-query>"
# Append/Prepend SQL Queries
./sqlmap.py -r <request-file> --prefix="<sql-query>" --suffix="<sql-query>"
# Get backdoor access to sql server | can give shell access
./sqlmap.py -r <request-file> --os-shell
tldr:sqlmap
# sqlmap
# Detect and exploit SQL injection flaws.
# More information: <https://sqlmap.org>.
# Run sqlmap against a single target URL:
python sqlmap.py -u "http://www.target.com/vuln.php?id=1"
# Send data in a POST request (`--data` implies POST request):
python sqlmap.py -u "http://www.target.com/vuln.php" --data="id=1"
# Change the parameter delimiter (& is the default):
python sqlmap.py -u "http://www.target.com/vuln.php" --data="query=foobar;id=1" --param-del=";"
# Select a random `User-Agent` from `./txt/user-agents.txt` and use it:
python sqlmap.py -u "http://www.target.com/vuln.php" --random-agent
# Provide user credentials for HTTP protocol authentication:
python sqlmap.py -u "http://www.target.com/vuln.php" --auth-type Basic --auth-cred "testuser:testpass"
查询某个编程语言的函数语法:curl cht.sh/shell/for
❯ curl cht.sh/shell/for
/*
* Brace expansion, *{x..y}* is performed before other expansions, so you
* cannot use that for variable length sequences.
*
* Instead, use the `seq 2 $max` method as [user *mob* stated][1].
*
* So, for your example it would be:
*/
max=10
for i in `seq 2 $max`
do
echo "$i"
done
/*
* [1]: https://stackoverflow.com/questions/1445452/shell-script-for-
* loop-syntax/1445471#1445471
*
* [whatsisname] [so/q/1445452] [cc by-sa 3.0]
*/
查询 python 的库 httpx 基本使用:curl cht.sh/python/httpx
❯ curl cht.sh/python/httpx
# One could use httpx.Request class to write an prepare_request factory.
# ```python
# import httpx
#
# def prepare_request(method, url, **kwargs):
# a very simple factory
return httpx.Request(method, url, **kwargs)
# request = prepare_request("GET", "https://www.google.com")
#
# client = httpx.Client()
#
# response = client.send(request)
#
# print(response, response.num_bytes_downloaded )
# ```
# used sync client for demonstration only
#
# [seimen] [so/q/72060204] [cc by-sa 3.0]
Refences
-
https://github.com/chubin/cheat.sh
原文始发于微信公众号(人遁安全):值得尝试的终端命令行技巧
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论