Skip to main content

Linux find command

Search in the current directory:

find -name password.txt

find -name *.txt


Create two files using touch command:

touch file-1 file-2

find file*   (all file will be populated)

find *1   (only file-1 will be populated)


Find command syntax is:

find what where


Sometimes you need to go outside from your current directory to search files or directories. 

Then you can use -type flag along with -f and -d switch. -f for files and -d for directories. 

-name is another flag that says what is the name of your files or directories. -iname is for case insensitive. 

Another thing to remember, when you use * sign then use quotes. for example: say you want to find all .xml files. so you normally type .*xml 

But if you type this way then intended result will not come. So prefer way to use asterisk sign is use in between quotes. like this --> "*.xml"


Find all files whose name ends with .xml

find / -type f -name "*.xml"


Find all files in the /home directory (recursive) whose name is "user.txt" (case insensitive)

find /home -type f -iname "user.txt"


Find all directories whose name contains the word exploits.

find / -type d -name "*exploits*"



Sometimes just mentioning the file name is not enough. you just need to specify the username, file size, file permission and the time when the file was last modified or accessed. 

If you need to find a file whose owner is any specific user then you need to specify -user flag. 

Find all files owned by the user "kittycat"

find / -type f -user kittycat


If you want to search by file size then you need to give -size flag.

For numerical value, n is used. -n for value less than the actual one, +n the value greater than the actual one, n exact value. For mentioning size, you also need a suffix, for bytes suffix would be c, k for kilobytes and M for megabytes. i.e. less than 30 bytes would be -30c

 

Find all files that are exactly 150 bytes in size. 

 

find / -type f -size 150c

 

 

Find all files in the /home directory (recursive) with size less than 2KiB's and extension ".txt" 

 

file /home -type f -size -2k -name "*.txt"

 

 

You may need to find files based on permissions. For that reason, use -perm flag. Either in octal format (644) or in symbolic format (u=r). If you specify the permission as 644 or u=r, then it will return you the result exactly. However you can use - or / prefix for more inclusive search.

For example, -444 will return at least readable permission for everyone and it will also return who has writable or executable permissions.

/666 will return matches that readable and writable by at least one of the groups (owner, group or others).

 

 Find all files that are exactly readable writable by the owner, and readable by everyone else (use octal format)

find / -type f -perm 644 


Find all files that are only readable by anyone (use octal format)

find / -type f -perm 444


Find all files with write permission for the group others, regardless of any other permissions, with extension ".sh" (use symbolic format)

find / -type f -perm -o=w -name "*.sh"


Find all files that has user bit set as suid. 

find / -type f -perm -u=s 2>/dev/null


Find all files in the /usr/bin directory (recursive) that are owned by root and have at least the SUID permission (use symbolic format)

find /usr/bin -type f -user root -perm -u=s

 

 

Time related, it is more complex than the others but proved to be more useful.

Here flag contains word and a prefix
Words are min and time 

When days are mentioned then time is used and when hours mentioned then min is used.

Prefix contains such as, a for accessed, m for modified and c for changed. -size flag rule is same as numerical value except there will be no suffix.

In order to specify that a file was last accessed more than 30 minutes ago, the option -amin -30 is used. To specify that it was modified less than 7 days ago, the option -mtime -7 is used. (Note: when you want to specify that a file was modified within the last 24 hours, the option -mtime 0 is used.)
 

Find all files that were not accessed in the last 10 days with extension ".png"

find / -type f -atime -10 -name "*.png"


Find all files in the /usr/bin directory (recursive) that have been modified within the last 2 hours. 

find /usr/bin -type f -mmin -120 


Find all empty folder and delete empty folder:

find . -type d -empty -exec rmdir -v {} +





Avi








Comments

Post a Comment

Popular posts from this blog

API hacking lab setup

 Follow the commands to install and configure API hacking lab: 1. Install kali linux and update all the packages.  apt update -y apt upgrade -y or apt dist-upgrade -y or apt full-upgrade -y If you face any problem regarding update, install cloud flare warp in the host machine, then again start updating packages in your kali vm.  2. Install and configure burpsuite professional.  Open burpsuite and go to Extender tab. Click on BAppStore. Search for Autorize extension, It will help us to automate authorization testing. Click on Download Jython. From Jython website click on Jython standalone and save it. Go to Extender > Options and under python environment select the jython jar file that you just downloaded. Now again go to BAppStore and re-search for Autorize extension. You will see Install option this time after selecting Autorize extension. Install it. You will see all the installed extensions under Extender > Extensions tab.  3. Install foxy proxy to prox...
Post a Comment
Read more

Installing Codename SCNR web application scanner on ubuntu | kali

  Perform the following steps from a non-root user. We will go for manual installation.  https://github.com/scnr/installer?tab=readme-ov-file#manual-installation https://github.com/scnr/installer/releases wget https://github.com/scnr/installer/releases/download/v1.7.3/scnr-v1.7.3-linux-x86_64.tar.gz   (Download using normal user) tar -xvzf scnr-v1.7.3-linux-x86_64.tar.gz cd scnr-v1.7.3 cd bin Now go to their website ( https://ecsypno.com/products/scnr ) and subscribe for community edition license from your official email.  ./scnr_activate 6XQ97FW3LVBECD0UJ5H214 ./scnr https://www.example.net/Login.aspx --system-slots-override Now they generate .ser format report after testing the application by default which is hard to read. We need html report. So for example, to generate an HTML report: ./scnr_reporter --report=html:outfile=my_report.html.zip /home/user/.scnr/reports/report.ser Avi
Post a Comment
Read more

Install Nessus from docker

Docker installation. Give the below commands one by one. apt install docker-cli or apt install docker.io After the installation is complete, if you are inside wsl then give this command to start docker, because inside wsl systemd (systemctl) does not work: service docker start WSL troubleshooting : If the above command " service docker start " does not work then use below command: dockerd (It may not work if any previous docker process is running. It will show you pid of that process. Use this command to kill that process " kill -9 pid " and run dockerd command again) If " docker ps -a " giving error like " Cannot connect to the Docker daemon at unix:///run/podman/podman.sock. Is the docker daemon running? " This is because you may installed podman-docker package. If you remove the package still you will get this error but you should remove the package. Then issue this command: env | grep -i docker DOCKER_HOST=unix:///run/podman/podman.sock   --...
Post a Comment
Read more