Skip to main content

Linux find command

Search in the current directory:

find -name password.txt

find -name *.txt


Create two files using touch command:

touch file-1 file-2

find file*   (all file will be populated)

find *1   (only file-1 will be populated)


Find command syntax is:

find what where


Sometimes you need to go outside from your current directory to search files or directories. 

Then you can use -type flag along with -f and -d switch. -f for files and -d for directories. 

-name is another flag that says what is the name of your files or directories. -iname is for case insensitive. 

Another thing to remember, when you use * sign then use quotes. for example: say you want to find all .xml files. so you normally type .*xml 

But if you type this way then intended result will not come. So prefer way to use asterisk sign is use in between quotes. like this --> "*.xml"


Find all files whose name ends with .xml

find / -type f -name "*.xml"


Find all files in the /home directory (recursive) whose name is "user.txt" (case insensitive)

find /home -type f -iname "user.txt"


Find all directories whose name contains the word exploits.

find / -type d -name "*exploits*"



Sometimes just mentioning the file name is not enough. you just need to specify the username, file size, file permission and the time when the file was last modified or accessed. 

If you need to find a file whose owner is any specific user then you need to specify -user flag. 

Find all files owned by the user "kittycat"

find / -type f -user kittycat


If you want to search by file size then you need to give -size flag.

For numerical value, n is used. -n for value less than the actual one, +n the value greater than the actual one, n exact value. For mentioning size, you also need a suffix, for bytes suffix would be c, k for kilobytes and M for megabytes. i.e. less than 30 bytes would be -30c

 

Find all files that are exactly 150 bytes in size. 

 

find / -type f -size 150c

 

 

Find all files in the /home directory (recursive) with size less than 2KiB's and extension ".txt" 

 

file /home -type f -size -2k -name "*.txt"

 

 

You may need to find files based on permissions. For that reason, use -perm flag. Either in octal format (644) or in symbolic format (u=r). If you specify the permission as 644 or u=r, then it will return you the result exactly. However you can use - or / prefix for more inclusive search.

For example, -444 will return at least readable permission for everyone and it will also return who has writable or executable permissions.

/666 will return matches that readable and writable by at least one of the groups (owner, group or others).

 

 Find all files that are exactly readable writable by the owner, and readable by everyone else (use octal format)

find / -type f -perm 644 


Find all files that are only readable by anyone (use octal format)

find / -type f -perm 444


Find all files with write permission for the group others, regardless of any other permissions, with extension ".sh" (use symbolic format)

find / -type f -perm -o=w -name "*.sh"


Find all files that has user bit set as suid. 

find / -type f -perm -u=s 2>/dev/null


Find all files in the /usr/bin directory (recursive) that are owned by root and have at least the SUID permission (use symbolic format)

find /usr/bin -type f -user root -perm -u=s

 

 

Time related, it is more complex than the others but proved to be more useful.

Here flag contains word and a prefix
Words are min and time 

When days are mentioned then time is used and when hours mentioned then min is used.

Prefix contains such as, a for accessed, m for modified and c for changed. -size flag rule is same as numerical value except there will be no suffix.

In order to specify that a file was last accessed more than 30 minutes ago, the option -amin -30 is used. To specify that it was modified less than 7 days ago, the option -mtime -7 is used. (Note: when you want to specify that a file was modified within the last 24 hours, the option -mtime 0 is used.)
 

Find all files that were not accessed in the last 10 days with extension ".png"

find / -type f -atime -10 -name "*.png"


Find all files in the /usr/bin directory (recursive) that have been modified within the last 2 hours. 

find /usr/bin -type f -mmin -120 


Find all empty folder and delete empty folder:

find . -type d -empty -exec rmdir -v {} +





Avi








Comments

Post a Comment

Popular posts from this blog

Install Nessus from docker

Docker installation. Give the below commands one by one. apt install docker-cli or apt install docker.io After the installation is complete, if you are inside wsl then give this command to start docker, because inside wsl systemd (systemctl) does not work: service docker start WSL troubleshooting : If the above command " service docker start " does not work then use below command: dockerd (It may not work if any previous docker process is running. It will show you pid of that process. Use this command to kill that process " kill -9 pid " and run dockerd command again) If " docker ps -a " giving error like " Cannot connect to the Docker daemon at unix:///run/podman/podman.sock. Is the docker daemon running? " This is because you may installed podman-docker package. If you remove the package still you will get this error but you should remove the package. Then issue this command: env | grep -i docker DOCKER_HOST=unix:///run/podman/podman.sock   --...
Post a Comment
Read more

Installtion of SQLMutant tool

This tool is perfectly works on ubuntu 24 system. And I found it is not working properly in kali linux 24 version.   https://github.com/blackhatethicalhacking/SQLMutant/tree/main This tool need to use along with sqlmap tool. Showing this cheat sheet for kali or debian based system.  This tool actually analyze everything and give you the vulnerable url where sql injection is possible. You just need to use then sqlmap to exploit that.   Prerequisite: apt install pipx -y (for ubuntu) pip3 install uro or pipx install uro pipx ensurepath pipx completions  (not needed)  source ~/.bashrc   or restart system If go tool is not installed then run the below two commands first ( golang-go ) or follow this link to install go (https://mahimfiroj.blogspot.com/2024/12/installing-nuclei-in-kali.html) otherwise skip this step.   dpkg -l | grep packagename (Using this command you can check package is installed or not) apt install gccgo-go -y or apt install gol...
Post a Comment
Read more

Installing nuclei and go tool in kali

 First you need to install go: https://go.dev/doc/install You need to download this go tool go1.23.4.linux-amd64.tar.gz by clicking the Download button.  Say you are root and download the tool in your Downloads directory. Now run the below command: tar -C /usr/local -xzf go1.23.4.linux-amd64.tar.gz (if this cmd fails then you need to move this tool to /usr/local folder then run this cmd tar -xzf  go1.23.4.linux-amd64.tar.gz) Now add /usr/local/go/bin to the PATH environment variable. You can do this by adding the following line to your $HOME/.profile or /etc/profile (for a system-wide installation): export PATH=$PATH:/usr/local/go/bin Now use the following command for immediate effect. Preventing you from log off then log back in: source $HOME/.profile go version (to check it is installed successfully) Install nuclei: go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest or apt install nuclei nuclei -update-templates nuclei -u https://www.domain....
Post a Comment
Read more