Useful One-Liners
Ready-to-use Linux/Unix one-liner collection. HTTP servers, file transfer, text extraction, advanced find, process analysis, binary data, and network debugging recipes organized by category
56 one-liners
python3 -m http.server 8080Python3 HTTP server
python3 -m http.server 8080python3 -m http.server 8080 --bind 127.0.0.1Bind to specific address
python3 -m http.server 8080 --bind 127.0.0.1python -m SimpleHTTPServer 8080Python2 HTTP server
python -m SimpleHTTPServer 8080ruby -run -e httpd . -p 8080Ruby HTTP server
ruby -run -e httpd . -p 8080php -S 0.0.0.0:8080PHP built-in server
php -S 0.0.0.0:8080npx http-server -p 8080Node.js HTTP server
npx http-server -p 8080busybox httpd -f -p 8080BusyBox HTTP server
busybox httpd -f -p 8080perl -MHTTP::Daemon -e '$d=HTTP::Daemon->new(LocalPort=>8080)||die;print "URL: ",$d->url;while($c=$d->accept){while($r=$c->get_request){$c->send_file_response(".".$r->url->path)}}'Perl HTTP server
perl -MHTTP::Daemon -e '$d=HTTP::Daemon->new(LocalPort=>8080)||die;...'nc -lvnp 4444 < file.txtSend file with Netcat
nc -lvnp 4444 < file.txtnc HOST 4444 > file.txtReceive file with Netcat
nc HOST 4444 > file.txtcurl -T file.txt http://HOST:8080/Upload file with curl
curl -T file.txt http://HOST:8080/curl -O http://HOST:8080/file.txtDownload file with curl
curl -O http://HOST:8080/file.txtscp file.txt user@host:/path/Transfer file with SCP
scp file.txt user@host:/path/rsync -avz --progress src/ user@host:dest/Sync with rsync
rsync -avz --progress src/ user@host:dest/base64 file.bin | tr -d '\n'Transfer via Base64 encoding
base64 file.bin | tr -d '\n'wget -r -np -nH --cut-dirs=1 http://HOST/dir/Recursive download with wget
wget -r -np -nH --cut-dirs=1 http://HOST/dir/grep -oE '[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}' file.txtExtract email addresses
grep -oE '[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}' file.txtgrep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' file.txtExtract IP addresses
grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' file.txtgrep -oE 'https?://[^ "]+' file.txtExtract URLs
grep -oE 'https?://[^ "]+' file.txtgrep -oE '[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}' file.txt | sort -uExtract domains
grep -oE '[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}' file.txt | sort -usort file.txt | uniq -c | sort -rn | head -20Sort by occurrence count
sort file.txt | uniq -c | sort -rn | head -20sed '/^$/d' file.txtRemove blank lines
sed '/^$/d' file.txtsed -n '/START/,/END/p' file.txtExtract between patterns
sed -n '/START/,/END/p' file.txtawk -F',' '{print $1,$3}' file.csvExtract specific CSV columns
awk -F',' '{print $1,$3}' file.csvfind / -perm -4000 -type f 2>/dev/nullFind SUID files
find / -perm -4000 -type f 2>/dev/nullfind / -writable -type d 2>/dev/nullFind writable directories
find / -writable -type d 2>/dev/nullfind / -writable -type f 2>/dev/nullFind writable files
find / -writable -type f 2>/dev/nullfind / -mtime -1 -type f 2>/dev/nullFind files modified in last 24h
find / -mtime -1 -type f 2>/dev/nullfind / -size +100M -type f 2>/dev/nullFind files larger than 100MB
find / -size +100M -type f 2>/dev/nullfind . -empty -type fFind empty files
find . -empty -type ffind . -name "*.tmp" -type f -deleteFind and delete matching files
find . -name "*.tmp" -type f -deletefind . -name "*.log" -exec grep -l "error" {} \;Find and execute command
find . -name "*.log" -exec grep -l "error" {} \;lsof -p PIDOpen files by process
lsof -p PIDlsof -i -P -n | grep LISTENListening ports
lsof -i -P -n | grep LISTENlsof -i :8080Process using a port
lsof -i :8080ls -la /proc/PID/fdProcess file descriptors
ls -la /proc/PID/fdstrace -p PID -f -e trace=networkTrace system calls
strace -p PID -f -e trace=networkps auxfDisplay process tree
ps auxfps aux --sort=-%mem | head -20Top memory consumers
ps aux --sort=-%mem | head -20ps aux --sort=-%cpu | head -20Top CPU consumers
ps aux --sort=-%cpu | head -20xxd file.bin | head -50Hex dump
xxd file.bin | head -50xxd -p file.binBinary to hex string
xxd -p file.binxxd -r -p hex.txt file.binHex string to binary
xxd -r -p hex.txt file.binstrings -n 8 file.binExtract strings from binary
strings -n 8 file.bindd if=/dev/sda of=backup.img bs=4M status=progressCopy disk image
dd if=/dev/sda of=backup.img bs=4M status=progressobjdump -h binaryBinary section headers
objdump -h binarybase64 file.bin > file.b64Base64 encode
base64 file.bin > file.b64base64 -d file.b64 > file.binBase64 decode
base64 -d file.b64 > file.bintcpdump -i eth0 -w capture.pcapPacket capture
tcpdump -i eth0 -w capture.pcaptcpdump -i eth0 'port 80' -ACapture HTTP traffic
tcpdump -i eth0 'port 80' -Aiptables -L -n -v --line-numbersList firewall rules
iptables -L -n -v --line-numbersss -tulnpListening TCP/UDP ports
ss -tulnpcurl -o /dev/null -s -w 'DNS: %{time_namelookup}s\nConnect: %{time_connect}s\nTLS: %{time_appconnect}s\nTotal: %{time_total}s\n' https://example.comcurl connection timing
curl -o /dev/null -s -w 'DNS: %{time_namelookup}s\nConnect: %{time_connect}s\n...' https://example.comss -sNetwork connection statistics
ss -sarp -aDisplay ARP table
arp -aip route showDisplay routing table
ip route show