awk 实战

awk 一些好玩的用法.有什么不错的点子可以留言,发挥出awk牛逼功能

 

分离mac地址

ifconfig wlan0 | grep eth | awk '{n=split($2,arr,":"); for(i=1;i<=n;i++)printf" "arr[i];print ""}'

 

提取eth0信息

ifconfig   | awk 'NR==1 {print substr($1,1,4)"\n---------------------------------"};NR==2{split($0,a," "); print a[1]"\t\t"a[2]"\n"a[3]"\t\t"a[4]"\n"a[5]"\t"a[6]}NR==4{print $1"\t\t"$2"\n"}'

 

获取网卡信息

ifconfig | awk '
NR==1{d1=substr($1,1,4)}
NR==11{d2=substr($1,1,2)}
NR==20{d3=substr($1,1,5)}
NR==2||NR==4||NR==12||NR==21{
  if(NR==2)print d1"\t"$2;
  if(NR==4)print $1"\t"$2;
  if(NR==12)print d2"\t"$2;
  if(NR==21)print d3"\t"$2;
}'



重构输出端口服务信息

netstat -ntpl | awk "-F[\: /]+" '
BEGIN{
  print "Type\t IP\t\t PORT\t PID\t PName\t"
}
NR!=1 && NR!=2 {
  if($1=="tcp6"){
    print $1"\t\t\t "$4"\t "$7"\t"$8
  }else{
    print $1"\t " $4"\t " $5"\t " $9"\t " $10;
  }
}'

 

如何以特殊符号作为分隔符号

echo -e  /11\\22'!'33\$44\'55\"/ |awk "-F[\\\\\ /\$\"\'\!]" '{print $1,$2,$3,$4,$5,$6}'

 

彩色字体打印

echo -e "\n\n\n\n\n" | awk '{
  for(i=NR;i>0;i--){
    printf "\033[3"i"maaaa "
  }
  printf("\n");
}
END{
printf "\033[0m"
}
' echo -e "\n\n\n\n\n" | awk '{
for(i=NR;i>0;i--){
printf "\033[4"i"maaaa "
}
printf("\n")
}
END{
printf "\033[0m"
}
'

 

 

使用正则过滤

awk '!/bash$/' /etc/passwd
awk /bash$/ /etc/passwd

 

生成5个1-10内的随机数

awk 'BEGIN{
  srand();
  printf "%5d%5d%5d%5d%5d\n",
  rand()*10,rand()*10,rand()*10,rand()*10,rand()*10;
'}

 

结合nmap 主机范围扫描过滤重要信息

nmap -n -v -T4 -sn 192.168.0.0/24    #一大长串,很多都是不想要的信息

Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2018-02-06 11:06 CST
Initiating ARP Ping Scan at 11:06
Scanning 255 hosts [1 port/host]
Completed ARP Ping Scan at 11:06, 4.07s elapsed (255 total hosts)
Nmap scan report for 192.168.0.0 [host down]
Nmap scan report for 192.168.0.1
Host is up (0.0015s latency).
MAC Address: 04:95:E6:C4:98:90 (Unknown)
Nmap scan report for 192.168.0.2
Host is up (0.0015s latency).
MAC Address: 04:95:E6:C4:98:90 (Unknown)
Nmap scan report for 192.168.0.3 [host down]
Nmap scan report for 192.168.0.4 [host down]
Nmap scan report for 192.168.0.5 [host down]
...
Nmap scan report for 192.168.0.106 [host down]
Nmap scan report for 192.168.0.107 [host down]
Nmap scan report for 192.168.0.108
Host is up (0.22s latency).
MAC Address: 78:D3:8D:0F:A5:48 (Hongkong Yunlink Technology Limited)
Nmap scan report for 192.168.0.109 [host down]
...
Nmap scan report for 192.168.0.169 [host down]
Nmap scan report for 192.168.0.170 [host down]
Nmap scan report for 192.168.0.171
Host is up (0.25s latency).
MAC Address: 50:8F:4C:79:8D:CB (Unknown)
Nmap scan report for 192.168.0.172
Host is up (0.13s latency).
MAC Address: E8:65:D4:A6:36:58 (Unknown)
Nmap scan report for 192.168.0.173 [host down]
Nmap scan report for 192.168.0.174 [host down]
...
Nmap scan report for 192.168.0.255 [host down]
Nmap scan report for 192.168.0.141
Host is up.
Read data files from: /usr/bin/../share/nmap
Nmap done: 256 IP addresses (6 hosts up) scanned in 4.15 seconds
           Raw packets sent: 508 (14.224KB) | Rcvd: 7 (196B)

编辑一个shell 过滤脚本nmap-range.sh

grep -v "down"       |
awk 'NR>5{print $0}' |
awk '{
  if((NR-1)%3==0){
    printf $5
  }else if(NR%3==0){
     if($3 == "files"){
       print "\tThis is you\n"
     }
     else if(NR>4){
       print "\t"$3"\t"$4,$5,$6,$7,$8
     }
     else{ 
       print "\t"$3"\t"$4
     }
  }
}'

 

重新执行nmap 并管道传入过滤脚本处理

nmap -n -v -T4 -sn 192.168.0.0/24 | bash nmap-range.sh


内存百分比动态监控脚本

#!/bin/bash

while [ 1 ] 
do
clear
free -m | grep Mem: | awk '{per=$3*100/$2;print "\033[31mCurrent Mem\033[36m:"substr(per,1,5)"%\033[0m"}'
sleep 1
done

 

制作成绩表格 

源数据:sr

Marry   2143 78 84 77
Jack    2144 66 77 45
Tom     2145 80 83 61
Mike    2146 90 80 73
Bob     2148 91 93 92
Demon   2150 99 93 94

对成绩进行统计并且生成 表格

awk "-F[\t ]+" '
BEGIN{
  printf "%5s\t%5s\t%5s\t%5s\t%7s\t%9s\t%4s\n",
       "NR","Name","No","Math","Chinese","English","Total";
  printf "************************************";
  printf "**********************************\n";
  mat=0;chi=0;eng=0;tot=0;
}
{total=$3+$4+$5;printf "%5s\t%5s\t%5s\t%5s\t%7s\t%9s\t%4s\n",
        NR,$1,$2,$3,$4,$5,total;mat+=$3;chi+=$4;eng+=$5;tot+=total;
}
END{
   printf "************************************";
   printf "**********************************\n";
   mat /= NR;  chi /= NR; eng /= NR; tot /= NR;
   mat = substr(mat,1,4); 
   chi = substr(chi,1,4); 
   eng = substr(eng,1,4);  tot = substr(tot,1,5);
   printf "Avg\t\t\t%5s\t%7s\t%11s\t%6s\n",mat,chi,eng,tot;
}' sr

 

网站访问次数统计

源数据:

http://www.baidu.com/index.html
http://www.qq.com/index.html
http://www.qq.com/index.html
http://www.baidu.com/index.html
http://www.qq.com/index.html
http://www.baidu.com/index.html
http://www.baidu.com/index.html
http://www.163.com/1.html
http://www.demon.com/2.html
http://www.qq.com/index.html
http://www.163.com/1.html
http://www.demon.com/2.html
http://www.qq.com/index.html
http://www.163.com/1.html
http://www.demon.com/2.html
http://www.qq.com/index.html
http://www.163.com/1.html
http://www.demon.com/2.html
http://www.qq.com/index.html
http://www.demon.com/2.html
http://www.baidu.com/index.html
http://www.google.com/index.html
http://www.demon.com/2.html
http://www.baidu.com/index.html
http://www.163.com/1.html
http://www.demon.com/2.html
http://www.google.com/index.html
http://www.163.com/1.html
http://www.baidu.com/index.html
http://www.demon.com/2.html
http://www.163.com/1.html
http://www.google.com/index.html
http://www.baidu.com/index.html
http://www.demon.com/2.html
http://www.163.com/1.html
http://www.baidu.com/index.html
awk "-F[/]" '{arr[$3]++;}END{for(i in arr)print i"\t"arr[i]}' site

 

批量创建文件

awk -F: '{if(length($1)>7){print substr($1,1,5)}else{print $1}}' /etc/passwd > test
awk '{fileName = $1".php"; system("touch "fileName)}' test

 

使用awk防web页面爆破扫描

#!/bin/bash

HTTP_ERROR_LOG="/var/log/httpd/error_log"
WarnningCount=30


# $8 is ipaddress,                      e.g: "218.93.201.199]"
# /^[0-9]{1,3}(.[0-9]{1,3}){3}/         REGpattern match the IPaddress
# gsub(/]/,"",$8);                      delete the lastest character ']'
# iptables -I INPUT -s 185.222.209.151 -m state --state  NEW,RELATED,ESTABLISHED -j DROP

awk   -v "c=$WarnningCount" --posix '
  BEGIN{
    print "DangerIP\tScanCount";
  }

  $8 ~ /^[0-9]{1,3}(.[0-9]{1,3}){3}/   {
     gsub(/]/,"",$8); 
     IP[$8]++;
  }

  END {
    for(i in IP){
      if(IP[i]>=c){
        print i"\t"IP[i];
        system("iptables -I INPUT -s "i" -m state --state NEW,RELATED,ESTABLISHED -j DROP ");  
      }
    }
  }
' $HTTP_ERROR_LOG

 

 

cut切割字符串

head /etc/passwd | cut -c 1-13 | cut -d: -f1

 

awk 遇到的错误

使用awk正则匹配 passwd 文件里含有两个o的行:

awk  -F:  '/o{2}/'  /etc/passwd    

结果无论怎么尝试都匹配不出来,后面缩小范围确定错误出在正则的量词上也就是那对大括号

经过资料查阅,解决办法就是需要加上一个参数: --posix  或--re-interval 选一个

awk --posix -F: '/o{2}/' /etc/passwd

 

转载请注明出处:http://www.cnblogs.com/demonxian3/p/8425247.html

awk参考网址 https://www.cnblogs.com/quincyhu/p/5884390.html

posted @ 2018-02-07 09:55  Khazix  阅读(224)  评论(0编辑  收藏  举报