awk 实战
awk 一些好玩的用法.有什么不错的点子可以留言,发挥出awk牛逼功能
分离mac地址
ifconfig wlan0 | grep eth | awk '{n=split($2,arr,":"); for(i=1;i<=n;i++)printf" "arr[i];print ""}'
提取eth0信息
ifconfig | awk 'NR==1 {print substr($1,1,4)"\n---------------------------------"};NR==2{split($0,a," "); print a[1]"\t\t"a[2]"\n"a[3]"\t\t"a[4]"\n"a[5]"\t"a[6]}NR==4{print $1"\t\t"$2"\n"}'
获取网卡信息
ifconfig | awk ' NR==1{d1=substr($1,1,4)} NR==11{d2=substr($1,1,2)} NR==20{d3=substr($1,1,5)} NR==2||NR==4||NR==12||NR==21{ if(NR==2)print d1"\t"$2; if(NR==4)print $1"\t"$2; if(NR==12)print d2"\t"$2; if(NR==21)print d3"\t"$2; }'
重构输出端口服务信息
netstat -ntpl | awk "-F[\: /]+" ' BEGIN{ print "Type\t IP\t\t PORT\t PID\t PName\t" } NR!=1 && NR!=2 { if($1=="tcp6"){ print $1"\t\t\t "$4"\t "$7"\t"$8 }else{ print $1"\t " $4"\t " $5"\t " $9"\t " $10; } }'
如何以特殊符号作为分隔符号
echo -e /11\\22'!'33\$44\'55\"/ |awk "-F[\\\\\ /\$\"\'\!]" '{print $1,$2,$3,$4,$5,$6}'
彩色字体打印
echo -e "\n\n\n\n\n" | awk '{
for(i=NR;i>0;i--){
printf "\033[3"i"maaaa "
}
printf("\n");
}
END{
printf "\033[0m"
}' echo -e "\n\n\n\n\n" | awk '{
for(i=NR;i>0;i--){
printf "\033[4"i"maaaa "
}
printf("\n")
}
END{
printf "\033[0m"
}'
使用正则过滤
awk '!/bash$/' /etc/passwd awk /bash$/ /etc/passwd
生成5个1-10内的随机数
awk 'BEGIN{ srand(); printf "%5d%5d%5d%5d%5d\n", rand()*10,rand()*10,rand()*10,rand()*10,rand()*10; '}
结合nmap 主机范围扫描过滤重要信息
nmap -n -v -T4 -sn 192.168.0.0/24 #一大长串,很多都是不想要的信息
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2018-02-06 11:06 CST Initiating ARP Ping Scan at 11:06 Scanning 255 hosts [1 port/host] Completed ARP Ping Scan at 11:06, 4.07s elapsed (255 total hosts) Nmap scan report for 192.168.0.0 [host down] Nmap scan report for 192.168.0.1 Host is up (0.0015s latency). MAC Address: 04:95:E6:C4:98:90 (Unknown) Nmap scan report for 192.168.0.2 Host is up (0.0015s latency). MAC Address: 04:95:E6:C4:98:90 (Unknown) Nmap scan report for 192.168.0.3 [host down] Nmap scan report for 192.168.0.4 [host down] Nmap scan report for 192.168.0.5 [host down] ... Nmap scan report for 192.168.0.106 [host down] Nmap scan report for 192.168.0.107 [host down] Nmap scan report for 192.168.0.108 Host is up (0.22s latency). MAC Address: 78:D3:8D:0F:A5:48 (Hongkong Yunlink Technology Limited) Nmap scan report for 192.168.0.109 [host down] ... Nmap scan report for 192.168.0.169 [host down] Nmap scan report for 192.168.0.170 [host down] Nmap scan report for 192.168.0.171 Host is up (0.25s latency). MAC Address: 50:8F:4C:79:8D:CB (Unknown) Nmap scan report for 192.168.0.172 Host is up (0.13s latency). MAC Address: E8:65:D4:A6:36:58 (Unknown) Nmap scan report for 192.168.0.173 [host down] Nmap scan report for 192.168.0.174 [host down] ... Nmap scan report for 192.168.0.255 [host down] Nmap scan report for 192.168.0.141 Host is up. Read data files from: /usr/bin/../share/nmap Nmap done: 256 IP addresses (6 hosts up) scanned in 4.15 seconds Raw packets sent: 508 (14.224KB) | Rcvd: 7 (196B)
编辑一个shell 过滤脚本nmap-range.sh
grep -v "down" | awk 'NR>5{print $0}' | awk '{ if((NR-1)%3==0){ printf $5 }else if(NR%3==0){ if($3 == "files"){ print "\tThis is you\n" } else if(NR>4){ print "\t"$3"\t"$4,$5,$6,$7,$8 } else{ print "\t"$3"\t"$4 } } }'
重新执行nmap 并管道传入过滤脚本处理
nmap -n -v -T4 -sn 192.168.0.0/24 | bash nmap-range.sh
内存百分比动态监控脚本
#!/bin/bash while [ 1 ] do clear free -m | grep Mem: | awk '{per=$3*100/$2;print "\033[31mCurrent Mem\033[36m:"substr(per,1,5)"%\033[0m"}' sleep 1 done
制作成绩表格
源数据:sr
Marry 2143 78 84 77 Jack 2144 66 77 45 Tom 2145 80 83 61 Mike 2146 90 80 73 Bob 2148 91 93 92 Demon 2150 99 93 94
对成绩进行统计并且生成 表格
awk "-F[\t ]+" ' BEGIN{ printf "%5s\t%5s\t%5s\t%5s\t%7s\t%9s\t%4s\n", "NR","Name","No","Math","Chinese","English","Total"; printf "************************************"; printf "**********************************\n"; mat=0;chi=0;eng=0;tot=0; } {total=$3+$4+$5;printf "%5s\t%5s\t%5s\t%5s\t%7s\t%9s\t%4s\n", NR,$1,$2,$3,$4,$5,total;mat+=$3;chi+=$4;eng+=$5;tot+=total; } END{ printf "************************************"; printf "**********************************\n"; mat /= NR; chi /= NR; eng /= NR; tot /= NR; mat = substr(mat,1,4); chi = substr(chi,1,4); eng = substr(eng,1,4); tot = substr(tot,1,5); printf "Avg\t\t\t%5s\t%7s\t%11s\t%6s\n",mat,chi,eng,tot; }' sr
网站访问次数统计
源数据:
http://www.baidu.com/index.html http://www.qq.com/index.html http://www.qq.com/index.html http://www.baidu.com/index.html http://www.qq.com/index.html http://www.baidu.com/index.html http://www.baidu.com/index.html http://www.163.com/1.html http://www.demon.com/2.html http://www.qq.com/index.html http://www.163.com/1.html http://www.demon.com/2.html http://www.qq.com/index.html http://www.163.com/1.html http://www.demon.com/2.html http://www.qq.com/index.html http://www.163.com/1.html http://www.demon.com/2.html http://www.qq.com/index.html http://www.demon.com/2.html http://www.baidu.com/index.html http://www.google.com/index.html http://www.demon.com/2.html http://www.baidu.com/index.html http://www.163.com/1.html http://www.demon.com/2.html http://www.google.com/index.html http://www.163.com/1.html http://www.baidu.com/index.html http://www.demon.com/2.html http://www.163.com/1.html http://www.google.com/index.html http://www.baidu.com/index.html http://www.demon.com/2.html http://www.163.com/1.html http://www.baidu.com/index.html
awk "-F[/]" '{arr[$3]++;}END{for(i in arr)print i"\t"arr[i]}' site
批量创建文件
awk -F: '{if(length($1)>7){print substr($1,1,5)}else{print $1}}' /etc/passwd > test awk '{fileName = $1".php"; system("touch "fileName)}' test
使用awk防web页面爆破扫描
#!/bin/bash HTTP_ERROR_LOG="/var/log/httpd/error_log" WarnningCount=30 # $8 is ipaddress, e.g: "218.93.201.199]" # /^[0-9]{1,3}(.[0-9]{1,3}){3}/ REGpattern match the IPaddress # gsub(/]/,"",$8); delete the lastest character ']' # iptables -I INPUT -s 185.222.209.151 -m state --state NEW,RELATED,ESTABLISHED -j DROP awk -v "c=$WarnningCount" --posix ' BEGIN{ print "DangerIP\tScanCount"; } $8 ~ /^[0-9]{1,3}(.[0-9]{1,3}){3}/ { gsub(/]/,"",$8); IP[$8]++; } END { for(i in IP){ if(IP[i]>=c){ print i"\t"IP[i]; system("iptables -I INPUT -s "i" -m state --state NEW,RELATED,ESTABLISHED -j DROP "); } } } ' $HTTP_ERROR_LOG
cut切割字符串
head /etc/passwd | cut -c 1-13 | cut -d: -f1
awk 遇到的错误
使用awk正则匹配 passwd 文件里含有两个o的行:
awk -F: '/o{2}/' /etc/passwd
结果无论怎么尝试都匹配不出来,后面缩小范围确定错误出在正则的量词上也就是那对大括号
经过资料查阅,解决办法就是需要加上一个参数: --posix 或--re-interval 选一个
awk --posix -F: '/o{2}/' /etc/passwd
程序员最高境界:静若瘫痪,动若癫痫
