Grep away your day with this useful reference guide…
Global regular expression print, more commonly known as ‘grep’ is a command line tool that essentially has the capability to search for strings in plain-text data.
Its first initial release was way back in the 70’s primarily for Unix, although several operating systems are now supported through various different variants of grep.
For penetration testers and ethical Hackers alike, grep still remains today one of the most useful tools to have knowledge of. Be it simply searching for passwords or useful configuration data to perhaps compiling a list IP of addresses, grep is a tool you should get familiar with!
Let’s dive in and have a look at the basics.
One of the most basic ways to use grep is as follows -
Very basic grep example
Here we’re simple searching for the string ‘password’ in .txt file that are in the current directory.
It’s possible to recursively search with grep using the -r switch but do be careful when using this. Depending on your system specification and amount of files it could take a while.
In the next example we have navigated to the root directory and performed a recursive search, note for the purpose of this example we have copied the notes.txt file into a folder called ‘testing’ which is on the Desktop. To save vast output we’ve also renamed the file extension to .zzz but you should get the idea of what’s happening here. Also, notice the use of the — include switch that allows us to specify the desired file extension.
Recursive grep search with -r switch
With these basic two examples one can start to get a picture of how useful things can start to become when using grep and we’ve only just got started.
Let’s have a look at some other examples by taking things a little further.
In this next example we’ve made another file ‘secret.zzz’ which also has some references to ‘password’ inside it. Wow, looks like we’re starting to get lucky with some useful information.
We’ve found some passwords!
Now we could go and open this file in order to verify this information but you would have to search again within the file to find it. This is fairly trivial stuff for any decent text editor but lets say you wanted grep to give you a clue where the matches are. This is no problem, let’s just tack on the -n switch to show line number matches.
grep with line matches using the -n switch
Yes, now we have some useful line number matches to help us out. Some of you have probably noticed another problem here though, we seem to be matching any instance of ‘password’ even if it’s wrapped around other words as can be seen above. As you’ve probably guess yes grep can search for exact matches. All we have to do is add on the -w switch.
grep matching whole words with the -w switch
There we go whole words only!
Now what about that password, let’s see if we can have a peek at the lines before in case there was also a user name entry.
grep with -B for lines before match
Specifying the -B {d} will tell grep to output X lines before the match, in this case we’ve tried 1 line before the match but had no joy as can be seen. Not to worry, let’s now try lines after the match with the -A switch. Again, we’ll go for 1 line extra.
grep with -A for lines after match
Aha, so now we can see there was actually a username specified on the line after the password match, interesting…
If you want to search for both lines before and after at the same time you can simply specify the -C switch followed by the number of lines before and after you wish to show.
Using the basic example flow above you can see how grep can become very useful if you know how to use it, even in its most basic form.
For the savvy users you can also tack on switches without using all the dashes -
same grep command less dashes
Once you start to become more familiar with grep you can then start to use more advanced commands to really focus in on those specific matches.
If you only want to show file names without any matches found use the -L switch.
grep -l show only filenames
Sometimes with grep you may only want to show a singular line match for a string. This can be done with the -x exact switch.
grep -x singular line match only
Perhaps you only want to match a certain number of matches rather than showing every match, use the -m switch then specify the minimum number of matches.
grep -m minimum number of matches
If you want to invert matches use the -v flag, you can see in the example below no lines matching ‘password’ are shown.
grep -v inverse mode
One of the most basic useful commands for grep is simply helping you search for those command line switches you may have been struggling to remember. For example, below we’ve searched on the manual for nmap to remind us of how to find the grepable output switch for Nmap.
searching in manuals for commands using grep
Yes, that’s right Nmap does have a grepable output flag -oG that will output a scan into a nice grepable format for you!
When you become more comfortable with grep you will find yourself using it for many things that will ultimately help you save time performing otherwise fairly mundane tasks.
Perhaps you want to grep for IP addresses with grep’s REGEX features or maybe even pipe the output of grep into something else like awk or cut the possibilities are only limited by your imagination.
Although, we’ve scratched the surface with some very basic examples here we encourage you to have a play around with grep and try out some more of its advanced features and you’ll see just how useful it will be for you!
