Hello friend, I hope you practised the commands shown yesterday. Today we’ll follow up with more commands to get comfortable on the terminal, such as man, apropos, which, whatis, locate and find.
Manual pages provide documentation for the command line’s commands. “man” is the program’s name to view these pages. Let’s look at the man page for the “whoami” command. Also shortly covered on Day 1.
WHOAMI(1) User Commands WHOAMI(1) NAME whoami - print effective userid SYNOPSIS whoami [OPTION]... DESCRIPTION Print the user name associated with the current effective user ID. Same as id -un. --help display this help and exit --version output version information and exit AUTHOR Written by Richard Mlynarik. ...
The content of the manual pages is organized into sections that are numbered as follows:
|2||Programming interfaces for kernel system calls|
|3||Programming interfaces to the C library|
|4||Special files such as device nodes and drivers|
|5||File formats and conventions|
|6||Games and screensavers|
|8||System administration commands and daemons|
By a default search with the “man” command, we’ll get results from the first section. However, we can add the “-k” option to search for a keyword within all sections’ documentation. Let’s try with the “passwd” command.
chgpasswd (8) - update group passwords in batch mode chpasswd (8) - update passwords in batch mode expect_mkpasswd (1) - generate new password, optionally apply it to a user gpasswd (1) - administer /etc/group and /etc/gshadow ...
We get plenty of commands, but the one we needed is hiding somewhere in between. We need to narrow our search with the help of regular expressions. You can check out the following page to better understand regex and practice on this website or your command line.
In our example below, we’ve used a caret (^) and a dollar sign ($) to match the entire line and avoid sub-string matches.
passwd (1) - change user password passwd (1ssl) - compute password hashes passwd (5) - the password file
Now you can use the section number (5) above to do a specific search.
Apropos as alternative for man -k
As we’ve seen above, “man -k” searches for a keyword in the description of the commands (without the use of regular expressions). “apropos” does the same, but without adding the “-k” option.
You can try for yourself by typing “man -k passwd” & “apropos passwd“, the results should be the same.
chgpasswd (8) - update group passwords in batch mode chpasswd (8) - update passwords in batch mode expect_mkpasswd (1) - generate new password, optionally apply it to a user gpasswd (1) - administer /etc/group and /etc/gshadow grub-mkpasswd-pbkdf2 (1) - generate hashed password for GRUB ...
Finding files with “which”
Let’s say you have two versions of the same program on your computer. Therefore you can use the “which” command to find out which version your shell will use.
The “which” command searches through the directories that are defined in the $PATH environment variable. The $PATH is just a collection of paths, each of which points to a directory. We can use the “echo” command to find out the directories in our path.
The output list separates each path with colons (:). The “which” command will start searching from left to right. So the first path will be “/usr/local/sbin” and afterwards “/usr/local/bin” and so on. Let’s test this out by typing “which apropos“.
The default command stops when it finds a result. However, if we use the -a (all) option, “which” will continue searching.
Above, it lists all of the matches found in our $PATH environment’s directories, starting its search from left to right. Now let’s view them and see the difference. Check Day 1 for the ls command.
┌──(kali㉿kali)-[~] └─$ ls -l /bin/apropos lrwxrwxrwx 1 root root 6 Jul 5 05:06 /bin/apropos -> whatis
“ls” (list), “-l” (long listing). The “5” showing before the time (05:06) is the size of the executable in bytes (can be compared against the sizes of the files we find). After checking them both out, we see that they refer to the same symbolic link or shortcut, called “whatis“.
Let’s test this newfound command:
┌──(kali㉿kali)-[~] └─$ man -k '^passwd$' passwd (1) - change user password passwd (1ssl) - compute password hashes passwd (5) - the password file
Summary: the “whatis” command can be used as an alternative to the “man” command used with the “-k” option and the regular expression of “^” and “$“, which is much easier to remember.
There wasn’t any difference between those two files, except their directory. To be entirely sure, let’s check both their versions with the “–version” option.
┌──(kali㉿kali)-[~] └─$ /bin/apropos --version apropos 2.9.3
Another way to “locate” files
The “locate” command is the quickest way to find the locations of files and directories in Kali. Unlike the “which” command, “locate” searches through a built-in database named “locate.db” rather than the entire hard disk itself. This database is automatically updated regularly by the cron scheduler. But we can also manually update the “locate.db” database with the “updatedb” command to be up-to-date to the minute. We need to run the command with admin privileges (sudo).
┌──(kali㉿kali)-[~] └─$ locate whoami /whoami.txt /home/kali/Desktop/whoami.txt /usr/bin/ldapwhoami /usr/bin/whoami /usr/share/bash-completion/completions/ldapwhoami /usr/share/man/man1/ldapwhoami.1.gz /usr/share/man/man1/whoami.1.gz /usr/share/windows-resources/binaries/whoami.exe
The basic form of the “locate” command locates all the files on the file system, starting at the root as we see above. The results contain all or any part of the search criteria. Check Day 0 for a better understanding of the Filesystem Hierarchy Standard (FHS).
Let’s say we want to find the files or directories that only contain our search criteria:
The find command
is the one we can be most flexible with but takes some time to master. It allows us to search for files for which we know the approximate filenames. It gives us the ability to search for files by their age, size, name, owner, timestamp, group, type, permissions, date and other criteria. It can get pretty tricky.
To do those searches, we’ll be using wildcards. Wildcards are symbols used to replace or represent one or more characters. The most common wildcard symbols are the question mark ( ? ), which stands for a single character, and the asterisk ( * ) stands for any string of characters.
The first character ( / ) after the find command is for specifying the starting directory of our recursive search.
To have “find” search from the root folder, we’d use “find /“.
From the home folder, “find ~” and from the current folder “find .“
There’s a lot to explore with the “find” command. You can check out the man page for more info.
Note: The find command defaults to being case sensitive. If you want the search for a word or phrase to be case insensitive, use the “-iname” option with the “find” command. It is the case insensitive version of the “-name” command.
There’s one more command for searching, which is the “whereis” command. It’s for you to explore it.