Exploring-Find-cmd-in-Linux

Find cmd in Linux

View on GitHub

Exploring-Find-cmd-in-Linux

There are different type of shell commands, some commands increase our workflow, if we know them well. Find is one of the shell command which is very helpful when we’re dealing with large data,files and has to narrow down according to our needs. Basically it makes the enumeration process much faster.

Usage of Find cmd

Enum the home dir

find /home -type f -printf "%f\t%p\t%u\t%g\t%m\n" 2>/dev/null | column -t

Find the files in family group

find / -type f -group family -ls 2>/dev/null

Find all files whose name ends with “.xml”

find / -type f -name "*.xml" 2>/dev/null

Find all files in the /home directory (recursive) whose name is “user.txt” (case insensitive)

find /home -type f -iname user.txt 2>/dev/null

Find all directories whose name contains the word “exploits”

find / -type d -name "*exploits*" 2>/dev/null

Find cmd with Size

To specify a size, you also need a suffix. c is the suffix for bytes, k for KiB’s, and M for MiB’s

Find all files owned by the user “kittycat”

find / -type f -user kittycat

Find all files that are exactly 150 bytes in size

find / -type f -size 150c

Find all files in the /home directory (recursive) with size less than 2 KiB’s and extension “.txt”

find/home -type f -size -2k -name "*.txt"

Find cmd with permissions

OnPaste 20220611-121354

Find all files that are exactly readable and writeable by the owner, and readable by everyone else (use octal format)

find / -type f -perm 644

Find all files that are only readable by anyone (use octal format)

find / -type f -perm 444

Find all files with write permission for the group “others”, regardless of any other permissions, with extension “.sh” (use symbolic format)

find / -type f -perm -o=w -name "*.sh"

Find all files in the /usr/bin directory (recursive) that are owned by root and have at least the SUID permission (use symbolic format)

find /usr/bin -type f -user root -perm -u=s

Find cmd for time & days

The words are min and time, for minutes and days, respectively.The prefixes are a, m, and c, and are used to specify when a file was last accessed, modified, or had its status changed.

Find all files that were not accessed in the last 10 days with extension “.png”

find / -type f -atime 10+ -name "*.png"

Find all files in the /usr/bin directory (recursive) that have been modified within the last 2 hours

find /usr/bin -type f -mmin -120

Find cmd with modify date (eg:14 Feb 2022)

find / -type f -name "*.txt" -newermt 2022-02-13 ! -newermt 2022-02-15 2>/dev/null