grep (Global Regular Expression Print)
📝 Overview
What it is: A powerful command-line utility used to search plain-text data sets for lines that match a regular expression. It is one of the most essential tools in a Linux user’s toolkit for log analysis, troubleshooting, and post-exploitation. Target Phase: Enumeration / Post-Exploitation / Forensic Analysis Operating System: Linux / Unix / macOS (Native)
⚙️ Core Capabilities
- Text Filtering: Extracting specific lines from a file that contain keywords like “error,” “fail,” or “password.”
- Piping: Accepting input from other commands (like
cat,ls, orps) to filter results in real-time. - Regex Support: Using complex patterns to find specific data formats, such as IP addresses, emails, or credit card numbers.
💻 Common Commands & Flags
| Command | Description |
|---|---|
grep "root" /etc/passwd | Searches for the string “root” within a specific file. |
grep -i "Password" config.txt | Case-Insensitive: Finds “password”, “PASSWORD”, or “Password” (-i). |
grep -r "API_KEY" /var/www/ | Recursive: Searches through all files in a directory and its subdirectories (-r). |
grep -v "info" access.log | Invert Match: Shows every line that does not contain “info” (-v). Great for clearing out log noise. |
| `ps aux | grep “apache”` |
grep -E "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" logs.txt | Extended Regex: Uses a pattern to find IPv4 addresses within a file. |
⚠️ Notes & Limitations
- Case Sensitivity: By default,
grepis case-sensitive. Always use-iif you aren’t sure of the exact casing. - The Pipe
|: In your labs, you will almost always usegrepin combination with a pipe. It turns a wall of unreadable text into a surgical list of exactly what you need. - Evolution: If you need even faster searching or more advanced features, look into
egrep(Extended grep) or modern alternatives likeripgrep(rg).
🏷️ Tags
Tools CLItool LinuxNative PostExploitation Enumeration Filtering grep PenTestPlus