05-16-2008
Thank you both for the replies. I don't think I'm executing your suggestions correctly, I've tried all 3.
Jim,
I'm definately confused by which files go where when I read yours.
assume:
strings.txt = file with strings I want find
results.txt = output file of search results
I am trying:
find /directory/I/want to/search/ -type f | \
while read results.txt
do
grep -f strings.txt $results.txt
done
When I use this, I get:
read: `results.txt': not a valid identifier
era,
I didn't get any errors with your suggestions but strings I'm searching are still being broken up, meaning the spaces or '/' in the strings are being handled as breaks turning 1 string into several small strings that are each getting searched.
A better example of what I was originally trying to do is:
for h in `cat strings.txt`; do grep -rl "$h" /directory/path/I want/to/search/ >> /home/directory/results.txt ; done
using /../../ in my original post was not the best choice on my part when they are the equivalent of back ticks.
I'm going to continue to fiddle with all the suggestions, if any further guidance can be offered it would be a great help.
Thanks upstate boy
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I am trying to locate a file or files with specific data in them. Problem is the file(s) could reside in any one of many directories.
My question is. Is there a way of recursively greping directories for the file(s) with the data I am looking for.
I have tried -
1.
$HOME> grep 47518 | ls... (8 Replies)
Discussion started by: jagannatha
8 Replies
2. UNIX for Dummies Questions & Answers
Hi! Suppose I have a directory (no symbolic links) called /WORK that contains 3 subdirectories:
/A
/B
/C
My problem is this: I want to look for a file that contains an order number. So far, I obtain what I want by doing this
/home/acb% cd /WORK/A
/home/acb/WORK/A% grep '093023553' *.*... (3 Replies)
Discussion started by: alan
3 Replies
3. UNIX for Dummies Questions & Answers
I'm using this command to get a recursive grep
find . -name *.i -exec grep 'blah blah' {} \; -exec ls {} \;
now I would like to obtain just the list of the files and not also the line of the file.
How should I change the syntax?
thank you, (5 Replies)
Discussion started by: f_o_555
5 Replies
4. Shell Programming and Scripting
When finding a string in files within a directory, one can use this:
grep -r "searchstring" dir/subdir/ > listofoccurrences.txt
For brevity sake one can enter the intended directory and use this:
grep -r "searchstring" . > listofoccurrences.txt
which as I found out leads to an endless loop,... (2 Replies)
Discussion started by: figaro
2 Replies
5. UNIX for Advanced & Expert Users
Hi,
on AIX 6.1 , in man document for grep :
-r
Searches directories recursively. By default, links to directories are followed.
But when I use :
oracle@XXX:/appli/XXX_SCRIPTS#grep -r subject *.sh
It returns nothing.
However I have at least one row in a file :
... (3 Replies)
Discussion started by: big123456
3 Replies
6. Shell Programming and Scripting
Tricky one:
I want to do several things all at once to blow away a directory (rm -rf <dir>)
1) I want to find all files recursively that have a specific file extension (.ver) for example.
2) Then in that file, I want to grep for an expression ( "sp2" ) for example.
3) Then I want to... (1 Reply)
Discussion started by: jvsrvcs
1 Replies
7. Shell Programming and Scripting
I have seen some useful infomation about recursive grep in one of the thread. Can it is possible to combine resursive grep and replace togather? Means I need to replace old server names in all the files with new server names as we are upgrading our applications. There are lots of files in... (2 Replies)
Discussion started by: yale_work
2 Replies
8. Shell Programming and Scripting
Hi All,
This is the first time I have posted to this forum so please bear with me. Thanks also advance for any help or guidance.
For a project I need to do the following.
1. There are multiple files in multiple locations so I need to find them and the location. So I had planned to use... (9 Replies)
Discussion started by: Charlie6742
9 Replies
9. UNIX for Advanced & Expert Users
Can I please have some ideas on how to do a recursive grep with certain types of files? The file types I want to use are *.c and *.java.
I know this normally works with all files.
grep -riI 'scanner' /home/bob/ 2>/dev/null
Just not sure how to get it to work *.c and *.java files. (5 Replies)
Discussion started by: cokedude
5 Replies
HFIND(1) General Commands Manual HFIND(1)
NAME
hfind - Lookup a hash value in a hash database
SYNOPSIS
hfind [-i db_type ] [-f lookup_file ] [-eq] db_file [hashes]
DESCRIPTION
hfind looks up hash values in a database using a binary search algorithm. This allows one to easily create a hash database and identify if
a file is known or not. It works with the NIST National Software Reference Library (NSRL) and the output of 'md5sum'.
Before the database can be used by 'hfind', an index file must be created with the '-i' option.
This tool is needed for efficiency. Most text-based databases do not have fixed length entries and are sometimes not sorted. The hfind
tool will create an index file that is sorted and has fixed-length entries. This allows for fast lookups using a binary search algorithm
instead of a linear search such as 'grep'.
ARGUMENTS
-i db_type
Create an index file for the database. This step must be done before a lookup can be performed. The 'db_type' argument specifies
the database type (i.e. nsrl-md5 or md5sum). See section below.
-f lookup_file
Specify the location of a file that contains one hash value per line. These hashes will be looked up in the database.
-e Extended mode. Additional information besides just the name is printed. (Does not apply for all hash database types).
-q Quick mode. Instead of displaying the corresponding information with the hash, just display 0 if the hash was not found and 1 if it
was. If this flag is used, then only one hash can be given at a time.
-V Display version
db_file
The location of the hash database file.
[hashes]
The hashes to lookup. If they are not supplied on the command line, STDIN is used. If index files exist for both SHA-1 and MD5
hashes, then both types of hashes can be given at runtime.
INDEX FILE
hfind uses an index file to perform a binary search for a hash value. This is much faster than using 'grep', which will do a linear search.
Before a hash database is used, a corresponding index file must be created. This is done with the '-i' option to hfind.
The resulting index file will be named based on the database file name. The name will have the original name following by the hash type
(sha1 or md5) followed by '.idx'. For example, creating an MD5 hash index of the NIST NSRL results in 'NSRLFile.txt-md5.idx' and the SHA-1
index results in 'NSRLFile.txt-sha1.idx'.
The file has two columns. Each entry is sorted by the first column, which is the hash value. The second column has the byte offset of the
corresponding entry in the original file. So, when a hash is found in the index, the offset is recorded and then 'hfind' seeks to the
entry in the original database.
The following input types are valid. For NSRL, 'nsrl-md5' and 'nsrl-sha1' can be used. The difference is which hash value the index is
sorted by. The 'md5sum' value can also be used to sort and index "home made" databases. 'hfind' can take data in both common formats:
MD5 (test.txt) = 76b1f4de1522c20b67acc132937cf82e
and
76b1f4de1522c20b67acc132937cf82e test.txt
EXAMPLES
To create an MD5 index file for NIST NSRL:
# hfind -i nsrl-md5 /usr/local/hash/nsrl/NSRLFile.txt
To lookup a value in the NSRL:
# hfind /usr/local/hash/nsrl/NSRLFile.txt 76b1f4de1522c20b67acc132937cf82e
76b1f4de1522c20b67acc132937cf82e Hash Not Found
You can even do both SHA-1 and MD5 if you want:
# hfind -i nsrl-sha1 /usr/local/hash/nsrl/NSRLFile.txt
# hfind /usr/local/hash/nsrl/NSRLFile.txt
76b1f4de1522c20b67acc132937cf82e
80001A80B3F1B80076B297CEE8805AAA04E1B5BA
76b1f4de1522c20b67acc132937cf82e Hash Not Found
80001A80B3F1B80076B297CEE8805AAA04E1B5BA thrdcore.cpp
To make a database of critical binaries of a trusted system, use 'md5sum':
# md5sum /bin/* /sbin/* /usr/bin/* /usr/bin/* /usr/local/bin/* /usr/local/sbin/* > system.md5
# hfind -i md5sum system.md5
To look entries up, the following will work:
# hfind system.md5 76b1f4de1522c20b67acc132937cf82e
76b1f4de1522c20b67acc132937cf82e Hash Not Found
or
# md5sum -q /bin/* | hfind system.md5
928682269cd3edb1acdf9a7f7e606ff2 /bin/bash
<...>
or
# md5sum -q /bin/* > bin.md5
# hfind -f bin.md5 system.md5
928682269cd3edb1acdf9a7f7e606ff2 /bin/bash
<...>
SEE ALSO
sorter(1)
The NIST National Software Reference Library (NSRL) can be found at www.nsrl.nist.gov.
LICENSE
Distributed under the Common Public License, found in the cpl1.0.txt file in the The Sleuth Kit licenses directory.
AUTHOR
Brian Carrier <carrier at sleuthkit dot org>
Send documentation updates to <doc-updates at sleuthkit dot org>
HFIND(1)