awk命令详解
来源:互联网 发布:字母设计软件 编辑:程序博客网 时间:2024/06/05 06:30
同样的,每个知识点的学习都是来自项目驱动。
今天看了一个开源的框架:dtf
下面是关于dtf的介绍:
The Android Device Testing Framework ("dtf") is a data collection and analysis framework to help individuals answer the question: "Where are the vulnerabilities on this mobile device?" Dtf provides a modular approach and built-in APIs that allows testers to quickly create scripts to interact with their Android devices. By default, dtf does not include any modules, but a collection of testing modules is made available on the Cobra Den website. These modules allow testers to obtain information from their Android device, process this information into databases, and then start searching for vulnerabilities (all without requiring root privileges). These modules help you focus on changes made to AOSP components such as applications, frameworks, system services, as well as lower-level components such as binaries, libraries, and device drivers. In addition, you'll be able to analyze new functionality implemented by the OEMs and other parties to find vulnerabilities.
在浏览dtf的代码过程中,其中有一部分是用来判断你所使用的os的:
ver=$(lsb_release -d|awk -F"\t" '{print $2}')# Ubuntu os_ver=$(echo $ver | awk '{ string=substr($0, 1, 6); print string; }' )if [ "$os_ver" = "Ubuntu" ]; then ubuntu_ver=$(echo $ver | awk '{ string=substr($0, 1, 10); print string; }' ) # Is it the supported one? if [ "$ubuntu_ver" = "Ubuntu 14." -o "$ubuntu_ver" = "Ubuntu 15." ]; then echo "[+] Supported Ubuntu detected." else echo "[WARNING] It looks like you're using Ubuntu, but not the offically supported version." echo -n "Do you want to try the setup anyways? [y/N] " read response case $response in [yY][eE][sS]|[yY]) ;; *) echo "Exiting." exit 0 ;; esac fi# Something else. Bail.else echo "[ERROR] You're not using Ubuntu. You'll need to install dependencies manually. Sorry!" exit 2fi你会看到其中使用到了awk这个命令,对于这个命令之前虽然也使用过,但是认识不清晰,今天来做一个总结:起步上台
我从netstat命令中提取了如下信息作为用例:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
$catnetstat.txtProto Recv-Q Send-Q Local-Address Foreign-Address Statetcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:80 0.0.0.0:* LISTENtcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTENtcp 0 0 coolshell.cn:80 124.205.5.146:18245 TIME_WAITtcp 0 0 coolshell.cn:80 61.140.101.185:37538 FIN_WAIT2tcp 0 0 coolshell.cn:80 110.194.134.189:1032 ESTABLISHEDtcp 0 0 coolshell.cn:80 123.169.124.111:49809 ESTABLISHEDtcp 0 0 coolshell.cn:80 116.234.127.77:11502 FIN_WAIT2tcp 0 0 coolshell.cn:80 123.169.124.111:49829 ESTABLISHEDtcp 0 0 coolshell.cn:80 183.60.215.36:36970 TIME_WAITtcp 0 4166 coolshell.cn:80 61.148.242.38:30901 ESTABLISHEDtcp 0 1 coolshell.cn:80 124.152.181.209:26825 FIN_WAIT1tcp 0 0 coolshell.cn:80 110.194.134.189:4796 ESTABLISHEDtcp 0 0 coolshell.cn:80 183.60.212.163:51082 TIME_WAITtcp 0 1 coolshell.cn:80 208.115.113.92:50601 LAST_ACKtcp 0 0 coolshell.cn:80 123.169.124.111:49840 ESTABLISHEDtcp 0 0 coolshell.cn:80 117.136.20.85:50025 FIN_WAIT2tcp 0 0 :::22 :::* LISTEN下面是最简单最常用的awk示例,其输出第1列和第4例,
- 其中单引号中的被大括号括着的就是awk的语句,注意,其只能被单引号包含。
- 其中的$1..$n表示第几例。注:$0表示整个行。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
$awk'{print $1, $4}' netstat.txtProto Local-Addresstcp 0.0.0.0:3306tcp 0.0.0.0:80tcp 127.0.0.1:9000tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp :::22我们再来看看awk的格式化输出,和C语言的printf没什么两样:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
$awk'{printf "%-8s %-8s %-8s %-18s %-22s %-15s\n",$1,$2,$3,$4,$5,$6}' netstat.txtProto Recv-Q Send-Q Local-Address Foreign-Address Statetcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:80 0.0.0.0:* LISTENtcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTENtcp 0 0 coolshell.cn:80 124.205.5.146:18245 TIME_WAITtcp 0 0 coolshell.cn:80 61.140.101.185:37538 FIN_WAIT2tcp 0 0 coolshell.cn:80 110.194.134.189:1032 ESTABLISHEDtcp 0 0 coolshell.cn:80 123.169.124.111:49809 ESTABLISHEDtcp 0 0 coolshell.cn:80 116.234.127.77:11502 FIN_WAIT2tcp 0 0 coolshell.cn:80 123.169.124.111:49829 ESTABLISHEDtcp 0 0 coolshell.cn:80 183.60.215.36:36970 TIME_WAITtcp 0 4166 coolshell.cn:80 61.148.242.38:30901 ESTABLISHEDtcp 0 1 coolshell.cn:80 124.152.181.209:26825 FIN_WAIT1tcp 0 0 coolshell.cn:80 110.194.134.189:4796 ESTABLISHEDtcp 0 0 coolshell.cn:80 183.60.212.163:51082 TIME_WAITtcp 0 1 coolshell.cn:80 208.115.113.92:50601 LAST_ACKtcp 0 0 coolshell.cn:80 123.169.124.111:49840 ESTABLISHEDtcp 0 0 coolshell.cn:80 117.136.20.85:50025 FIN_WAIT2tcp 0 0 :::22 :::* LISTEN脱掉外套
过滤记录
我们再来看看如何过滤记录(下面过滤条件为:第三列的值为0 && 第6列的值为LISTEN)
1
2
3
4
5
$awk'$3==0 && $6=="LISTEN" ' netstat.txttcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:80 0.0.0.0:* LISTENtcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTENtcp 0 0 :::22 :::* LISTEN其中的“==”为比较运算符。其他比较运算符:!=, >, <, >=, <=
我们来看看各种过滤记录的方式:
1
2
3
4
5
$awk' $3>0 {print $0}' netstat.txtProto Recv-Q Send-Q Local-Address Foreign-Address Statetcp 0 4166 coolshell.cn:80 61.148.242.38:30901 ESTABLISHEDtcp 0 1 coolshell.cn:80 124.152.181.209:26825 FIN_WAIT1tcp 0 1 coolshell.cn:80 208.115.113.92:50601 LAST_ACK如果我们需要表头的话,我们可以引入内建变量NR:
1
2
3
4
5
6
$awk'$3==0 && $6=="LISTEN" || NR==1 ' netstat.txtProto Recv-Q Send-Q Local-Address Foreign-Address Statetcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:80 0.0.0.0:* LISTENtcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTENtcp 0 0 :::22 :::* LISTEN再加上格式化输出:
1
2
3
4
5
6
$awk'$3==0 && $6=="LISTEN" || NR==1 {printf "%-20s %-20s %s\n",$4,$5,$6}' netstat.txtLocal-Address Foreign-Address State0.0.0.0:3306 0.0.0.0:* LISTEN0.0.0.0:80 0.0.0.0:* LISTEN127.0.0.1:9000 0.0.0.0:* LISTEN:::22 :::* LISTEN内建变量
说到了内建变量,我们可以来看看awk的一些内建变量:
$0当前记录(这个变量中存放着整个行的内容)$1~$n当前记录的第n个字段,字段间由FS分隔FS输入字段分隔符 默认是空格或TabNF当前记录中的字段个数,就是有多少列NR已经读出的记录数,就是行号,从1开始,如果有多个文件话,这个值也是不断累加中。FNR当前记录数,与NR不同的是,这个值会是各个文件自己的行号RS输入的记录分隔符, 默认为换行符OFS输出字段分隔符, 默认也是空格ORS输出的记录分隔符,默认为换行符FILENAME当前输入文件的名字怎么使用呢,比如:我们如果要输出行号:
1
2
3
4
5
6
7
$awk'$3==0 && $6=="ESTABLISHED" || NR==1 {printf "%02s %s %-20s %-20s %s\n",NR, FNR, $4,$5,$6}'netstat.txt01 1 Local-Address Foreign-Address State07 7 coolshell.cn:80 110.194.134.189:1032 ESTABLISHED08 8 coolshell.cn:80 123.169.124.111:49809 ESTABLISHED10 10 coolshell.cn:80 123.169.124.111:49829 ESTABLISHED14 14 coolshell.cn:80 110.194.134.189:4796 ESTABLISHED17 17 coolshell.cn:80 123.169.124.111:49840 ESTABLISHED指定分隔符
1
2
3
4
5
6
7
8
9
$ awk 'BEGIN{FS=":"} {print $1,$3,$6}' /etc/passwdroot 0 /rootbin 1 /bindaemon 2 /sbinadm 3 /var/admlp 4 /var/spool/lpdsync5 /sbinshutdown6 /sbinhalt 7 /sbin上面的命令也等价于:(-F的意思就是指定分隔符)
1
$awk -F: '{print $1,$3,$6}' /etc/passwd注:如果你要指定多个分隔符,你可以这样来:
1
awk-F '[;:]'再来看一个以\t作为分隔符输出的例子(下面使用了/etc/passwd文件,这个文件是以:分隔的):
1
2
3
4
5
6
7
$awk -F: '{print $1,$3,$6}' OFS="\t"/etc/passwdroot 0 /rootbin 1 /bindaemon 2 /sbinadm 3 /var/admlp 4 /var/spool/lpdsync 5 /sbin脱掉衬衫
字符串匹配
我们再来看几个字符串匹配的示例:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
$awk'$6 ~ /FIN/ || NR==1 {print NR,$4,$5,$6}' OFS="\t"netstat.txt1 Local-Address Foreign-Address State6 coolshell.cn:80 61.140.101.185:37538 FIN_WAIT29 coolshell.cn:80 116.234.127.77:11502 FIN_WAIT213 coolshell.cn:80 124.152.181.209:26825 FIN_WAIT118 coolshell.cn:80 117.136.20.85:50025 FIN_WAIT2$ $ awk'$6 ~ /WAIT/ || NR==1 {print NR,$4,$5,$6}' OFS="\t"netstat.txt1 Local-Address Foreign-Address State5 coolshell.cn:80 124.205.5.146:18245 TIME_WAIT6 coolshell.cn:80 61.140.101.185:37538 FIN_WAIT29 coolshell.cn:80 116.234.127.77:11502 FIN_WAIT211 coolshell.cn:80 183.60.215.36:36970 TIME_WAIT13 coolshell.cn:80 124.152.181.209:26825 FIN_WAIT115 coolshell.cn:80 183.60.212.163:51082 TIME_WAIT18 coolshell.cn:80 117.136.20.85:50025 FIN_WAIT2上面的第一个示例匹配FIN状态, 第二个示例匹配WAIT字样的状态。其实 ~ 表示模式开始。/ /中是模式。这就是一个正则表达式的匹配。
其实awk可以像grep一样的去匹配第一行,就像这样:
1
2
3
4
5
$awk'/LISTEN/' netstat.txttcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:80 0.0.0.0:* LISTENtcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTENtcp 0 0 :::22 :::* LISTEN我们可以使用 “/FIN|TIME/” 来匹配 FIN 或者 TIME :
1
2
3
4
5
6
7
8
9
$awk'$6 ~ /FIN|TIME/ || NR==1 {print NR,$4,$5,$6}' OFS="\t"netstat.txt1 Local-Address Foreign-Address State5 coolshell.cn:80 124.205.5.146:18245 TIME_WAIT6 coolshell.cn:80 61.140.101.185:37538 FIN_WAIT29 coolshell.cn:80 116.234.127.77:11502 FIN_WAIT211 coolshell.cn:80 183.60.215.36:36970 TIME_WAIT13 coolshell.cn:80 124.152.181.209:26825 FIN_WAIT115 coolshell.cn:80 183.60.212.163:51082 TIME_WAIT18 coolshell.cn:80 117.136.20.85:50025 FIN_WAIT2再来看看模式取反的例子:
1
2
3
4
5
6
7
8
9
10
11
12
13
$awk'$6 !~ /WAIT/ || NR==1 {print NR,$4,$5,$6}' OFS="\t"netstat.txt1 Local-Address Foreign-Address State2 0.0.0.0:3306 0.0.0.0:* LISTEN3 0.0.0.0:80 0.0.0.0:* LISTEN4 127.0.0.1:9000 0.0.0.0:* LISTEN7 coolshell.cn:80 110.194.134.189:1032 ESTABLISHED8 coolshell.cn:80 123.169.124.111:49809 ESTABLISHED10 coolshell.cn:80 123.169.124.111:49829 ESTABLISHED12 coolshell.cn:80 61.148.242.38:30901 ESTABLISHED14 coolshell.cn:80 110.194.134.189:4796 ESTABLISHED16 coolshell.cn:80 208.115.113.92:50601 LAST_ACK17 coolshell.cn:80 123.169.124.111:49840 ESTABLISHED19 :::22 :::* LISTEN或是:
1
awk'!/WAIT/' netstat.txt折分文件
awk拆分文件很简单,使用重定向就好了。下面这个例子,是按第6例分隔文件,相当的简单(其中的NR!=1表示不处理表头)。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
$awk'NR!=1{print > $6}' netstat.txt$lsESTABLISHED FIN_WAIT1 FIN_WAIT2 LAST_ACK LISTEN netstat.txt TIME_WAIT$catESTABLISHEDtcp 0 0 coolshell.cn:80 110.194.134.189:1032 ESTABLISHEDtcp 0 0 coolshell.cn:80 123.169.124.111:49809 ESTABLISHEDtcp 0 0 coolshell.cn:80 123.169.124.111:49829 ESTABLISHEDtcp 0 4166 coolshell.cn:80 61.148.242.38:30901 ESTABLISHEDtcp 0 0 coolshell.cn:80 110.194.134.189:4796 ESTABLISHEDtcp 0 0 coolshell.cn:80 123.169.124.111:49840 ESTABLISHED$catFIN_WAIT1tcp 0 1 coolshell.cn:80 124.152.181.209:26825 FIN_WAIT1$catFIN_WAIT2tcp 0 0 coolshell.cn:80 61.140.101.185:37538 FIN_WAIT2tcp 0 0 coolshell.cn:80 116.234.127.77:11502 FIN_WAIT2tcp 0 0 coolshell.cn:80 117.136.20.85:50025 FIN_WAIT2$catLAST_ACKtcp 0 1 coolshell.cn:80 208.115.113.92:50601 LAST_ACK$catLISTENtcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:80 0.0.0.0:* LISTENtcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTENtcp 0 0 :::22 :::* LISTEN$catTIME_WAITtcp 0 0 coolshell.cn:80 124.205.5.146:18245 TIME_WAITtcp 0 0 coolshell.cn:80 183.60.215.36:36970 TIME_WAITtcp 0 0 coolshell.cn:80 183.60.212.163:51082 TIME_WAIT你也可以把指定的列输出到文件:
1
awk'NR!=1{print $4,$5 > $6}' netstat.txt再复杂一点:(注意其中的if-else-if语句,可见awk其实是个脚本解释器)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
$awk'NR!=1{if($6 ~ /TIME|ESTABLISHED/) print > "1.txt";elseif($6 ~ /LISTEN/) print > "2.txt";elseprint > "3.txt"}' netstat.txt$ls?.txt1.txt 2.txt 3.txt$cat1.txttcp 0 0 coolshell.cn:80 124.205.5.146:18245 TIME_WAITtcp 0 0 coolshell.cn:80 110.194.134.189:1032 ESTABLISHEDtcp 0 0 coolshell.cn:80 123.169.124.111:49809 ESTABLISHEDtcp 0 0 coolshell.cn:80 123.169.124.111:49829 ESTABLISHEDtcp 0 0 coolshell.cn:80 183.60.215.36:36970 TIME_WAITtcp 0 4166 coolshell.cn:80 61.148.242.38:30901 ESTABLISHEDtcp 0 0 coolshell.cn:80 110.194.134.189:4796 ESTABLISHEDtcp 0 0 coolshell.cn:80 183.60.212.163:51082 TIME_WAITtcp 0 0 coolshell.cn:80 123.169.124.111:49840 ESTABLISHED$cat2.txttcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:80 0.0.0.0:* LISTENtcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTENtcp 0 0 :::22 :::* LISTEN$cat3.txttcp 0 0 coolshell.cn:80 61.140.101.185:37538 FIN_WAIT2tcp 0 0 coolshell.cn:80 116.234.127.77:11502 FIN_WAIT2tcp 0 1 coolshell.cn:80 124.152.181.209:26825 FIN_WAIT1tcp 0 1 coolshell.cn:80 208.115.113.92:50601 LAST_ACKtcp 0 0 coolshell.cn:80 117.136.20.85:50025 FIN_WAIT2统计
下面的命令计算所有的C文件,CPP文件和H文件的文件大小总和。
1
2
$ls-l *.cpp *.c *.h | awk'{sum+=$5} END {print sum}'2511401我们再来看一个统计各个connection状态的用法:(我们可以看到一些编程的影子了,大家都是程序员我就不解释了。注意其中的数组的用法)
1
2
3
4
5
6
7
$awk'NR!=1{a[$6]++;} END {for (i in a) print i ", " a[i];}' netstat.txtTIME_WAIT, 3FIN_WAIT1, 1ESTABLISHED, 6FIN_WAIT2, 3LAST_ACK, 1LISTEN, 4再来看看统计每个用户的进程的占了多少内存(注:sum的RSS那一列)
1
2
3
4
5
6
$psaux | awk'NR!=1{a[$1]+=$6;} END { for(i in a) print i ", " a[i]"KB";}'dbus, 540KBmysql, 99928KBwww, 3264924KBroot, 63644KBhchen, 6020KB脱掉内衣
awk脚本
在上面我们可以看到一个END关键字。END的意思是“处理完所有的行的标识”,即然说到了END就有必要介绍一下BEGIN,这两个关键字意味着执行前和执行后的意思,语法如下:
- BEGIN{ 这里面放的是执行前的语句 }
- END {这里面放的是处理完所有的行后要执行的语句 }
- {这里面放的是处理每一行时要执行的语句}
为了说清楚这个事,我们来看看下面的示例:
假设有这么一个文件(学生成绩表):
1
2
3
4
5
6
$catscore.txtMarry 2143 78 84 77Jack 2321 66 78 45Tom 2122 48 77 71Mike 2537 87 97 95Bob 2415 40 57 62我们的awk脚本如下(我没有写有命令行上是因为命令行上不易读,另外也在介绍另一种用法):
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
$catcal.awk#!/bin/awk -f#运行前BEGIN { math = 0 english = 0 computer = 0 printf"NAME NO. MATH ENGLISH COMPUTER TOTAL\n" printf"---------------------------------------------\n"}#运行中{ math+=$3 english+=$4 computer+=$5 printf"%-6s %-6s %4d %8d %8d %8d\n", $1, $2, $3,$4,$5, $3+$4+$5}#运行后END { printf"---------------------------------------------\n" printf" TOTAL:%10d %8d %8d \n", math, english, computer printf"AVERAGE:%10.2f %8.2f %8.2f\n", math/NR, english/NR, computer/NR}我们来看一下执行结果:(也可以这样运行 ./cal.awk score.txt)
1
2
3
4
5
6
7
8
9
10
11
$awk-f cal.awkscore.txtNAME NO. MATH ENGLISH COMPUTER TOTAL---------------------------------------------Marry 2143 78 84 77 239Jack 2321 66 78 45 189Tom 2122 48 77 71 196Mike 2537 87 97 95 279Bob 2415 40 57 62 159--------------------------------------------- TOTAL: 319 393 350AVERAGE: 63.80 78.60 70.00环境变量
即然说到了脚本,我们来看看怎么和环境变量交互:(使用-v参数和ENVIRON,使用ENVIRON的环境变量需要export)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
$ x=5$ y=10$exporty$echo$x $y5 10$awk-vval=$x '{print $1, $2, $3, $4+val, $5+ENVIRON["y"]}' OFS="\t"score.txtMarry 2143 78 89 87Jack 2321 66 83 55Tom 2122 48 82 81Mike 2537 87 102 105Bob 2415 40 62 72 0 0
- awk 命令详解
- Linux awk命令详解
- AWK 命令详解大全
- awk命令详解
- awk命令详解(大全)
- Linux awk命令详解
- awk命令详解
- Linux awk命令详解
- Linux awk命令详解
- awk命令详解
- awk命令详解
- awk命令详解
- AWK命令详解
- Linux awk命令详解
- Linux awk命令详解
- Linux awk命令详解
- linux awk命令详解
- Linux awk命令详解
- Hbase数据解析mapreduce过程及遇到的问题
- Selenium2+JUnit+FirefoxWebDriver
- 调用约定:_stdcall,_cdecl
- img之间的空白和img的对齐方式
- 学习笔记:jQuery的deferred对象整理1
- awk命令详解
- C++ 转换类型运算符 调用构造函数实现的类型转换
- java类中属性优先执行顺序
- 腐蚀和膨胀在opencv上的学习
- HDU1176-免费馅饼
- Intent的使用
- 栈的压入、弹出序列
- C++ 转换类型运算符 调用构造函数将变量转化成为一个对象的成员变量
- office word插入数学公式引起的行间距增大的解决方法
