-
Notifications
You must be signed in to change notification settings - Fork 1
/
nushell.cheat
102 lines (69 loc) · 4.72 KB
/
nushell.cheat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
% nushell , pushou
# help commands
nu
help commands
help sys
# basic usage on sys builtins
sys
sys|select net|table -e
# get cal
cal --full-year 2023
# get passwd
open -r /etc/passwd|from csv -n --separator ':'|rename users password uid gid gecos homedir shell
# basic usage with docker
sudo docker info --format {{json .}} | from json|less
# get file > size on entire disk
ls **/* |where size > 500Mib
# ls sort by recent file
ls|sort-by -r modified
# get info on ip address
echo 192.168.1.10/255.255.255.0 | jc --ip-address |from json|flatten
# ip address to nushell
ip --brief -j a|from json|flatten|flatten
# Open spreadsheet
open --raw <file>|from ods|table -e |select column1
open --raw <file>|from ods|flatten|flatten|get column1
open --raw <file>|from xlsx |flatten|flatten|get column1
# french df
df -h |detect columns |upsert "Monté" { |it| $"($it.Monté)($it.sur)"}|reject Monté sur
# detect column
netstat | detect columns -s 1 | first 20
# systemctl output jc
systemctl|jc --systemctl|from json|table
# systemctl json output
systemctl list-unit-files --type=service -o json|from json
# journalctl json output
journalctl -u ssh.service -o json-pretty|jq -s '.'|from json|select MESSAGE
# journalctl sensor message
journalctl -b -o json |jq -s '.'|from json| default 'nosyslog' SYSLOG_IDENTIFIER |where SYSLOG_IDENTIFIER == 'sensors'| update __MONOTONIC_TIMESTAMP {|it| $it.__MONOTONIC_TIMESTAMP |into datetime -o +4|date format 'Le %d/%m/%Y à %H:%M'} | default 'nomess' MESSAGE| select __MONOTONIC_TIMESTAMP MESSAGE
# journalctl sensor message (jq select)
journalctl -b -o json |jq '. | select(._COMM=="sensors")' |jq -s '.'|from json| default 'nosyslog' SYSLOG_IDENTIFIER | update __MONOTONIC_TIMESTAMP {|it| $it.__MONOTONIC_TIMESTAMP |into datetime -o +4|date format 'Le %d/%m/%Y à %H:%M'} | default 'nomess' MESSAGE| select __MONOTONIC_TIMESTAMP MESSAGE
# journalctl ufw block top IP address
journalctl -k |grep 'BLOCK'|detect columns -n|select column9 column10 column16 column18|insert SRC {|it| $it.column9|str replace 'SRC=' ''}|insert DST {|it| $it.column10|str replace 'DST=' ''}|default "nodport" column18|insert DPORT {|it| $it.column18|str replace 'DPT=' ''}| insert PROTO {|it| $it.column16|str replace 'PROTO=' ''} |reject column9 column10 column16 column18|uniq -c|flatten|sort-by -r count|head -n 50
# mtr from json
mtr -P 443 -T -c 2 -b -e -z -t -j <FQDN> | from json|flatten|get hubs|flatten
# ss output jc
ss -tunlp|jc --ss|from json
# ss get columns
ss -tunlp|jc --ss|from json|columns
# ss output sort by local port
ss -tunlp|jc --ss|from json|sort-by -n local_port
# ss output where state='LISTEN'
ss -tunlp|jc --ss|from json|sort-by -n local_port |where state == 'LISTEN'
# ss output jc select port < 1024
ss -tunlp|jc --ss|from json|sort-by -n local_port |where local_port_num < 1024
ss -tunlp|jc --ss|from json|sort-by -n local_port |where ($it.local_port | into decimal) < 1024
# Docker example
docker ps -a --format "{{.ID}}|{{.Names}}|{{.State}}|{{.Ports}}" | lines | split column "|" ID Name State Ports | into df | sort-by [State Name] -r [true, false]
# simple osquery to nushell
osqueryi "select * FROM users;" --json|from json
# osquery to nushell
osqueryi "select * FROM docker_images;" --json|from json|update size_bytes {|it| $it.size_bytes |into filesize} |sort-by size_bytes
# osquery docker image sum size
osqueryi "select * FROM docker_images;" --json|from json|update size_bytes {|it| $it.size_bytes |into filesize} |sort-by size_bytes|get size_bytes |reduce -n {|it, acc| $acc.item + $it.item }
# calendar from ics
open monics2.ics|select events|to json |jq '.[][]'|from json|get properties|each {|it| {0: $it.0.value,1: $it.1.value,2:$it.2.value,3: $it.3.value ,4: $it.4.value ,5:$it.5.value,6:$it.6.value,7:$it.7.value,8:$it.8.value}}
# calendar from ics with column name
open monics2.ics|select events|to json |jq '.[][]'|from json|get properties|each {|it| {'DTSTAMP': $it.0.value,'DTSTART': $it.1.value,'DTEND':$it.2.value,'SUMMARY': $it.3.value ,'LOCATION': $it.4.value ,'DESCRIPTION':$it.5.value,'CREATED':$it.6.value,'LAST-MODIFIED':$it.7.value,'SEQUENCE':$it.8.value}}
# calendar from ics sort by date , convert date , rename column , drop colums
open monics2.ics|select events|to json |jq '.[][]'|from json|get properties|each {|it| {'DTSTAMP': $it.0.value,'DTSTART': $it.1.value,'DTEND':$it.2.value,'SUMMARY': $it.3.value ,'LOCATION': $it.4.value ,'DESCRIPTION':$it.5.value,'CREATED':$it.6.value,'LAST-MODIFIED':$it.7.value,'SEQUENCE':$it.8.value}}| sort-by DTSTART |update DTSTAMP {|it| $it.DTSTAMP|into datetime -o +1 |to text} |update DTSTART {|it| $it.DTSTART|into datetime -o +1 |to text}|update DTEND {|it| $it.DTEND|into datetime -o +1 |to text}|reject DTSTAMP CREATED LAST-MODIFIED SEQUENCE