awk 實戰

awk　一些好玩的用法．有什麼不錯的點子能夠留言，發揮出awk牛逼功能

 

分離mac地址

ifconfig wlan0 | grep eth | awk '{n=split($2,arr,":"); for(i=1;i<=n;i++)printf" "arr[i];print ""}'

 

提取eth0信息

ifconfig   | awk 'NR==1 {print substr($1,1,4)"\n---------------------------------"};NR==2{split($0,a," "); print a[1]"\t\t"a[2]"\n"a[3]"\t\t"a[4]"\n"a[5]"\t"a[6]}NR==4{print $1"\t\t"$2"\n"}'

 

獲取網卡信息

ifconfig | awk '
NR==1{d1=substr($1,1,4)}
NR==11{d2=substr($1,1,2)}
NR==20{d3=substr($1,1,5)}
NR==2||NR==4||NR==12||NR==21{
  if(NR==2)print d1"\t"$2;
  if(NR==4)print $1"\t"$2;
  if(NR==12)print d2"\t"$2;
  if(NR==21)print d3"\t"$2;
}'

重構輸出端口服務信息

netstat -ntpl | awk "-F[\: /]+" '
BEGIN{
  print "Type\t IP\t\t PORT\t PID\t PName\t"
}
NR!=1 && NR!=2 {
  if($1=="tcp6"){
    print $1"\t\t\t "$4"\t "$7"\t"$8
  }else{
    print $1"\t " $4"\t " $5"\t " $9"\t " $10;
  }
}'

 

如何以特殊符號做爲分隔符號

echo -e  /11\\22'!'33\$44\'55\"/ |awk "-F[\\\\\ /\$\"\'\!]" '{print $1,$2,$3,$4,$5,$6}'

 

彩色字體打印

echo -e "\n\n\n\n\n" | awk '{
　　for(i=NR;i>0;i--){
　　　　printf "\033[3"i"maaaa "
　　}
　　printf("\n");
}
END{
   printf "\033[0m"
}'

echo -e "\n\n\n\n\n" | awk '{
  for(i=NR;i>0;i--){
    printf "\033[4"i"maaaa "
  }
  printf("\n")
}
END{
  printf "\033[0m"
}'

 

 

使用正則過濾

awk '!/bash$/' /etc/passwd
awk /bash$/ /etc/passwd

 

生成５個1-10內的隨機數

awk 'BEGIN{
  srand();
  printf "%5d%5d%5d%5d%5d\n",
  rand()*10,rand()*10,rand()*10,rand()*10,rand()*10;
'}

 

結合nmap 主機範圍掃描過濾重要信息

nmap -n -v -T4 -sn 192.168.0.0/24　　　　#一大長串，不少都是不想要的信息

Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2018-02-06 11:06 CST
Initiating ARP Ping Scan at 11:06
Scanning 255 hosts [1 port/host]
Completed ARP Ping Scan at 11:06, 4.07s elapsed (255 total hosts)
Nmap scan report for 192.168.0.0 [host down]
Nmap scan report for 192.168.0.1
Host is up (0.0015s latency).
MAC Address: 04:95:E6:C4:98:90 (Unknown)
Nmap scan report for 192.168.0.2
Host is up (0.0015s latency).
MAC Address: 04:95:E6:C4:98:90 (Unknown)
Nmap scan report for 192.168.0.3 [host down]
Nmap scan report for 192.168.0.4 [host down]
Nmap scan report for 192.168.0.5 [host down]
...
Nmap scan report for 192.168.0.106 [host down]
Nmap scan report for 192.168.0.107 [host down]
Nmap scan report for 192.168.0.108
Host is up (0.22s latency).
MAC Address: 78:D3:8D:0F:A5:48 (Hongkong Yunlink Technology Limited)
Nmap scan report for 192.168.0.109 [host down]
...
Nmap scan report for 192.168.0.169 [host down]
Nmap scan report for 192.168.0.170 [host down]
Nmap scan report for 192.168.0.171
Host is up (0.25s latency).
MAC Address: 50:8F:4C:79:8D:CB (Unknown)
Nmap scan report for 192.168.0.172
Host is up (0.13s latency).
MAC Address: E8:65:D4:A6:36:58 (Unknown)
Nmap scan report for 192.168.0.173 [host down]
Nmap scan report for 192.168.0.174 [host down]
...
Nmap scan report for 192.168.0.255 [host down]
Nmap scan report for 192.168.0.141
Host is up.
Read data files from: /usr/bin/../share/nmap
Nmap done: 256 IP addresses (6 hosts up) scanned in 4.15 seconds
           Raw packets sent: 508 (14.224KB) | Rcvd: 7 (196B)

編輯一個shell 過濾腳本nmap-range.sh

grep -v "down"       |
awk 'NR>5{print $0}' |
awk '{
  if((NR-1)%3==0){
    printf $5
  }else if(NR%3==0){
     if($3 == "files"){
       print "\tThis is you\n"
     }
     else if(NR>4){
       print "\t"$3"\t"$4,$5,$6,$7,$8
     }
     else{ 
       print "\t"$3"\t"$4
     }
  }
}'

 

從新執行nmap　並管道傳入過濾腳本處理

nmap -n -v -T4 -sn 192.168.0.0/24 | bash nmap-range.sh

內存百分比動態監控腳本

#!/bin/bash

while [ 1 ] 
do
clear
free -m | grep Mem: | awk '{per=$3*100/$2;print "\033[31mCurrent Mem\033[36m:"substr(per,1,5)"%\033[0m"}'
sleep 1
done

 

製做成績表格 

源數據：sr

Marry   2143 78 84 77
Jack    2144 66 77 45
Tom     2145 80 83 61
Mike    2146 90 80 73
Bob     2148 91 93 92
Demon   2150 99 93 94

對成績進行統計而且生成 表格

awk "-F[\t ]+" '
BEGIN{
  printf "%5s\t%5s\t%5s\t%5s\t%7s\t%9s\t%4s\n",
       "NR","Name","No","Math","Chinese","English","Total";
  printf "************************************";
  printf "**********************************\n";
  mat=0;chi=0;eng=0;tot=0;
}
{total=$3+$4+$5;printf "%5s\t%5s\t%5s\t%5s\t%7s\t%9s\t%4s\n",
        NR,$1,$2,$3,$4,$5,total;mat+=$3;chi+=$4;eng+=$5;tot+=total;
}
END{
   printf "************************************";
   printf "**********************************\n";
   mat /= NR;  chi /= NR; eng /= NR; tot /= NR;
   mat = substr(mat,1,4); 
   chi = substr(chi,1,4); 
   eng = substr(eng,1,4);  tot = substr(tot,1,5);
   printf "Avg\t\t\t%5s\t%7s\t%11s\t%6s\n",mat,chi,eng,tot;
}' sr

 

網站訪問次數統計

源數據：

http://www.baidu.com/index.html
http://www.qq.com/index.html
http://www.qq.com/index.html
http://www.baidu.com/index.html
http://www.qq.com/index.html
http://www.baidu.com/index.html
http://www.baidu.com/index.html
http://www.163.com/1.html
http://www.demon.com/2.html
http://www.qq.com/index.html
http://www.163.com/1.html
http://www.demon.com/2.html
http://www.qq.com/index.html
http://www.163.com/1.html
http://www.demon.com/2.html
http://www.qq.com/index.html
http://www.163.com/1.html
http://www.demon.com/2.html
http://www.qq.com/index.html
http://www.demon.com/2.html
http://www.baidu.com/index.html
http://www.google.com/index.html
http://www.demon.com/2.html
http://www.baidu.com/index.html
http://www.163.com/1.html
http://www.demon.com/2.html
http://www.google.com/index.html
http://www.163.com/1.html
http://www.baidu.com/index.html
http://www.demon.com/2.html
http://www.163.com/1.html
http://www.google.com/index.html
http://www.baidu.com/index.html
http://www.demon.com/2.html
http://www.163.com/1.html
http://www.baidu.com/index.html

awk "-F[/]" '{arr[$3]++;}END{for(i in arr)print i"\t"arr[i]}' site

 

批量建立文件

awk -F: '{if(length($1)>7){print substr($1,1,5)}else{print $1}}' /etc/passwd > test
awk '{fileName = $1".php"; system("touch "fileName)}' test

 

使用awk防web頁面爆破掃描

#!/bin/bash

HTTP_ERROR_LOG="/var/log/httpd/error_log"
WarnningCount=30


# $8 is ipaddress,                      e.g: "218.93.201.199]"
# /^[0-9]{1,3}(.[0-9]{1,3}){3}/         REGpattern match the IPaddress
# gsub(/]/,"",$8);                      delete the lastest character ']'
# iptables -I INPUT -s 185.222.209.151 -m state --state  NEW,RELATED,ESTABLISHED -j DROP

awk   -v "c=$WarnningCount" --posix '
  BEGIN{
    print "DangerIP\tScanCount";
  }

  $8 ~ /^[0-9]{1,3}(.[0-9]{1,3}){3}/   {
     gsub(/]/,"",$8); 
     IP[$8]++;
  }

  END {
    for(i in IP){
      if(IP[i]>=c){
        print i"\t"IP[i];
        system("iptables -I INPUT -s "i" -m state --state NEW,RELATED,ESTABLISHED -j DROP ");  
      }
    }
  }
' $HTTP_ERROR_LOG

 

 

cut切割字符串

head /etc/passwd | cut -c 1-13 | cut -d: -f1

 

awk 遇到的錯誤

使用awk正則匹配 passwd　文件裏含有兩個o的行：

awk  -F:  '/o{2}/'  /etc/passwd    

結果不管怎麼嘗試都匹配不出來，後面縮小範圍肯定錯誤出在正則的量詞上也就是那對大括號

通過資料查閱，解決辦法就是須要加上一個參數: --posix  或--re-interval 選一個

awk --posix -F: '/o{2}/' /etc/passwd

 

轉載請註明出處：http://www.cnblogs.com/demonxian3/p/8425247.html

awk參考網址　http://www.javashuo.com/article/p-qmtyfuku-m.html