Find and Rename Files Containing Pattern

sshHow to search and rename files containing specific pattern

There are times when you need to search your server storage for files containing a specific pattern within them.

For instance, if a new vulnerability allows files to be injected to your server, you need to find these files and remove them – or at least rename them for further analysis later.

In this example, we want to find all files containing eval code x47LOB.

To find and list these files, without performing any other action:

# grep -lr --include=*.php '${"\\x47LOB' /path/to/web/root/

The following will find and rename them

# grep -lr --include=*.php '${"\\x47LOB' /path/to/web/root/ | xargs -n1 bash -c 'mv $0 $0.INFECTED'

You can change the xargs to remove them instead of moving them. This should get you started on finding and processing.

Was this helpful?
Find and Rename Files Containing Pattern written by UKC average rating 5/5 - 1 user ratings