Top 5 advanced uses of ‘Find’ command (used by Hackers)

'Find' command is a handy tool used in the Linux terminal for various purposes. This tutorial is for users who are already aware of the command, and the goal is to highlight usage.

In this tutorial, we help you master the use of ‘Find’ command in Linux through the top five secret uses of ‘Find’ command. Starting with a bit complex use of ‘find’ we move towards the advance execution. Without wasting much time, let’s jump on the tutorial.

How to find the files with specific depth?

If you are under the circumstances when you don’t want to scan the whole directory structure, or you want to limit your search within the current directory or its subdirectory, then you can use the depth command.


find ./ -name *.gz 2>&1|grep -vi permiss

Finding with no depth defined



The above command should search all the file with an extension .gz. It should recursively search for the specified file right from the mentioned directory. You can ignore the part “2>&1|grep -vI permiss”, this is to ignore the error (Permission Denied).

If that shows files from all the directives, how can we limit our search?

You can use the below command to make it possible.


Find ./ -maxdepth 3 -name *.gz 2>&1|grep -I permiss



Finding command with Max Depth 3

As shown in the given command, it should pull up the results from the current directory and its two sub-directories.

How to find the files owned by a specific user?

Let’s assume you have a web server and imagine a hacker has injected the malicious code to your files. After investigation, you found the XYZ user has done it. However, to fix it, you want to list all the files owned by XYZ user. In our case, these are the affected files. In this case, the below command should help you a lot.


find ./ -user sfusate -name "*.txt" 2>&1|grep -I permiss

Finding the files with own by a user

As per the above screenshot, we are listing the files to ensure they are owned by another user too. The ‘pwd’ command shows we are running the next command from the same directory. Lastly, the ‘find’ command with the flag as an ‘-user’ gives us the power to list the files with the extension as ‘.txt.’ moreover, owned by user ‘sfusate’ as shown above.

How to delete all the files owned by a user using ‘find’ command?

The best use of getting all files owned by a user becomes more useful when you want to delete all the files owned by that specific user.

Extending our hacked webserver case, once you identified all files by XYZ user, the time when you want to delete those files you can use below command.


find ./ -user sfusate -name "*.txt" -exec rm {} \; 2>&1|grep -vi permiss

Deleting all the files owned by a user using find command

The screenshot shows, we are listing all the files owned by a user ‘sfusate’. In the next execution, we are deleting all the files with extension ‘.txt. The third command confirms, all the ‘.txt.’ files under the current directory and its subdirectory owned by a user ‘sfusate’ has been deleted.

How to find the files with specific file permission?

In this case, our hacker is pretty smart. He is not creating any new files or changing the ownership. He is tweaking the file permission, keeping the file owner untouched. What exactly he is doing? He grabs the system user and restricts the file permission to that specific user.

If you ever fall in this situation, you need to find the files with files permission to a user or group. To help you with it we have below command.


find . -perm -g=w -type f -exec ls -l {} \; 2>&1|tail -n 5


-rwxrwxrwx. 1 ceyoung domain users 2315 Aug 28 00:12 ./monitordataload/
-rwxrwxrwx. 1 ceyoung domain users 2251 Aug 28 00:12 ./monitordataload/
-rwxrwxrwx. 1 ceyoung domain users 2261 Aug 28 00:12 ./monitordataload/
-rwxrwxrwx. 1 ceyoung domain users 2405 Aug 28 00:12 ./monitordataload/
-rwxrwxrwx. 1 nikhshah domain users 2253 Aug 23 04:35 ./dsmdevops-19.8.0/

Files with Write permission to the only Group

The given image shows, when we pass the argument as -g=w, it should show all the files which have to write permission to the Group. On the other hand, when you say g=w, as shown in the second command, it should restrict to display the files which have only write permission.

As we do not have any files with only write permission, it is displaying the 0 results.

How to delete the files using ‘inode’ and ‘find’ command?

Now our hacker became smarter, this time he has created the clone of existing files with the filename as shown in below example.

Showing the iNodes

As shown in the given an example, we have two test files:

  • test?.txt
  • test.txt

Let’s assume the ‘test?.txt’ files are impacted files created by the attacker. You want to delete this malicious code/file. As the ‘?’ Is a unique character it won’t be assumed as a parameter while firing the rm command. If you hit the command ‘rm test*.’ It should delete all the files, which contain the word ‘test.’

To overcome this, one has to use the ‘inode.’ The given picture shows the command for displaying the inodes.


ls -il

It should give inodes for all the files, and it displayed in 1st column. For the file ‘test?.txt’ the inode is 266534.

Now, let’s move on, how one can delete these files with the inode.


Find -inum 266534 -exec rm {} \;

Deleting the files with Inode

As shown in the screenshot, when we fire the ‘ls’ command with an inode, it should display the file ‘test?.txt’ with inode detail.

After deleting the file using the find and inode, the ‘ls’ command proves the file got deleted successfully.


This is all about the advance use of ‘find’ command. Hope you loved it. Stay tuned to FOSS Linux for many such tricks, tips, best use of, advance use of Linux and commands in Linux.

Divya Kiran Kumar
I'm the Editor of FOSS Linux. I worked as a Software Engineer before taking up blogging as my full-time job. I enjoy using Linux, and can't imagine anything else for my PC. Apart from writing for FOSS Linux, I enjoy reading non-fictional books. Sapiens was my favorite last read. I hope you enjoy reading and using this blog to enhance your Linux experience! Have a great day ahead!


Please enter your comment!
Please enter your name here





The Ubuntu Cinnamon Remix brings together Linux Mint's Cinnamon desktop with the Ubuntu Core. While some users are welcoming the new flavor of Ubuntu with open arms, others are scratching their heads, wondering where it fits in.
The wait is finally over (almost) for all you Ubuntu fans out there. The latest version of Ubuntu, 20.10 codenamed "Groovy Gorilla," is currently available in the beta version. I have tested out the distro myself, and it is stable enough to take out for a spin.

Enabling GameMode on Linux for best gaming performance

GameMode is a combination of various libraries and daemons that allows all the users to improve the gaming performance on the Linux system. Developed by games publisher Feral Interactive, it improves gaming performance by requesting a group of options that will be applied temporarily to the Linux system.

Removing the Virus from a Windows PC with a Ubuntu Live USB drive

In this tutorial, we are going to show you how to clean your Windows machine from infected viruses using an Ubuntu live USB or CD and the ClamAV antivirus. The ClamAV is a free, open-source antivirus that can be used on Ubuntu.

The 10 Best Linux Server Distros For Home And Businesses

By the year 2020, it is estimated that there are close to 600 Linux distributions in the market. It includes both servers and Desktop versions; therefore, if you are looking for lightweight Linux distribution for your old PC or a reliable desktop version for employees in your organization, you may be overwhelmed with the number of choices for finding one for your use.

The 6 Best Download Managers for Fedora

It is a well-known fact that using download managers can help improve download speeds as compared to web browsers. Apart from the inbuilt download manager wget on Fedora, just as on any distribution that is based on GNU/Linux package, there are more options to explore.