Redis Cli Commands Cheat Sheet



Check Redis response latency redis-cli –latency -h -p. It is measuring the time for the Redis server to respond to the Redis PING command in milliseconds. “samples”: This is the amount of times the redis-cli recorded issuing the PING command and receiving a response. The commands shown in this guide were tested on an Ubuntu 18.04 server running Redis version 4.0.9. To set up a similar environment, you can follow Step 1 of our guide on How To Install and Secure Redis on Ubuntu 18.04. We will demonstrate how these commands behave by running them with redis-cli, the Redis command line.

17 September 2015

by {'login'=>'averagesecurityguy', 'email'=>'stephen@averagesecurityguy.info', 'display_name'=>'averagesecurityguy', 'first_name'=>', 'last_name'=>'}

Redis is an in-memory key/value data store used to handle backend data for many web applications. Often, Redis is used to store configuration information, session information, and user profile information. By default the Redis server does not require authentication for client access. This is not a problem if Redis is only listening on localhost but often it is not.

Finding Redis Servers

By default Redis listens on port 6379, which is not in the Nmap top 1000 port list or the /etc/services list used by Nessus. You will need to scan specifically for this service if you want to find it.

Interacting with Redis

The easiest way to interact with Redis is to use the Redis CLI client, redis-cli. On Kali2 you can install the client by installing the redis-tools package with apt-get. After installing redis-cli you can connect to the Redis server using redis-cli -h <hostname> -p <port>.

Once connected you can use the following commands to gather data from the server:

  • info - Outputs server data including version, number of databases, and the number of keys in each database.
  • select <n> - Select a database to work with. By default Redis has 16 databases available, 0 - 15. Typically, only 0 is used.
  • keys <pattern> - Display all keys matching the regex pattern. To see all keys use *.
  • type <key> - Displays the type of the value stored in the key, string, hash, set.
  • get <key> - Print the value of the string key.
  • hgetall <key> - Get all of the field/value pairs stored in the hash key.
  • hget <field> <key> - Get the value of the specified field in the hash key.

The full list of supported commands can be found here: http://redis.io/commands. This list is all of the commands supported in the latest version of Redis. Some of the commands may not work in older versions.

In addition to redis-cli, you can also access a Redis server using a number of programming languages. A full list of Redis clients by language is available here: http://redis.io/clients.

Simple Python Example

To use the example script below you will need to install the redis-py library using pip install redis. If Pip is not installed you can install it on Kali using apt-get install python-pip.

Update

If you come across a Redis server that is password protected, there is an NSE script that can be used to brute force the password. Once you find the password you can connect to the server using redis-cli -h <host> -p <port> -a <password>.

Update 2015/09/18

Thanks @bonsaiviking for pointing out the redis-info NSE script. So if you are hunting specifically for Redis servers you can use something like this:

nmap -p 6379 --script=redis-info 127.0.0.1 --open

Which should yield results like this:

You can also scan for Redis servers using Metasploit with the auxiliary/scanner/misc/redis_server.

Redis Cli List

tags: python - Redis
  • 1Basic Redis commands - Cheat Sheet

Basic Redis commands - Cheat Sheet

When you encounter a Redis instance and you quickly want to learn about the setup you just need a few simple commands to peak into the setup. Of course it doesn't hurt to look at the official full command documentation, but below is a listing just for sysadmins.

Accessing Redis

First thing to know is that you can use 'telnet' (usually on default port 6397)

or the Redis CLI client

to connect to Redis. The advantage of redis-cli is that you have a help interface and command line history.

Scripting Redis Commands

For scripting just pass commands to 'redis-cli'. For example:

Server Statistics

The statistics command is 'INFO' and will give you an output as following:

Changing Runtime Configuration

The command

gives you a list of all active configuration variables you can change. The output might look like this:

Note that keys and values are alternating and you can change each key by issuing a 'CONFIG SET' command like:

Such a change will be effective instantly. When changing values consider also updating the redis configuration file.

Multiple Databases

Redis has a concept of separated namespaces called 'databases'. You can select the database number you want to use with 'SELECT'. By default the database with index 0 is used. So issuing

switches to the second database. Note how the prompt changed and now has a '[1]' to indicate the database selection.

To find out how many databases there are you might want to run redis-cli from the shell:

Dropping Databases

To drop the currently selected database run

to drop all databases at once run

Checking for Replication

To see if the instance is a replication slave or master issue

and watch for the 'role' line which shows either 'master' or 'slave'.

Starting with version 2.8 the 'INFO' command also gives you per slave replication status looking like this

Enabling Replication

If you quickly need to set up replication just issue

on a machine that you want to become slave of the given IP. It will immediately get values from the master. Note that this instance will still be writable. If you want it to be read-only change the redis config file (only available in most recent version, e.g. not on Debian).

To revert the slave setting run

Dump Database Backup

As Redis allows RDB database dumps in background, you can issue a dump at any time. Just run:

When running this command Redis will fork and the new process will dump into the 'dbfilename' configured in the Redis configuration without the original process being blocked. Of course the fork itself might cause an interruption.

Use 'LASTSAVE' to check when the dump file was last updated. For a simple backup solution just backup the dump file.

If you need a synchronous save run 'SAVE' instead of 'BGSAVE'.

Redis cli commands cheat sheet pdf

Listing Connections

Starting with version 2.4 you can list connections with

Redis Cli Commands Cheat Sheet 2

and you can terminate connections with

Monitoring Traffic

Redis Cli Commands Cheat Sheet Pdf

The propably most useful command compared to memcached where you need to trace network traffic is the 'MONITOR' command which will dump incoming commands in real time.

Checking for Keys

If you want to know if an instance has a key or keys matching some pattern use 'KEYS' instead of 'GET' to get an overview.

On production servers use 'KEYS' with care as you can limit it and it will cause a full scan of all keys!

Redis Commands Cheat Sheet

Retrieved from 'https://briansnelson.com/index.php?title=Basic_Redis_commands_-_Cheat_Sheet&oldid=751'