Skip to content

Instantly share code, notes, and snippets.

@malwaremily

malwaremily/analyze.sh

Last active Mar 4, 2021
Embed
What would you like to do?
Manual HoneyTrap Log Parser
#!/bin/bash
#
# Manual HoneyTrap Log Parser
#
# To use this program run it and specify a file:
# analyze.sh infile.txt
# Source IP
egrep -ao 'source-ip=\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b' $1 >> sourceip.txt
sed 's/.*=//' sourceip.txt >> src
cat src | tr -s '\n' ',' > src
mv src sourceip.txt
# Commands
egrep -ao 'source-ip=\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b|ssh.exec=\[\]string(.*)\"}' $1 >> cmds.txt
sed 's/.*=//' cmds.txt >> temp.txt
mv temp.txt cmds.txt
# Username/Password
egrep -ao 'ssh.username=([0-9-]*|[A-Z]*|[a-z]*)|ssh.password=([0-9-]*|[A-Z]*|[a-z]*)' $1 >> usernamepass.txt
sed 's/.*=//' usernamepass.txt >> temp.txt
mv temp.txt usernamepass.txt
# Passwords
egrep -ao 'ssh.password=([0-9-]*|[A-Z]*|[a-z]*)' $1 >> pass.txt
sed 's/.*=//' pass.txt >> temp.txt
mv temp.txt pass.txt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment