Last active
March 4, 2021 04:47
-
-
Save malwaremily/1d1944862cf1af5886c0787ba428b661 to your computer and use it in GitHub Desktop.
Manual HoneyTrap Log Parser
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Manual HoneyTrap Log Parser | |
# | |
# To use this program run it and specify a file: | |
# analyze.sh infile.txt | |
# Source IP | |
egrep -ao 'source-ip=\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b' $1 >> sourceip.txt | |
sed 's/.*=//' sourceip.txt >> src | |
cat src | tr -s '\n' ',' > src | |
mv src sourceip.txt | |
# Commands | |
egrep -ao 'source-ip=\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b|ssh.exec=\[\]string(.*)\"}' $1 >> cmds.txt | |
sed 's/.*=//' cmds.txt >> temp.txt | |
mv temp.txt cmds.txt | |
# Username/Password | |
egrep -ao 'ssh.username=([0-9-]*|[A-Z]*|[a-z]*)|ssh.password=([0-9-]*|[A-Z]*|[a-z]*)' $1 >> usernamepass.txt | |
sed 's/.*=//' usernamepass.txt >> temp.txt | |
mv temp.txt usernamepass.txt | |
# Passwords | |
egrep -ao 'ssh.password=([0-9-]*|[A-Z]*|[a-z]*)' $1 >> pass.txt | |
sed 's/.*=//' pass.txt >> temp.txt | |
mv temp.txt pass.txt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment