Manual HoneyTrap Log Parser

analyze.sh

#!/bin/bash
#
# Manual HoneyTrap Log Parser
#
# To use this program run it and specify a file:
# analyze.sh infile.txt

# Source IP
egrep -ao 'source-ip=\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b' $1 >> sourceip.txt
sed 's/.*=//' sourceip.txt >> src
cat src | tr -s '\n' ',' > src
mv src sourceip.txt

# Commands
egrep -ao 'source-ip=\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b|ssh.exec=\[\]string(.*)\"}' $1 >> cmds.txt
sed 's/.*=//' cmds.txt >> temp.txt
mv temp.txt cmds.txt

# Username/Password
egrep -ao 'ssh.username=([0-9-]*|[A-Z]*|[a-z]*)|ssh.password=([0-9-]*|[A-Z]*|[a-z]*)' $1 >> usernamepass.txt
sed 's/.*=//' usernamepass.txt >> temp.txt
mv temp.txt usernamepass.txt

# Passwords
egrep -ao 'ssh.password=([0-9-]*|[A-Z]*|[a-z]*)' $1 >> pass.txt
sed 's/.*=//' pass.txt >> temp.txt
mv temp.txt pass.txt