phildom's repos

Commit Diff

Commit:: 16fb04df83f1a5a74af32fd28e1a4a2b34021f4a
From:: Dominik Lang <dominik@phildom.de>
Date:: Sun Apr 7 08:47:42 2024 UTC
Message:: Initial import. With first versions of scripts for gnmap, nuclei, and OpenBSD's httpd access.log
Actions:: Patch | Tree
commit - /dev/null
commit + 16fb04df83f1a5a74af32fd28e1a4a2b34021f4a
blob - /dev/null
blob + 7c43567503ee9c4dd0ade1c1e2a4938a6ec289c1 (mode 644)
--- /dev/null
+++ from_accesslog.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+awk '
+NR > 1 {
+	match($0, "[[].*]")
+	$5 = substr($0, RSTART + 1, RLENGTH - 2)
+
+	match($0, "\".*\"")
+	$6 = substr($0, RSTART + 1, RLENGTH - 2)
+
+	l1 = NF-1
+	printf "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n", $1, $2, $3, $4, $5, $6, $l1, NF
+	#print $1, $2, $3, $4, $5, $6, $l1, NF
+}
+'
blob - /dev/null
blob + e39d14452ac5bfeb13ada588da366704fe2db0ba (mode 644)
--- /dev/null
+++ from_gnmap.sh
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+# In my opinion, gnmap isn't "grepable" but rather "transformable".
+# In my daily doing, I want something grepable with a little less information.
+# The goal is to print one entire port section together with its IP per line, e.g.
+#
+# 192.168.1.42  22  open  tcp  ssh  SSH-2.0-OpenSSH_9.5
+#
+# The challenge is that the format uses different types of delimiters
+# for the different "fields".
+# We only use the address field and the Ports field and ignore everything else.
+# 
+# The Ports field is delimited with "," and within a field delimited with "/"
+# First split the "Ports:" field into it's port entry components.
+# Then split each of these components into it's subcomponents.
+
+awk '
+/Ports: / {
+	# Copy out the relevant parts of the line
+	r = "Ports: "
+
+	# This should never evaluate to true, but Im paranoid
+	if (match($0, r) == 0)
+		next
+
+	portstr = substr($0, RSTART + length(r))
+
+	sub("[ \t]*Ignored State:.*$", "", portstr)
+
+	# Split the into single port fields
+	nports = split(portstr, portlist, ",") 
+
+	# Loop through each port field
+	# Split it into its components and trim it, just to be sure
+	for (i = 1; i <= nports; i++) {
+		sub("^[ \t]+|[ \t]+$", "", portlist[i])
+		np = split(portlist[i], p, "/")
+
+		# Dont use the last field of the split, as it isnt a field anymore
+		# just the end delimiter
+		printf "%s", $2
+		for (j = 1; j < np; j++) {
+			# Set empty fields to "-"
+			sub("^[ \t]*$", "-", p[j])
+			printf "\t%s", p[j]
+		}
+		printf "\n"
+	}
+}
+'
blob - /dev/null
blob + 0ab061ec72beefa9eeca557766d81355e8fd06a1 (mode 644)
--- /dev/null
+++ from_nuclei.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+# This is still a work-in-progress
+
+awk '
+{
+	# Remove the surrounding [] brackets of the first three fields
+	for (i = 1; i <= 3; i++)
+		$i = substr($i, 2, length($i) - 2)
+
+	printf "%-70s\t%-10s\t%-10s\t%s", $1, $2, $3, $4
+
+	# If there is additional information at the end, print it
+	# separated with one space
+	if (NF > 4) {
+		printf "\t%s", $5
+		for (i = 6; i <= NF; i++) {
+			printf " %s", $i
+		}
+	}
+	printf "\n"
+}
+'
blob - /dev/null
blob + eea74d9555ca7e1e73762663a53dcca72f11fb64 (mode 644)
--- /dev/null
+++ query_accesslog.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+awk	-F "\t" \
+	-v OFS="\t" \
+	-v domain=1 \
+	-v host=2 \
+	-v date=5 \
+	-v req=6 \
+	"${@}"
blob - /dev/null
blob + 3dca83708675f15ae6ec95975033c7db5080926f (mode 644)
--- /dev/null
+++ query_gnmap.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+awk	-F "\t+" \
+	-v OFS="\t" \
+	-v host=1 \
+	-v port=2 \
+	-v state=3 \
+	-v proto=4 \
+	-v owner=5 \
+	-v service=6 \
+	-v sunrpc=7 \
+	-v version=8 \
+	"${@}"
blob - /dev/null
blob + 8b07fed6f24140e8058bc52938dee90f3dca86ec (mode 644)
--- /dev/null
+++ query_nuclei.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+awk	-F "\t" \
+	-v OFS="\t" \
+	-v finding=1 \
+	-v proto=2 \
+	-v level=3 \
+	-v loc=4 \
+	-v info=5 \
+	"${@}"