commit 6bd8f90b8ec41e18a5f29bf3cb90fdb7c7028215 from: Dominik Lang date: Mon Apr 08 20:11:29 2024 UTC Simply the output by using awk's builtin print and delimiter variables. While there, update some comments. commit - cb1c4e156140f7e459004a9d18977efb9b53de5f commit + 6bd8f90b8ec41e18a5f29bf3cb90fdb7c7028215 blob - 7c43567503ee9c4dd0ade1c1e2a4938a6ec289c1 blob + 3017261e160af9e5cc1955d1eeac05628d13bf5e --- from_accesslog.sh +++ from_accesslog.sh @@ -1,15 +1,14 @@ #!/bin/sh awk ' -NR > 1 { +BEGIN { OFS="\t" } +$0 !~ /newsyslog.*logfile turned over/ { match($0, "[[].*]") - $5 = substr($0, RSTART + 1, RLENGTH - 2) + date = substr($0, RSTART + 1, RLENGTH - 2) match($0, "\".*\"") - $6 = substr($0, RSTART + 1, RLENGTH - 2) + req = substr($0, RSTART + 1, RLENGTH - 2) - l1 = NF-1 - printf "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n", $1, $2, $3, $4, $5, $6, $l1, NF - #print $1, $2, $3, $4, $5, $6, $l1, NF + print $1, $2, $3, $4, date, req, $(NF-1), NF } ' blob - e39d14452ac5bfeb13ada588da366704fe2db0ba blob + aa084ac4c0ce13c74314bf7530c472487cd9d19c --- from_gnmap.sh +++ from_gnmap.sh @@ -2,7 +2,8 @@ # In my opinion, gnmap isn't "grepable" but rather "transformable". # In my daily doing, I want something grepable with a little less information. -# The goal is to print one entire port section together with its IP per line, e.g. +# The goal is to print one entire port section together with its IP one per line, +# e.g. # # 192.168.1.42 22 open tcp ssh SSH-2.0-OpenSSH_9.5 # @@ -10,10 +11,15 @@ # for the different "fields". # We only use the address field and the Ports field and ignore everything else. # -# The Ports field is delimited with "," and within a field delimited with "/" +# The Ports field is delimited with "," and within a field and entry is +# delimited with "/" # First split the "Ports:" field into it's port entry components. # Then split each of these components into it's subcomponents. +# Note: The typos in the comments within the script are intentionally missing +# the apostrophes, as these would be interpreted as the closing single quotes +# to the argument of awk. + awk ' /Ports: / { # Copy out the relevant parts of the line @@ -27,7 +33,7 @@ awk ' sub("[ \t]*Ignored State:.*$", "", portstr) - # Split the into single port fields + # Split the ports string into single port fields nports = split(portstr, portlist, ",") # Loop through each port field @@ -36,8 +42,8 @@ awk ' sub("^[ \t]+|[ \t]+$", "", portlist[i]) np = split(portlist[i], p, "/") - # Dont use the last field of the split, as it isnt a field anymore - # just the end delimiter + # Dont use the last field of the split, as its just a delimiter + # and not a real field anymore printf "%s", $2 for (j = 1; j < np; j++) { # Set empty fields to "-" blob - ae5af9015a50b25de84660c9a0069c0ae1ee8a44 blob + 6c80085008f94a09ab5c9a0bda7f3e2f1156e70d --- from_nuclei.sh +++ from_nuclei.sh @@ -5,13 +5,14 @@ # $ column -s " " -t awk ' -BEGIN {OFS="\t"} +BEGIN { OFS="\t" } { # Remove the surrounding [] brackets of the first three fields for (i = 1; i <= 3; i++) $i = substr($i, 2, length($i) - 2) - printf "%s\t%s\t%s\t%s\t", $1, $2, $3, $4 + ORS = "\t" + print $1, $2, $3, $4 # If there is additional information at the end, # print it separated with one space.