Jump to content

Recommended Posts

Posted (edited)

Hi !

My last add-on to the pineapple: a log checker to send by email events based on defined matching rules smile.gif

Features

- Add rules to filter log events (match & ignore)

- Automatically send filtered events by email on a defined frequency (cron).

- See filtered log in the UI and auto-refresh

- Test email function

- Autostart

- Custom script execution

Screenshots

bab206e76ad78b9dc461d22d8788c23e6138f7711609541efacf8212b70db2e42g.jpg5b0e428c8fc1ed10ccd0902030a16ec32f23fb3e10748aa4af944d52149789762g.jpg

cfa988e3dbbaa4f9867e55a9d994600859433fd3db388a57c2df24584b0420b02g.jpg

Edited by Whistle Master
Posted · Hidden by Whistle Master, May 2, 2012 - No reason given
Hidden by Whistle Master, May 2, 2012 - No reason given

First version has been send to Seb :)

  • 2 weeks later...
Posted

Yes, the module is watching the logger log. You can add filter (matching, ignore).

The last addition is the execution of a custom script with the output result sent by email. I already included an example of custom script which is the same as the output from the pineapple main page (DHCP log, ARP and Karma log).

Posted

Yes, the module is watching the logger log. You can add filter (matching, ignore).

The last addition is the execution of a custom script with the output result sent by email. I already included an example of custom script which is the same as the output from the pineapple main page (DHCP log, ARP and Karma log).

Thanks WM:-)

This link has your name on it;-)

Posted (edited)

For Gmail, add to the configuration:

root=username@gmail.com
mailhub=smtp.gmail.com:587
rewriteDomain=
hostname=username@gmail.com
UseSTARTTLS=YES
AuthUser=username
AuthPass=password
FromLineOverride=YES

Edited by Whistle Master
  • 5 months later...
Posted

Hi there. I got this working with the default script, but now I would like to use my own 'simple' script. It seems simple, but I cannot get it to work :wacko:

Basically, I want the pineapple to 'check' if an (auto)ssh connection has successfully connected (after 5 minutes of a reboot) - if it has I would like it to fire me an email. If it hasn't connected via ssh, I don't want an email.

Why do I want this? When deploying on a site, I would like a way to know if the pineapple has been able to tunnel through a companies firewall - in other words, if they are permitting SSH. A simple cron check after 5 minutes of a reboot to check ssh and fire me an email saying its connected would be beautiful. If I don't get an email, I can assume that SSH is blocked....

P.S. I know I can use 3g (no company firewall restriction) and I know I can check the ssh connection on the pineapple by wireless connecting to it - in this scenario please consider that neither of these options are available.

I was wondering if a simple 'pidof autossh' could be used? If there is no output (no ssh connection), do nothing. If there is output (see below) then there IS an SSH connection and trigger an email? I'd appreciate a few pointers please.

root@Pineapple:~# pidof autossh

1972

root@Pineapple:~#

Razzlerock

Thanks

Razzlerock

Posted

Sorry to reply to my own post but I got this working (except the cron bit). Maybe this will help someone one day....

root@Pineapple:/usb/etc/ssmtp# ls

email-content revaliases send-email.sh ssh-check.sh ssmtp.conf

root@Pineapple:/usb/etc/ssmtp# cat ssh-check.sh

#!/bin/sh

# -----------------------------------------------------------------

# Simple script to send email if SSH is connected.

# -----------------------------------------------------------------

logger "Check if SSH is established"

if ! ( pidof autossh); then

logger "SSH: Connection seemed to be down."

else

/usb/etc/ssmtp/send-email.sh &

logger "SSH: Connection seems to be up. Issued /usb/etc/ssmtp/send-email.sh"

fi

root@Pineapple:/usb/etc/ssmtp# cat send-email.sh

ssmtp destinationemailaddress@test.com < /usb/etc/ssmtp/email-content

root@Pineapple:/usb/etc/ssmtp# cat email-content

To: destinationemailaddress@test.com;

From: myemail@gmail.com;

Subject: Pineapple has dialed home successfully;

A check has confirmed you have dialled home.

root@Pineapple:/usb/etc/ssmtp#

The only part I need to work out now, is if I can schedule to run in cron 10 minutes after a reboot (I don't want it to run every 15 mins.....) If I work this out, ill let you know. If you know how to do this, let me know.

Razzlerock

Posted

BTW, I have tried the @reboot cron entry and it doesn't look like its supported. Can anyone verify?

The plan was to invoke via cron on reboot using '@reboot' and then have 'sleep 600' at the start of the shell, effectively delaying the rest of the script for 10 minutes. This 'would' have given me the desired effect, but testing has so far shown no cigar.

Posted

For Gmail, add to the configuration:

root=username@gmail.com
mailhub=smtp.gmail.com:587
rewriteDomain=
hostname=username@gmail.com
UseSTARTTLS=YES
AuthUser=username
AuthPass=password
FromLineOverride=YES

I never thanked you for this, by the way. Thanks man, 'till I get some sort of SMTP relay running this is a lot easier!

Posted

I don't want log check to send emails but I would like to see Karma logs output to /USB/logs folder. Is that possible as an option?

  • 2 months later...
Posted

mreidiv: First off, good to see you posting again! It's been a while, so welcome back to the community

Second, for advice on ssmtp, you might find value in my post on the subject:

http://forums.hak5.org/index.php?/topic/25966-sent-from-my-pineapple/?hl=ssmtp

Enjoy

telot

Posted

mreidiv: First off, good to see you posting again! It's been a while, so welcome back to the community

Second, for advice on ssmtp, you might find value in my post on the subject:

http://forums.hak5.org/index.php?/topic/25966-sent-from-my-pineapple/?hl=ssmtp

Enjoy

telot

Thanks, Its been hard to find time while looking for a job here in st. Louis and going to school, and maintaining civility between 4 kids. I stop in when i can . Your post worked thanks, i am a assuming that the problem will be fixed when the next major firmware is released.

Posted (edited)

Running 2.7.5 module has no install button for ssmtp

The feature has never been there actually ;) I will add it in the next version of the module.

EDIT: version 2.3 is out with ssmtp installation feature ^_^

Edited by Whistle Master
  • 4 weeks later...
Posted

This is a lot like my SMS script I wrote just got to get around to releasing it. I'll probably add some of the features that you have in this to that. Good work mate!

Posted

I have 2.7.0 and try to make a custom filter:

#!/bin/sh
# Custom script
grep PHISH /pineapple/logs/phish.log | grep SSLSTRIP /?????????/dnsspoof.log
This is ok? Where find sslstrip log?
I only want the phish log and the sslstrip log.
Posted

I don't know anything about where or what the logs are for the module, as I use 'strip via cli and wps button, but see my thread on ssmtp for a great start on emailed logs.

http://forums.hak5.org/index.php?/topic/25966-sent-from-my-pineapple/

telot

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...