Whistle Master Posted April 30, 2012 Posted April 30, 2012 (edited) Hi ! My last add-on to the pineapple: a log checker to send by email events based on defined matching rules Features - Add rules to filter log events (match & ignore) - Automatically send filtered events by email on a defined frequency (cron). - See filtered log in the UI and auto-refresh - Test email function - Autostart - Custom script execution Screenshots Edited August 7, 2012 by Whistle Master Quote
shadowmmm Posted May 1, 2012 Posted May 1, 2012 (edited) thank you WM ps have u been working on the keylogger module still :) Edited May 1, 2012 by shadowmmm Quote
Whistle Master Posted May 2, 2012 Author Posted May 2, 2012 · Hidden by Whistle Master, May 2, 2012 - No reason given Hidden by Whistle Master, May 2, 2012 - No reason given First version has been send to Seb :)
Whistle Master Posted May 4, 2012 Author Posted May 4, 2012 Last version with Autostart and ignore rules is out :) Quote
Whistle Master Posted May 13, 2012 Author Posted May 13, 2012 Last version with Custom script execution is out :) Quote
PineDominator Posted May 13, 2012 Posted May 13, 2012 Last version with Custom script execution is out :) I am not sure how to use this? is it watching the logger log? how do I chose what log is being checked? Quote
Whistle Master Posted May 14, 2012 Author Posted May 14, 2012 Yes, the module is watching the logger log. You can add filter (matching, ignore). The last addition is the execution of a custom script with the output result sent by email. I already included an example of custom script which is the same as the output from the pineapple main page (DHCP log, ARP and Karma log). Quote
PineDominator Posted May 14, 2012 Posted May 14, 2012 Yes, the module is watching the logger log. You can add filter (matching, ignore). The last addition is the execution of a custom script with the output result sent by email. I already included an example of custom script which is the same as the output from the pineapple main page (DHCP log, ARP and Karma log). Thanks WM:-) This link has your name on it;-) Quote
velkrosmaak Posted May 18, 2012 Posted May 18, 2012 Am I being a dumbass or do I need to find some kind of open smtp server? I can't find a way to add a password in order to authenticate to say, Gmail's SMTP server. Quote
Whistle Master Posted May 18, 2012 Author Posted May 18, 2012 (edited) For Gmail, add to the configuration: root=username@gmail.com mailhub=smtp.gmail.com:587 rewriteDomain= hostname=username@gmail.com UseSTARTTLS=YES AuthUser=username AuthPass=password FromLineOverride=YES Edited May 18, 2012 by Whistle Master Quote
Razzlerock Posted November 7, 2012 Posted November 7, 2012 Hi there. I got this working with the default script, but now I would like to use my own 'simple' script. It seems simple, but I cannot get it to work Basically, I want the pineapple to 'check' if an (auto)ssh connection has successfully connected (after 5 minutes of a reboot) - if it has I would like it to fire me an email. If it hasn't connected via ssh, I don't want an email. Why do I want this? When deploying on a site, I would like a way to know if the pineapple has been able to tunnel through a companies firewall - in other words, if they are permitting SSH. A simple cron check after 5 minutes of a reboot to check ssh and fire me an email saying its connected would be beautiful. If I don't get an email, I can assume that SSH is blocked.... P.S. I know I can use 3g (no company firewall restriction) and I know I can check the ssh connection on the pineapple by wireless connecting to it - in this scenario please consider that neither of these options are available. I was wondering if a simple 'pidof autossh' could be used? If there is no output (no ssh connection), do nothing. If there is output (see below) then there IS an SSH connection and trigger an email? I'd appreciate a few pointers please. root@Pineapple:~# pidof autossh 1972 root@Pineapple:~# Razzlerock Thanks Razzlerock Quote
Razzlerock Posted November 7, 2012 Posted November 7, 2012 Sorry to reply to my own post but I got this working (except the cron bit). Maybe this will help someone one day.... root@Pineapple:/usb/etc/ssmtp# ls email-content revaliases send-email.sh ssh-check.sh ssmtp.conf root@Pineapple:/usb/etc/ssmtp# cat ssh-check.sh #!/bin/sh # ----------------------------------------------------------------- # Simple script to send email if SSH is connected. # ----------------------------------------------------------------- logger "Check if SSH is established" if ! ( pidof autossh); then logger "SSH: Connection seemed to be down." else /usb/etc/ssmtp/send-email.sh & logger "SSH: Connection seems to be up. Issued /usb/etc/ssmtp/send-email.sh" fi root@Pineapple:/usb/etc/ssmtp# cat send-email.sh ssmtp destinationemailaddress@test.com < /usb/etc/ssmtp/email-content root@Pineapple:/usb/etc/ssmtp# cat email-content To: destinationemailaddress@test.com; From: myemail@gmail.com; Subject: Pineapple has dialed home successfully; A check has confirmed you have dialled home. root@Pineapple:/usb/etc/ssmtp# The only part I need to work out now, is if I can schedule to run in cron 10 minutes after a reboot (I don't want it to run every 15 mins.....) If I work this out, ill let you know. If you know how to do this, let me know. Razzlerock Quote
Razzlerock Posted November 7, 2012 Posted November 7, 2012 BTW, I have tried the @reboot cron entry and it doesn't look like its supported. Can anyone verify? The plan was to invoke via cron on reboot using '@reboot' and then have 'sleep 600' at the start of the shell, effectively delaying the rest of the script for 10 minutes. This 'would' have given me the desired effect, but testing has so far shown no cigar. Quote
velkrosmaak Posted November 7, 2012 Posted November 7, 2012 For Gmail, add to the configuration: root=username@gmail.com mailhub=smtp.gmail.com:587 rewriteDomain= hostname=username@gmail.com UseSTARTTLS=YES AuthUser=username AuthPass=password FromLineOverride=YES I never thanked you for this, by the way. Thanks man, 'till I get some sort of SMTP relay running this is a lot easier! Quote
thesugarat Posted November 10, 2012 Posted November 10, 2012 I don't want log check to send emails but I would like to see Karma logs output to /USB/logs folder. Is that possible as an option? Quote
mreidiv Posted January 29, 2013 Posted January 29, 2013 Running 2.7.5 module has no install button for ssmtp Quote
telot Posted January 29, 2013 Posted January 29, 2013 mreidiv: First off, good to see you posting again! It's been a while, so welcome back to the community Second, for advice on ssmtp, you might find value in my post on the subject: http://forums.hak5.org/index.php?/topic/25966-sent-from-my-pineapple/?hl=ssmtp Enjoy telot Quote
mreidiv Posted January 29, 2013 Posted January 29, 2013 mreidiv: First off, good to see you posting again! It's been a while, so welcome back to the community Second, for advice on ssmtp, you might find value in my post on the subject: http://forums.hak5.org/index.php?/topic/25966-sent-from-my-pineapple/?hl=ssmtp Enjoy telot Thanks, Its been hard to find time while looking for a job here in st. Louis and going to school, and maintaining civility between 4 kids. I stop in when i can . Your post worked thanks, i am a assuming that the problem will be fixed when the next major firmware is released. Quote
Whistle Master Posted January 29, 2013 Author Posted January 29, 2013 (edited) Running 2.7.5 module has no install button for ssmtp The feature has never been there actually ;) I will add it in the next version of the module. EDIT: version 2.3 is out with ssmtp installation feature ^_^ Edited January 29, 2013 by Whistle Master Quote
newbi3 Posted February 22, 2013 Posted February 22, 2013 This is a lot like my SMS script I wrote just got to get around to releasing it. I'll probably add some of the features that you have in this to that. Good work mate! Quote
Whistle Master Posted February 23, 2013 Author Posted February 23, 2013 I would suggest to collaborate on this and bring a single module to the community, instead of splitting :) I'll PM you. Quote
Boba Fett Posted February 23, 2013 Posted February 23, 2013 There is a way to check the sslstrip log by mail? Quote
Boba Fett Posted February 27, 2013 Posted February 27, 2013 I have 2.7.0 and try to make a custom filter: #!/bin/sh # Custom script grep PHISH /pineapple/logs/phish.log | grep SSLSTRIP /?????????/dnsspoof.log This is ok? Where find sslstrip log? I only want the phish log and the sslstrip log. Quote
telot Posted February 28, 2013 Posted February 28, 2013 I don't know anything about where or what the logs are for the module, as I use 'strip via cli and wps button, but see my thread on ssmtp for a great start on emailed logs. http://forums.hak5.org/index.php?/topic/25966-sent-from-my-pineapple/ telot Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.