Jump to content

is analyze.sh mentioned at defcon available?


pineappleboy

Recommended Posts

#!/bin/bash
if [ -z "$1" ]; then
    echo "Usage: analyze.sh input_file output_file"; exit
fi
if [ ! -f oui-small.txt ]
    then
        echo "Downloading OUI Database"
        wget http://standards.ieee.org/regauth/oui/oui.txt
        echo "Database downloaded. Fixing up oui.txt"
        cat oui.txt | grep "base 16" | sed "s/(base 16)//g" | cut -c 3- | sed "s/\t//g" | sed "s/     / /g" > oui-small.txt
fi
echo -e "Processing PineAP Log\n"
rm /tmp/analyze_tmp &>/dev/null
rm $2 &>/dev/null
while read i; do
    OUI=$(echo $i | awk {'print $7'} | cut -c 1-8 | sed "s/://g" | awk '{print toupper($0)}')
    grep $OUI oui-small.txt | awk {'print $2'} >> /tmp/analyze_tmp
done < $1
unique_manufacturer=$(cat /tmp/analyze_tmp | awk '{print tolower($0)}' | sed "s/,//g" | sort | uniq | wc -l)
printf "Unique:\n" >> $2
printf "       Probes: " >> $2 && cat pineap.log | awk {'print $10'} | sed "s/'//g" | sort | uniq | wc -l >> $2
printf "      Devices: " >> $2 && cat pineap.log | awk {'print $7'} | sort | uniq | wc -l >> $2
printf "         OUIs: " >> $2 && cat pineap.log | awk {'print $7'} | sort | cut -c  1-8 | uniq | wc -l >> $2
printf "Manufacturers: $unique_manufacturer\n\n" >> $2
printf "Top 10 Manufacturers:\n" >> $2
cat /tmp/analyze_tmp | sed "s/,//g" | sort | uniq -c | sort -g -r | head -10 >> $2
printf "\nTop 10 Probe Requests:\n" >> $2
cat $1 | awk '{print $10}' | sort | uniq -c | sort -g -r | head -10 >> $2
cat $2
printf "\n"

Here you go!

Link to comment
Share on other sites

  • 2 weeks later...
  • 8 months later...

Any idea why my output is missing the Top 10 items?

I did notice the sort message below.

root@Pineapple:~# ./analyze.sh pineap.log output5
Processing PineAP Log

sort: unknown sort type
Unique:
       Probes: 40
      Devices: 1170
         OUIs: 1058
Manufacturers: 0

Top 10 Manufacturers:

Top 10 Probe Requests:

root@Pineapple:~#

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...