«

»

Status update

Tuesday April 17, 2012 — 1:07 AM

I have been messing around with some logfiles recently (related to honeypots as usual), and the following has been helpful whenever I wanted to extract IP addresses from them:

cat logfile.log | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort -u > /tmp/unique-ips.txt

Related posts:

  1. The big post of Kippo scripts, front-ends, bash one-liners and SQL queries
  2. Password analysis: Greek Ministry of Finance breach (Anonymous)
  3. Starting with Dionaea malware honeypot
  4. Honeyd2MySQL v0.2 - important fix
  5. Christmas gifts for the security enthusiast!

  • blcspt

    Grepping for IP addresses that way is awesome!
    Totally forgot about doing it that way as i mostly use grep and awk together

    Extracting IP addresses from kippo.log and listing how many separate connections each of them made:


    cat kippo.log | grep 'New connection:' | awk '{print $6}' | cut -d ':' -f1 | sort | uniq -c | sort -r

    12 98.76.54.32
    9 67.89.12.34
    3 109.87.65.43
    2 234.56.78.9
    1 109.87.65.43

    • http://bruteforce.gr Ion

      Hey Blackie, nice snippet! Thanks for your comment :)

More in General News, Honeypots
Σαρκοβόρο για τα malware, στη διάθεσή σας!
Παγίδες για τα malware του κόσμου όλου!
Ωραίο SSH honeypot, αλλά για το σπιτάκι!
Γλυκές παγίδες!
New version of Kippo-Graph: 0.7.1
Close