This repository has been archived by the owner on Nov 26, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
spam-bot-parser.sh
82 lines (69 loc) · 1.77 KB
/
spam-bot-parser.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#!/bin/bash
if [ $# -eq 0 ]; then
echo "Please provide the path to the log file."
exit 1
fi
log_file_path=""
unique_flag=false
ports_flag=false
# Process command-line arguments
while [[ $# -gt 0 ]]; do
key="$1"
case $key in
-u|--unique)
unique_flag=true
shift
;;
-p|--ports)
ports_flag=true
shift
;;
*)
log_file_path=$1
shift
;;
esac
done
# i love regex!
filter_pattern=".*id=<null>.*"
name_pattern="name=([[:alnum:]]+)"
ip_pattern="([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+)"
# actually, i hate it with every fiber of my being...
if [ -z "$log_file_path" ]; then
echo "Please provide the path to the log file."
exit 1
fi
if [ ! -f "$log_file_path" ]; then
echo "Log file not found: $log_file_path"
exit 1
fi
if [[ $log_file_path == *.gz ]]; then
log_content=$(gunzip -c "$log_file_path")
else
log_content=$(cat "$log_file_path")
fi
# regex magic
filtered=$(echo "$log_content" | grep -Po "$filter_pattern")
names=$(echo "$filtered" | grep -Po "$name_pattern" | awk -F= '{print $2}')
ips=$(echo "$filtered" | grep -Po "$ip_pattern")
IFS=$'\n' read -rd '' -a name_array <<< "$names"
IFS=$'\n' read -rd '' -a ip_array <<< "$ips"
output=""
# arrang the output as "name;ip:port" for later use in csv files
for index in "${!name_array[@]}"; do
name=${name_array[index]}
ip=${ip_array[index]}
if [ "$ports_flag" = true ]; then
output+="$name;$ip"$'\n'
else
ip_without_port=${ip%:*}
output+="$name;$ip_without_port"$'\n'
fi
done
if [ "$unique_flag" = true ]; then
unique_output=$(echo "$output" | sort -u)
trimmed_output=$(echo "$unique_output" | sed '/^$/d')
echo "$trimmed_output"
else
echo "$output"
fi