Skip to content
/ ShellOpsLog Public

Automatically create an operation log of your shell! Supports Linux (Bash/Zsh) and Windows (PowerShell/CMD).

28 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DrorDvash/ShellOpsLog

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
Microsoft.PowerShell_profile.ps1
Microsoft.PowerShell_profile.ps1
 
 
README.md
README.md
 
 
ShellOpsLog.sh
ShellOpsLog.sh
 
 

Repository files navigation

ShellOpsLog

ShellOpsLog is a lightweight command logger designed to automatically capture and log all executed commands (without their output) during engagements such as red and purple team operations, internal pt, or whatever usage.

The commands are saved in a CSV file with the columns Timestamp, User, Path, and Command, making it easy to use for both client deliverables and internal reviews.

Tip

One thing I like in the way I wrote it, is that the functions are "portable", allowing you to deploy them even on remote hosts (SSH, RDP, etc.) and log your commands. As always, remember you are responsible for your actions.

Overview

This repo contains two implementations of ShellOpsLog:

  • Bash/Zsh Version (ShellOpsLog.sh):
    Logs commands in Unix-based shells using shell hooks (Bash: PROMPT_COMMAND or Zsh: preexec).

  • PowerShell Version (Microsoft.PowerShell_profile.ps1):
    Automatically logs commands in PowerShell sessions.

Both scripts are focused on logging the executed commands (without output), so you can have a clear, CSV-ready record of your activities during engagements.

image Bash/Zsh Usage

  1. Place the ShellOpsLog.sh file in your file-system or clone the repo.

  2. Adjust and add the following line to your shell startup file (e.g., ~/.bashrc or ~/.zshrc):

    source /path/to/ShellOpsLog.sh

  3. Open a new terminal/tab

  4. Manually call or uncomment the auto-start line at the bottom of the script.

    $ start_operation_log

# Optionally, specify a custom log directory
$ start_operation_log ~/Projects/MyClient

# To stop command logging, run:
$ stop_operation_log

image PowerShell Usage

  1. Copy the contents of Microsoft.PowerShell_profile.ps1 into your profile file and save it.

    notepad $PROFILE

# In case you don't have one, create:
New-Item -ItemType File -Path $PROFILE -Force

  2. Restart powershell or open a new tab

  3. Manually call or uncomment the auto-start line at the bottom of the profile.

    PS> Start-OperationLog

# Optionally, specify a custom log directory
PS> Start-OperationLog "C:\Projects\MyClient"

# To stop command logging, run:
PS> Stop-OperationLog

image CMD

CMD is working but not as I wish for, it has some limitations. I will update soon

Preview

2025-03-03_23h14_28

image

image

TODO

About

Automatically create an operation log of your shell! Supports Linux (Bash/Zsh) and Windows (PowerShell/CMD).

Resources

Readme
Activity

Stars

28 stars

Watchers

2 watching

Forks

4 forks
Report repository

Languages