forked from wedaa/LongTail-Log-Analysis
-
Notifications
You must be signed in to change notification settings - Fork 1
/
LongTail_find_first_password_use.pl
executable file
·81 lines (73 loc) · 2.71 KB
/
LongTail_find_first_password_use.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
#!/usr/bin/perl
if ($ARGV[0] eq "passwords"){ $file="todays_password"; $search_for="Passwords"; }
if ($ARGV[0] eq "usernames"){ $file="todays_username"; $search_for="Usernames";}
if ($ARGV[0] eq "ips"){ $file="todays_ips"; $search_for="IP Addresses";}
if (! defined ($search_for)){
print "You forgot to specify what to look for, exiting now.\n";
exit;
}
chdir "/var/www/html/honey/historical" || die "Can not chdir to /var/www/html/honey/historical, this is bad\n";;
open (FIND_YEAR, "ls |") || die "Can not run ls is /var/www/html/honey/historical, exiting now\n";
while (<FIND_YEAR>){
chomp;
$year=$_;
#print "year is $year, ";
chdir $year || die "Can not chdir to /var/www/html/honey/historical/$year, this is bad\n";;;
open (FIND_MONTH, "ls |") || die "Can not run ls is /var/www/html/honey/historical/$year, exiting now\n";;
while (<FIND_MONTH>){
chomp;
$month=$_;
#print "month is $month, ";
chdir $month || die "Can not chdir to /var/www/html/honey/historical/$year/$month, this is bad\n";;;
open (FIND_DAY, "ls |") || die "Can not run ls is /var/www/html/honey/historical/$year/$month, exiting now\n";;
while (<FIND_DAY>){
chomp;
$day=$_;
#print "day is $day\n";
chdir $day || die "Can not chdir to /var/www/html/honey/historical/$year/$month/$day, this is bad\n";;;
if ( -e $file){
open (FILE, $file) || die "Can not open file $file in /var/www/html/honey/historical/$year/$month/$day, exiting now\n";;
while (<FILE>){
chomp;
if (! defined ($password_array{$_})){
$password_array{$_}="$year-$month-$day";
$password_last_seen_array{$_}="$year-$month-$day";
$password_count++;
}
else {
$password_last_seen_array{$_}="$year-$month-$day";
}
}
close (FILE);
}
chdir "..";
}
chdir "..";
}
chdir "..";
}
open (OUTPUT, ">$file.$$") || die "Can not open $dir/$file.$$, exiting now\n";;
while (($password, $date) = each(%password_array)){
if (($search_for eq "Usernames" ) || ($search_for eq "IP Addresses")){
# This is a hack to cleanup bad input
if ($search_for eq "Usernames"){
($password,$trash)=split(/ /,$password);
}
if ($search_for eq "IP Addresses"){
($password,$trash)=split(/ /,$password);
}
$password =~ s/</</g;
$password =~ s/>/>/g;
print (OUTPUT "<TR><TD>$date </TD><TD>$password_last_seen_array{$password} </TD><TD align=left>$password</TD></TR>\n");
}
else {
print (OUTPUT "$date $password_last_seen_array{$password} $password\n");
}
}
close (OUTPUT);
print "<TABLE>\n";
print "<TR><TH colspan=3>$search_for count is $password_count</TH></TR>\n";
print "<TR><TH>First Seen</TH><TH>Last Seen</TH><TH>$search_for</TH></TR>\n";
system ("sort $file.$$ ");
unlink ("$file.$$");
#print "</TABLE>\n";