initial commit

2 files changed, 42 insertions, 0 deletions

diff --git a/mine.sh b/mine.sh
new file mode 100755
index 0000000..c902d84
--- /dev/null
+++ b/mine.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+if [[ x"$1" = x ]]; then
+    echo "usage: $0 <pcapdump>"
+    exit 1
+fi
+
+if [[ -d flow ]]; then
+    rm -rf flow
+fi
+if [[ -d processed ]]; then
+    rm -rf processed
+fi
+if [[ -d files ]]; then
+    rm -rf files
+fi
+
+mkdir flow
+mkdir processed
+mkdir files
+DUMP=$(readlink -f $1)
+
+echo -n "reconstructing packets... "
+cd flow && tcpflow -r $DUMP && cd .. 
+echo "done"
+
+echo -n "mining data... "
+for f in flow/*; do foremost -Q -o processed/`basename $f` -i $f; done
+echo "done"
+
+# nuke useless dirs
+echo -n "nuking useless data... "
+find processed/* -name audit.txt -exec rm -f {} \;
+find processed/* -type f -size -1024c -exec rm -f -- {} \; # files < 1Kb
+find processed/* -type d -empty -delete
+find processed/* -type d -empty -delete # ran twice since max depth is 1
+echo "done"
+
+echo -n "moving data into \"files\" dir... "
+for f in `find processed/* -type f`; do ((i++)); mv -- $f files/$i."${f##*.}"; done
+echo "done"
+
diff --git a/web b/web
new file mode 100644
index 0000000..974cbcb
--- /dev/null
+++ b/web