diff options
Diffstat (limited to 'mine.sh')
| -rwxr-xr-x | mine.sh | 42 |
1 files changed, 42 insertions, 0 deletions
@@ -0,0 +1,42 @@ +#!/bin/bash + +if [[ x"$1" = x ]]; then + echo "usage: $0 <pcapdump>" + exit 1 +fi + +if [[ -d flow ]]; then + rm -rf flow +fi +if [[ -d processed ]]; then + rm -rf processed +fi +if [[ -d files ]]; then + rm -rf files +fi + +mkdir flow +mkdir processed +mkdir files +DUMP=$(readlink -f $1) + +echo -n "reconstructing packets... " +cd flow && tcpflow -r $DUMP && cd .. +echo "done" + +echo -n "mining data... " +for f in flow/*; do foremost -Q -o processed/`basename $f` -i $f; done +echo "done" + +# nuke useless dirs +echo -n "nuking useless data... " +find processed/* -name audit.txt -exec rm -f {} \; +find processed/* -type f -size -1024c -exec rm -f -- {} \; # files < 1Kb +find processed/* -type d -empty -delete +find processed/* -type d -empty -delete # ran twice since max depth is 1 +echo "done" + +echo -n "moving data into \"files\" dir... " +for f in `find processed/* -type f`; do ((i++)); mv -- $f files/$i."${f##*.}"; done +echo "done" + |