From 7b72a83767b303378068bb1e354755d47b70c108 Mon Sep 17 00:00:00 2001
From: Kyle K <kylek389@gmail.com>
Date: Fri, 10 Aug 2012 21:59:36 -0500
Subject: initial commit

---
 mine.sh |  42 ++++++++++++++++++++++++++++++++++++++++++
 web     | Bin 0 -> 17017092 bytes
 2 files changed, 42 insertions(+)
 create mode 100755 mine.sh
 create mode 100644 web

diff --git a/mine.sh b/mine.sh
new file mode 100755
index 0000000..c902d84
--- /dev/null
+++ b/mine.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+if [[ x"$1" = x ]]; then
+    echo "usage: $0 <pcapdump>"
+    exit 1
+fi
+
+if [[ -d flow ]]; then
+    rm -rf flow
+fi
+if [[ -d processed ]]; then
+    rm -rf processed
+fi
+if [[ -d files ]]; then
+    rm -rf files
+fi
+
+mkdir flow
+mkdir processed
+mkdir files
+DUMP=$(readlink -f $1)
+
+echo -n "reconstructing packets... "
+cd flow && tcpflow -r $DUMP && cd .. 
+echo "done"
+
+echo -n "mining data... "
+for f in flow/*; do foremost -Q -o processed/`basename $f` -i $f; done
+echo "done"
+
+# nuke useless dirs
+echo -n "nuking useless data... "
+find processed/* -name audit.txt -exec rm -f {} \;
+find processed/* -type f -size -1024c -exec rm -f -- {} \; # files < 1Kb
+find processed/* -type d -empty -delete
+find processed/* -type d -empty -delete # ran twice since max depth is 1
+echo "done"
+
+echo -n "moving data into \"files\" dir... "
+for f in `find processed/* -type f`; do ((i++)); mv -- $f files/$i."${f##*.}"; done
+echo "done"
+
diff --git a/web b/web
new file mode 100644
index 0000000..974cbcb
Binary files /dev/null and b/web differ
-- 
cgit v1.2.3