Skip to content

Commit

Permalink
Display associated domains when available
Browse files Browse the repository at this point in the history
  • Loading branch information
@Adamm00
Adamm00 committed Sep 3, 2018
1 parent 99ae728 commit a248352
Showing 1 changed file with 18 additions and 3 deletions.
21 changes: 18 additions & 3 deletions firewall.sh
View file
Expand Up @@ -9,7 +9,7 @@
# __/ | #
# |___/ #
# #
## - 27/08/2018 - Asus Firewall Addition By Adamm v6.3.3 #
## - 03/09/2018 - Asus Firewall Addition By Adamm v6.3.4 #
## https://github.com/Adamm00/IPSet_ASUS #
#############################################################################################################

Expand Down Expand Up @@ -2767,6 +2767,11 @@ case "$1" in
if [ -n "$found2" ]; then $red "Blacklist Reason;"; grep -F "add Skynet-Blacklist $4 " "$skynetipset" | awk '{$1=$2=$3=$4=""; print $0}' | tr -s " "; echo; fi
if [ -n "$found3" ]; then $red "BlockedRanges Reason;"; grep -F "add Skynet-BlockedRanges $(echo "$4" | cut -d '.' -f1-3)." "$skynetipset" | awk '{$1=$2=$4=""; print $0}' | tr -s " "; fi
echo
if [ -f "/opt/var/log/dnsmasq.log" ] && grep -q "reply.* is $4" /opt/var/log/*; then
$red "Associated Domains;"
grep "reply.* is $4" /opt/var/log/* | awk '{print $6}' | sed 's~http[s]*://~~;s~/.*~~;s~www.~~g' | awk '!x[$0]++'
echo; echo
fi
echo "$4 First Tracked On $(grep -m1 -F "=$4 " "$skynetlog" | awk '{print $1" "$2" "$3}')"
echo "$4 Last Tracked On $(grep -F "=$4 " "$skynetlog" | tail -1 | awk '{print $1" "$2" "$3}')"
echo "$(grep -Foc "=$4 " "$skynetlog") Blocks Total"
Expand Down Expand Up @@ -2919,10 +2924,20 @@ case "$1" in
grep -F "Manual Ban" "$skynetevents" | grep -oE ' SRC=[0-9,\.]* ' | cut -c 6- | tail -"$counter" | awk '{a[i++]=$0} END {for (j=i-1; j>=0;) print a[j--] }' | awk '{print "https://otx.alienvault.com/indicator/ip/"$1}'
echo
$red "Last $counter Unique HTTP(s) Blocks (Outbound);"
grep -E 'DPT=80 |DPT=443 ' "$skynetlog" | grep -E "OUTBOUND.*$proto" | grep -oE ' DST=[0-9,\.]* ' | cut -c 6- | awk '{a[i++]=$0} END {for (j=i-1; j>=0;) print a[j--] }' | awk '!x[$0]++' | head -"$counter" | awk '{print "https://otx.alienvault.com/indicator/ip/"$1}'
if [ -f "/opt/var/log/dnsmasq.log" ]; then
grep -E 'DPT=80 |DPT=443 ' "$skynetlog" | grep -E "OUTBOUND.*$proto" | grep -oE ' DST=[0-9,\.]* ' | cut -c 6- | awk '{a[i++]=$0} END {for (j=i-1; j>=0;) print a[j--] }' | awk '!x[$0]++' | head -"$counter" | awk '{print "https://otx.alienvault.com/indicator/ip/"$1}' | while IFS= read -r "ip"; do
echo "$ip - ($(grep "reply.* is $(echo $ip | cut -d '/' -f6-)" /opt/var/log/* | awk '{print $6}' | sed 's~http[s]*://~~;s~/.*~~;s~www.~~g' | awk '!x[$0]++' | xargs))"
done
fi
echo
$red "Top $counter HTTP(s) Blocks (Outbound);"
grep -E 'DPT=80 |DPT=443 ' "$skynetlog" | grep -E "OUTBOUND.*$proto" | grep -oE ' DST=[0-9,\.]* ' | cut -c 6- | sort -n | uniq -c | sort -nr | head -"$counter" | awk '{print $1"x https://otx.alienvault.com/indicator/ip/"$2}'
if [ -f "/opt/var/log/dnsmasq.log" ]; then
grep -E 'DPT=80 |DPT=443 ' "$skynetlog" | grep -E "OUTBOUND.*$proto" | grep -oE ' DST=[0-9,\.]* ' | cut -c 6- | sort -n | uniq -c | sort -nr | head -"$counter" | awk '{print $1"x https://otx.alienvault.com/indicator/ip/"$2}' | while IFS= read -r "ip"; do
echo "$ip - ($(grep "reply.* is $(echo $ip | cut -d '/' -f6-)" /opt/var/log/* | awk '{print $6}' | sed 's~http[s]*://~~;s~/.*~~;s~www.~~g' | awk '!x[$0]++' | xargs))"
done
else
grep -E 'DPT=80 |DPT=443 ' "$skynetlog" | grep -E "OUTBOUND.*$proto" | grep -oE ' DST=[0-9,\.]* ' | cut -c 6- | sort -n | uniq -c | sort -nr | head -"$counter" | awk '{print $1"x https://otx.alienvault.com/indicator/ip/"$2}'
fi
echo
$red "Top $counter Blocks (Inbound);"
grep -E "INBOUND.*$proto" "$skynetlog" | grep -oE ' SRC=[0-9,\.]* ' | cut -c 6- | sort -n | uniq -c | sort -nr | head -"$counter" | awk '{print $1"x https://otx.alienvault.com/indicator/ip/"$2}'
Expand Down

0 comments on commit a248352

Please sign in to comment.