When it comes to using finding matching patterns inside text files, log files and text emails; egrep is very useful tool in your UNIX toolbox. Here are some of these to find IP addresses, emails, URLs ...
| 1. Find URL's inside an email |
| bash# egrep -i -o 'http?://[^"|\)]+' linkedin-phish http://www.mpglinkasia.com/tmp/wp-enter.php?xU3MV57SCEGZJG4TH http://www.linkedin.com/scds/common/u/img/logos/logo_emails_trans_98x24.png http://www.mpglinkasia.com/tmp/wp-enter.php?xTW7XCMB1CQ78DYTX http://www.linkedin.com/scds/common/u/img/bg/yellow_button_back.png http://www.linkedin.com/scds/common/u/img/bg/yellow_button_back.png http://www.mpglinkasia.com/tmp/wp-enter.php?xXLO3MA28FY2LBC70 http://www.mpglinkasia.com/tmp/wp-enter.php?xG081Y7Y8ZJ32SW8D http://www.mpglinkasia.com/tmp/wp-enter.php?xQ8X25VY3LJ3QO41U http://www.linkedin.com/emimp/wu77cl-h69h0sqt-3q.gif |
| (Love the phishing URL's in this email) 2. Find IPv4 addresses inside a log file |
|
bash# egrep -i -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' /var/log/mail.log 28.8.25.238 9.22.100.116 28.86.35.238 21.99.106.203 18.86.255.238 14.25.253.228 |
| OR |
|
bash# egrep -i -o '([0-9]{1,3}\.){3}[0-9]{1,3}' /var/log/mail.log 10.222.100.116 28.8.25.238 9.22.100.116 28.86.35.238 21.99.106.203 18.86.255.238 14.25.253.228 |
| 3. Find only email addresses inside log files or emails |
|
bahs# egrep -i -o '[a-z0-9\._%+-]+@[a-z0-9\.-]+\.[a-z]{2,4}' bigfoot.com@mail4.atl31.mcdlv.net 38dcf506a3894d151868dd0531a867742ab.20130828180745@mail4.atl31.mcdlv.net himalyantreck@farmail.net michael.klain@hibiscus.co.uk todaylowestprice@shringa.org.cn |
No comments:
Post a Comment