-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathghostbuster.sh
107 lines (104 loc) · 9.65 KB
/
ghostbuster.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#█▀▀▀▀█▀▀▀▀▀██▀▀▀▀██▀▀▀▀▀▀ ▀▀▀▀▀▀▀▀▀▀▀▓▒▀▀▀▀▀▀▀▀▀▀█▓▀ ▀▀▀██▀▀▀▀▀▀▀▀▀▓▓▀▀▀▀▀▀▀▀▀▌
#▌▄██▌ ▄▓██▄ ▀▄█▓▄▐ ▄▓█▓▓▀█ ▄▓██▀▓██▓▄ ▌▄█▓█▀███▓▄ ▌▄█▓█ ▀ ▄▓██▀▓██▓▄ ▄█▓█▀███▄■
#▌▀▓█▓▐▓██▓▓█ ▐▓█▓▌▐▓███▌■ ▒▓██▌ ▓██▓▌▐▓▒█▌▄ ▓██▓▌▐▓▒█▌▐ ▒▓██▌ ▓██▓▌▓▒█▌ ▓█▓▌
#▐▓▄▄▌░▓▓█▓▐▓▌ █▓▓▌░▓▓█▓▄▄ ▓▓██▓▄▄▓█▓▓▌░▓█▓ █ ▓█▓▓▌░▓█▓ ▒ ▓▓██▓▄▄▓█▓▓▌▓█▓ ░ ▓█▓▓
#▐▓▓█▌▓▓▓█▌ █▓▐██▓▌▐▓▒▓▌ ▄ ▐░▓█▌▄ ▀▀▀ ▐▓▓▓ ▐▌ ▀▀▀ ▐▓▓▓▄▄ ▐░▓█▌▄ ▀▀▀ ▓▓▓ ░ ██▓▓
#▐▓▓▓█▐▓▒██ ██▓▓▓▌▐▓▓██ █▌▐▓▓▒▌▐ ███░▌▐▓▓▒▌▐ ███░▌▐▓▓▒▌ ▐▓▓▒▌▀ ███░▌▓▓▒▌ ███░
# ▒▓▓█▌▒▓▓█▌ ▐▓█▒▒ ▒▓██▌▐█ ▒▓▓█ ▐█▓▒▒ ▒▒▓█ ▐█▓▒▒ ▒▒▓█ ▓▌▒▓▓█ ▐█▓▒▒ ▒▒▓█ ▐█▓▒▌
#▌ ▒▒░▀ ▓▒▓▀ ▀░▒▓ ▐▌ ▓▓▓▀ █ █▒▓▀▀░█▓ ▄▌ ▒▒▓▀▀░█▓ ▄▌ ▒▒▓▀▀ █▒▓▀▀░█▓ ▒▒▓▀▀░█▀
#█▄ ▀ ▄▄ ▀▄▄▀■ ▀ ▀▓█▄ ▀ ▄█▓█▄ ▀ ▓▄▄▄▄▄█▀ ▄▀ ▄▄▄▄▄▄█▓▄ ▀ ▄▄█▓▄▀ ▄▓▄█▄▀ ▄▄▄█▌
#▐████▓█▀ ▄▄█▓▓███▄▄ ▀▓▓████████████▓▀▄██▄▀▓██████▓▓██▓▓▓█▀▀▄▄███▓▓▄▄▄▀▀█▓████▌
#░░▌▓▓▌ ▄▒▒▓▓▓▀▀█████▄ ▀▒░▄ ███▓█▀▀ ▄▓█▌▐▒█▄▀▀▀█▓█████▓▓▀ ▄█████▀▀▓▓▓▒▒▄ ▐▓▓▐░░
#▐▒▒█▌ ▐░▓▓██▌ ▀▀█▓█▓▄▄▄ ▀█▀▀ ▄▒▓██▀▀ ▀▀██▓▓▄ ▀▀█▀ ▄▄▄▓█▓█▀ ▀ ▐██▓▓░▌ ▐█▒▒▌
# ▀▓█ ░▒▓███ ▄█▀▀▀▀▀▀▀█▓ ▄▒▓██▀ ▄▓▄ ▀▓██▓▄ ▓█▀▀▀▀▀▀▀▄█ ███▓▒░ █▓▀
# ▄█▀ ▀▒▓██▓▌ █▓ ▄▄█▓▓▄▄▄░▒▀▀ ▄▄ ▓░▒▓▓ ▄▄ ▀▀█▓▄▄▄▓▓█▄▄ ▓ █ ▐▓██▓▒▀ ▀█▄
#▐▓▌ ▀▓█▀▀ ▄▓▓▓█▀ ▄▀▀ ▄▄▀▀ ▀▀▀ ▀▀▄▄ ▀▀▄ ▀█▓▓▓▄▄ ▀▀█▓▀ ▐▓▌
#██ ▄▄▒█▐▒██▀ ▐▌ ■▀ ▄▄░▒▒▓████▓▄▄ ▀■ ▐▌ ▀██▒▌█▒▄▄ ██
#▐▒▌ ▄▓▓▓█▒▒▒▓▌ ▀▄ ▄▓▒▒▒███████████▒▓▓▄ ▄▀ ▐▓▒▒▒█▓▓▓▄ ▐▒▌
# ▓▓▌ ▐▒██▀ ▐▒█▀ ▄▄▓▒▒▒▒▓███████████████▓▓▓▄ ▀█▒▌ ▀██▒▌ ▐▓▓
# ▀█ ▒▒▓▌ ▒▓▌ ▄▓▒▒▒▒█░█▓██████████████████▓▓▓▓▄ ▐▓▒ ▐▓▒▒ █▀
# ▄█▀▀ ▐▒█▀ ▐▓▓ ▓░░▓▒▒▓▓▓████████████████████▓▓▓▓▒▓ ▓▓▌ ▀█▒▌ ▀▀█▄
#▐▓▌ ▒▓▌ ▄▄▒█▌▄ ▐░▒▒▓▓▓▀▀ ▀█▓█████████████▓▀▀█▓▓▓▓▌ ▄▐█▒▄▄ ▐▓▒ ▐▓▌
#██ ▐▓▓ ▄▓▓▓█▒▓▌ ░▒░░▒▀ ▓▓█████████▓▀ ▀░▓▒▓▌ ▐▓▒█▓▓▓▄ ▓▓▌ ██
#▐▒▌ ▒█▐▒██▀ ▒▓ ▐░░▒█ ▓ ▀ ▐▓████████▓▌ ▀ █ ▐▓▓▓ ▓▒ ▀██▒▌█▒ ▐▒▌
# ▓▓▌ ▒▒▒▓▌ ▀▒ ▀░▒▓▒▄ ▀▄▄█ █████████▓ ▐▌ ▄▀ ▄▒▓▒▌ ▒▀ ▐▓▒▒▒ ▐▓▓
# ▀█ ▐▒█▀▄▄ ▀▀█▓█▄▄ ▄█▒█▓▓▓▀▓████▄▀▀ ▄█▓█▒▀ ▄▄▀█▒▌ █▀
# ▄█▀▀ ▒▓▌▒▓▓▓▄ ▄░▒▓▄▄▀▓█▓████▓▀▀ ▓███▓█████▀▄▄▄ ▄▓▓▓▒▐▓▒ ▀▀█▄
#▐▓▌ ▐▓▓ ▀██▒▌ ▐░▒▒▒▓██▄███▓▀ ▀▓██▓██▀▄█▓▒▓▓▄ ▐▒██▀ ▓▓▌ ▐▓▌
#██ ▒█▒█▌ ▐▓▒▒ ░░▒▒█▓▓▓███▓▀ ▀▓████▓▓█▓█▓▓█ ▒▒▓▌ ▐█▒█▒ ██
#▐▒▌ ▐▓▓ ▒▓▌ ▀█▒▌ ▒░▒░▒░▓▓██▓▄ ▄▄▄▓▄ ▄█▒▒█▒▒▓▓▒▓▓▓▌▐▒█▀ ▐▓▒ ▓▓▌ ▐▒▌
# ▓▓▌ ▒▓▌ ▒▓ ▐▓▒ ▀░░▒▒▒█████▓▄ ▄▓█████████▓██▒▒▒▒▓▓▓▒▓ ▒▓▌ ▓▒ ▐▓▒ ▐▓▓
# ▀█ ▐▒█▄ ▀▒ ▓▓▌ ▀▒░▒▓███▀▀▀▀▓█▀▀▀▀▀█▀▀▀▀▓▓█▓▒▓▓▒░▀ ▐▓▓ ▒▀ ▄█▒▌ █▀
# ▄█▀▀ ▒▒▓▌ ▐▄▒ ▀▀ ▄▓▓ █▄▄ ▄▀▀▀▄▄▀▄▀▀▀▄ ▀▀▀▀ ▒▄▌ ▐▓▒▒ ▀▀█▄
#▐▓▌ ▐▒██▄ ▐▒▓ ▄▄▒█▌▄ ▐▒▒▌▀▐▌▀█▌ ▀▓ ▐█▌▀▀▌▒▌ ▄▐█▒▄▄ ▓▒▌ ▄██▒▌ ▐▓▌
#██ cXc[CPH]▓▓█▒▓▌ ▄▓▓▓█▒▓▌ ▒▒▒██▄ ▄▄▀ ▄▄█▓▓█▓▒ ▐▓▒█▓▓▓ ▄▐▓▒█▓▓▓▀ ██
#▐▒▌ ▀▀▒█▌▀▐▒██▀ ▐▒▓ ▀▒▒▒████████▓█▓▄▀▀ ▓▒▌ ▀██▐▒▀▐█▒▀▀ ▐▒▌
# ▓▓▌ ▐▓▓ ▒▒▒▓▌█▒▌▐▀▒ ▀░▒▒▓▓▓█▓▀▀ ▒▀▌▐▒█▐▓▒▒▒ ▓▓▌ ▐▓▓
# ▄▀█ ▒▄▌▐▒█▀▓▒▄▒ ▓▓▌ ▀▀▀▀ ▐▓▓ ▒▄▒▓▀▒█▌▐▄▒ █▀▄
#▐▓▌ ▀ ▓▒▌ ▄██▒▌ ▐▒██ ▄▐▒▓ ▀ ▐▓▌
#██ ▐▓▒█▓▓▓▀ ▀▓▓█▓▒▓▌ ██
#▐▒▌ ▄▄▄▓█▀■▀▐█▒▀▀ ▀▒▀█▌▀■▀█▓▄▄▄ ▐▒▌
# ▓▄▄███▓▀▀ ▀▀█▓██▄▄▓
#▄█▓▀▀ ▀▀▓█▄
#█▓ ▓█
#▓▒ ▒▓
#▓ ▓
# Copyright (C) 2015 Jonathan Racicot
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Description:
#
# Simple script to copy a suspicious file from a given source to
# a repository. The suspicious file is hashed using MD5. The MD5
# hash is use to create a folder within the repository unless already
# present and files are copied to it.
#
# Usage:
#
# TODO
#
# TODO:
# Use getops to parse parameters
#!/bin/bash
if [ $# -ne 2 ] ; then
echo "Usage $0 <source-directory> <dest-directory>"
exit 1
fi
DIR_SRC="$1*"
DIR_DEST="$2"
DIR_CUR=`pwd`
FILE_HASH=$DIR_CUR/hashes.md5
md5sum $DIR_SRC > $FILE_HASH
while read -r signature
do
echo $signature
MD5HASH=`echo $signature | cut -d" " -f1`
FILE=`echo $signature | cut -d" " -f2`
FILENAME=`basename $FILE`
DIR_FILE_DEST="$DIR_DEST/$MD5HASH/"
if [ -d $DIR_FILE_DEST ]; then
echo "[!] Directory for $MD5HASH already exists. Skipping"
else
echo "[*] Creating $DIR_FILE_DEST"
mkdir -p $DIR_FILE_DEST
echo "[*] Moving $FILENAME to $DIR_FILE_DEST"
mv $FILE $DIR_FILE_DEST
if [ -e $DIR_FILE_DEST/$FILENAME ]; then
echo "[+] File successfully captured."
else
echo "[-] File was not captured..."
fi
fi
done < "$FILE_HASH"
rm -f $FILE_HASH