File: putty-log.rb

package info (click to toggle)
whatweb 0.6.1-1
  • links: PTS
  • area: main
  • in suites: forky, sid
  • size: 23,948 kB
  • sloc: ruby: 43,493; sh: 213; makefile: 41
file content (64 lines) | stat: -rw-r--r-- 1,821 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
##
# This file is part of WhatWeb and may be subject to
# redistribution and commercial restrictions. Please see the WhatWeb
# web site for more information on licensing and terms of use.
# https://morningstarsecurity.com/research/whatweb
##
Plugin.define do
name "PuTTY-Log"
authors [
  "Brendan Coles <bcoles@gmail.com>", # 2010-10-15
]
version "0.1"
description "This plugin identifies instances of PuTTY log files and attempts to extract usernames, servers and software versions."

# 91 results for "=~=~=~=~=~=~=~=~=~=~=~= PuTTY log " ext:log @ 2010-10-15


matches [

# Log header
{ :regexp=>/=~=~=~=~=~=~=~=~=~=~=~= PuTTY log [0-9]{4}.[0-9]{2}.[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2} =~=~=~=~=~=~=~=~=~=~=~=/ },

]

# Extract username, server & software versions.
passive do
	m=[]

	if @body =~ /=~=~=~=~=~=~=~=~=~=~=~= PuTTY log [0-9]{4}.[0-9]{2}.[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2} =~=~=~=~=~=~=~=~=~=~=~=/

		# Telnet
		if @body =~ /^Connected to ([^\s]+)[\s]+Escape character is '\^\]'/
			modules=@body.scan(/^Connected to ([^\s]+)[\s]+Escape character is '\^\]'/)
			m << {:module=>modules}
		end

		# SSH
		if @body =~ /^([0-9a-zA-Z\-\.\@_]+)'s password:/
			modules=@body.scan(/^([0-9a-zA-Z\-\.\@_]+)'s password:/)
			m << {:module=>modules}
		elsif @body =~ /^login as: ([0-9a-zA-Z\-\._]+)/
			modules=@body.scan(/^login as: ([0-9a-zA-Z\-\._]+)/)
			m << {:module=>modules}
		end

		if @body =~ /^Event Log: Writing new session log \(SSH packets mode\) to file: /
			if @body =~ /^Event Log: Looking up host "([^\"]+)"/
				account=@body.scan(/^Event Log: Looking up host "([^\"]+)"/)
				m << {:account=>account}
			end
			if @body =~ /^Event Log: Server version:[\s]+([^\s]+)/
				version=@body.scan(/^Event Log: Server version:[\s]+([^\s]+)/)
				m << {:version=>version}
			end
		end

	end

	m

end

end