Archives For Shell Scripts

A couple weeks ago I blogged about my downloadOTX.sh script, which automates the collection of AlienVault OTX reports.  I hadn’t used this script in about a week, so I was surprised to see some 404 errors this morning:

[code]
$ ./downloadOTX.sh 62.141.45.205
–2015-03-09 10:47:29– http://www.alienvault.com/apps/api/threat/pdf/?ip=62.141.45.205
Resolving www.alienvault.com (www.alienvault.com)… 64.62.160.26
Connecting to www.alienvault.com (www.alienvault.com)|64.62.160.26|:80… connected.
HTTP request sent, awaiting response… 301 Moved Permanently
Location: https://www.alienvault.com/apps/api/threat/pdf/?ip=62.141.45.205 [following]
–2015-03-09 10:47:29– https://www.alienvault.com/apps/api/threat/pdf/?ip=62.141.45.205
Connecting to www.alienvault.com (www.alienvault.com)|64.62.160.26|:443… connected.
HTTP request sent, awaiting response… 404 NOT FOUND
2015-03-09 10:47:30 ERROR 404: NOT FOUND.
[/code]

Continue Reading…

One of the least glamorous parts of network security is capturing information on Internet hosts that exhibit malicious intent.  Here is a script that I’ve created to help automate the process of collecting AlienVault’s Open Threat Exchange (OTX) reports:

[code language=”bash”]#!/usr/bin/sh
#
# downloadOTX.sh
#
# This script uses AlienVault’s Open Threat Exchange (OTX) to download a PDF
# containing the IP reputation of the IP Addresses provided.
#
# USAGE:
# $ ./downloadOTX.sh 1.2.3.4
# $ ./downloadOTX.sh 1.2.3.4 1.2.3.5 1.2.3.6 etc.
#

# Set path to save files:
path=/Downloads/

# Set filename prefix and/or suffix:
prefix=
suffix=\_otx.pdf

for args in "$@"
do
wget http://www.alienvault.com/apps/api/threat/pdf/?ip=$args -O $path$prefix$args$suffix
done[/code]

Continue Reading…

One of the least glamorous parts of network security is capturing information on Internet hosts that exhibit malicious intent.  Here is a script that I’ve created to help automate the process of collecting WHOIS information:

[code language=”bash”]#!/usr/bin/sh
#
# downloadWHOIS.sh
#
# This script uses native whois command to return the WHOIS information
# of the IP Addresses provided.
#
# USAGE:
# $ ./downloadWHOIS.sh 1.2.3.4
# $ ./downloadWHOIS.sh 1.2.3.4 1.2.3.5 1.2.3.6 etc.
#

# Set path to save files:
path=/Downloads/

# Set filename prefix and/or suffix:
prefix=
suffix=\_whois.txt

for args in "$@"
do
whois $args > $path$prefix$args$suffix
done
[/code]

Continue Reading…