-
Notifications
You must be signed in to change notification settings - Fork 0
/
GeoIpLocator.sh
executable file
·115 lines (90 loc) · 4.24 KB
/
GeoIpLocator.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#!/bin/bash
# ----------------------- DESCRIPTIVE INFORMATION ---------------------------------
#
# This script analyses your auth.log for failed attempts that hackers try to log
# into your SSH Server. This script needs sudo to run for reading your log files.
#
# ----------------------- DESCRIPTIVE INFORMATION ---------------------------------
#
# -------------------------- DECLARED VARIABLES -----------------------------------
#
# Gets the IP's from your auth.log file, change log file as necessary, user info
USER=pi
LOG=/var/log/auth.log*
IPS_OUTPUT=/home/$USER/GeoIpLocator/geoIP.txt
IPS_SORTED=/home/$USER/GeoIpLocator/sortedips.txt
IPS_COUNTRY=/home/$USER/GeoIpLocator/country.txt
IPS_INFO=/home/$USER/GeoIpLocator/IP_information.txt
#
# -------------------------- DECLARED VARIABLES -----------------------------------
#
#
#
# -------------------------------- FUNCTIONS --------------------------------------
#
# Function Banner - Alias art
function banner()
{
cat << "EOF"
██████╗ ███████╗ ██████╗ ██╗██████╗ ██╗ ██████╗ ██████╗ █████╗ ████████╗ ██████╗ ██████╗
██╔════╝ ██╔════╝██╔═══██╗██║██╔══██╗██║ ██╔═══██╗██╔════╝██╔══██╗╚══██╔══╝██╔═══██╗██╔══██╗
██║ ███╗█████╗ ██║ ██║██║██████╔╝██║ ██║ ██║██║ ███████║ ██║ ██║ ██║██████╔╝
██║ ██║██╔══╝ ██║ ██║██║██╔═══╝ ██║ ██║ ██║██║ ██╔══██║ ██║ ██║ ██║██╔══██╗
╚██████╔╝███████╗╚██████╔╝██║██║ ███████╗╚██████╔╝╚██████╗██║ ██║ ██║ ╚██████╔╝██║ ██║
╚═════╝ ╚══════╝ ╚═════╝ ╚═╝╚═╝ ╚══════╝ ╚═════╝ ╚═════╝╚═╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝
GeoIPLocator v1.0.0
Author: C0defire
EOF
}
# Function Main - Contains your main instructions
function main()
{
echo "Checking your $LOG files for failed attempts ..."
FAILED_ATTEMPTS=$(sudo cat /var/log/auth.log* | grep "Failed" | cat -n | awk '{ printf $1 "\n" }' | tail -1)
sudo cat $LOG | grep "Failed" | grep "invalid user" | awk '{ printf $13 "\n" }' > $IPS_OUTPUT
if [ ! -s $IPS_OUTPUT ]
then
echo
echo "------------------------------------------------------------"
echo "No intruders detected in $LOG"
echo "------------------------------------------------------------"
echo
else
echo ""
echo "A total of $FAILED_ATTEMPTS failed attempts were found, sorting common IPs ..."
echo ""
# Organize IPs by most common
cat $IPS_OUTPUT | sort | uniq -c > $IPS_SORTED
# Look up their country
for IP in `cat $IPS_SORTED | awk '{print $2}'`
do
echo "Checking GeoIP Location for $IP … "
curl -s http://ipinfo.io/$IP >> $IPS_COUNTRY
done
# Save the $IPS_COUNTRY information in this file
cat $IPS_COUNTRY > $IPS_INFO
# Output to user
echo ""
echo "================ COUNTRY OUTPUT ======================="
echo ""
sed -e 's/}{//g' -e 's/,//g' -e 's/{//' -e 's/}//' -e 's/"//g' $IPS_COUNTRY
sed -e 's/}{//g' -e 's/,//g' -e 's/{//' -e 's/}//' -e 's/"//g' $IPS_COUNTRY > $IPS_INFO
# Cleaning files
/bin/rm -rf $IPS_COUNTRY
/bin/rm -rf $IPS_SORTED
/bin/rm -rf $IPS_OUTPUT
echo ""
echo "======================================================="
fi
}
#
# -------------------------------- FUNCTIONS --------------------------------------
#
#
# ------------------------------ INSTRUCTIONS -------------------------------------
#
banner
main
#
# ------------------------------ INSTRUCTIONS -------------------------------------
#