-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathcustom.aliases.bash
68 lines (62 loc) · 3.82 KB
/
custom.aliases.bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
alias ls="ls -hp"
alias ll='ls -halp'
alias grep="grep"
alias egrep="egrep"
alias gc="git commit -S -v"
alias gcm="git commit -S -v -m"
alias sudo="sudo -E"
# Commit and push everything
gitdone() { git add -A; git commit -S -v -m "$1"; git push; }
# Analyst stuff
alias bro-column="sed \"s/fields.//;s/types.//\" | column -s $'\t' -t"
alias bro-awk='awk -F" "'
bro-grep() { grep -E "(^#)|$1" $2; }
bro-zgrep() { zgrep -E "(^#)|$1" $2; }
topcount() { sort | uniq -c | sort -rn | head -n ${1:-10}; }
colorize() { sed 's/#fields\t\|#types\t/#/g' | awk 'BEGIN {FS="\t"};{for(i=1;i<=NF;i++) printf("\x1b[%sm %s \x1b[0m",(i%7)+31,$i);print ""}'; }
cm() { cat $1 | sed 's/#fields\t\|#types\t/#/g' | awk 'BEGIN {FS="\t"};{for(i=1;i<=NF;i++) printf("\x1b[%sm %s \x1b[0m",(i%7)+31,$i);print ""}'; }
lesscolor() { cat $1 | sed 's/#fields\t\|#types\t/#/g' | awk 'BEGIN {FS="\t"};{for(i=1;i<=NF;i++) printf("\x1b[%sm %s \x1b[0m",(i%7)+31,$i);print ""}' | less -RS; }
topconn() { if [ $# -lt 2 ]; then echo "Usage: topconn {resp|orig} {proto|service} {tcp|udp|icmp|http|dns|ssl|smtp|\"-\"}"; else cat conn.log | bro-cut id.$1_h $2 | grep $3 | topcount; fi; }
fields() { grep -m 1 -E "^#fields" $1 | awk -vRS='\t' '/^[^#]/ { print $1 }' | cat -n ; }
toptalk() { for i in *.log; do echo -e "$i\n================="; cat $i | bro-cut id.orig_h id.resp_h | topcount 20; done; }
talkers() { for j in tcp udp icmp; do echo -e "\t=============\n\t $j\n\t============="; for i in resp orig; do echo -e "====\n$i\n===="; topconn $i proto $j | column -t; done; done; }
toptotal() { if [ $# -lt 3 ]; then echo "Usage: toptotal {resp|orig} {orig_bytes|resp_bytes|duration} conn.log"; else
zcat $3 | bro-cut id.$1_h $2 \
| sort \
| awk '{ if (host != $1) { \
if (size != 0) \
print $1, size; \
host=$1; \
size=0 \
} else \
size += $2 \
} \
END { \
if (size != 0) \
print $1, size \
}' \
| sort -rnk 2 \
| head -n 20; fi; }
topconvo() { if [ $# -lt 1 ]; then echo "Usage: topconvo conn.log"; else
zcat $1 | bro-cut id.orig_h id.resp_h orig_bytes resp_bytes \
| sort \
| awk '{ if (host != $1 || host2 != $2) { \
if (size != 0) \
print $1, $2, size; \
host=$1; \
host2=$2; \
size=0 \
} else \
size += $3; \
size += $4 \
} \
END { \
if (size != 0) \
print $1, $2, size \
}' \
| sort -rnk 3 \
| head -n 20; fi; }
# Use ssht to open tmux automatically for ssh sessions
function ssht(){
ssh $* -t 'tmux a || tmux || /bin/bash'
}