Friday, March 16, 2007

Interesting Java Related Scripting languages

While I was searching for digital forensics and honeynets I started looking for an automated way to do administrative tasks.

However , I wanted scripting shell that would be object oriented(at least for most of my tasks) , ideally would provide me direct access to the core Java API and would give me all the shell power that i needed.

The first choice that popped up was the linux shell (not object oriented though )which is powerful. However as I said before my preference laid upon a java like shell.

First I found jsh , haven't tried it yet.
Then I found out jython a powerful java - python bridge (which I found out to nearly what I wanted) and also found very useful in many occasions and last but not least I found the One that it is my favourite the Java Bean Shell.

You can execute scripts from the command line like you would execute any other shell script.

Here is an example that lists log files in pcap directory and passes all files recursively to honeysnap for further analysis



script name : list.sh
#!/usr/bin/env bsh //indicates the shell to be used


java.io.File homedir = new
java.io.File(System.getProperties().getProperty("user.home")); //get the user home dir
hdir = homedir.getAbsolutePath()+"/pcapLogAnalysis";
mhdir="mkdir "+hdir; //string concat

exec(mhdir); //create subdir
if (bsh.args.length == 0) { //check for commandline arguments
hSnapParm = "--all-flows";
}
else {
hSnapParm = bsh.args[0];
}
java.io.File pcaps = new java.io.File("/var/log/pcap"); //default pcap dir
java.io.File[] pcapdirs = pcaps.listFiles();// get files & directories
for ( eachpcapdir : pcapdirs ) { //for each pcap dir
java.io.File[] logs = eachpcapdir.listFiles(); //list log files
for ( eachlog : logs ) { //for each log
if (eachlog.getAbsolutePath().endsWith("log")){
java.io.File parent = new
java.io.File(eachlog.getParent());
exec("mkdir "+parent.getAbsolutePath());

cmd="honeysnap -H10.0.0.10,10.0.0.20 "+
hSnapParm+" "+
eachlog.getAbsolutePath()+ " -o "+hdir+"/"+parent.getName()+" -f "+hdir+"/"+parent.getName()+"/analysis.txt";
exec(cmd);
print(cmd);
}
}
}
exec("tar -cjf "+homedir.getAbsolutePath()+"/analysis.tar.bz2 "+homedir.getAbsolutePath()+"/pcapLogAnalysis -C "+homedir.getAbsolutePath());

Posted by nanoagent at 8:08 AM

Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)