ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Gurls"

From ForensicsWiki
Jump to: navigation, search
(Created page with "Gruls is a bash script and is short for grep urls. #!/bin/bash protocol="(ftp|http|https|gopher|mailto|pop|smtp|news|nntp|telnet|whois|file|imap|prospero|peercast|ed2k|irc|...")
 
Line 1: Line 1:
Gruls is a bash script and is short for grep urls.
+
Gruls is a bash script and is short for grep urls :
  
 
  #!/bin/bash
 
  #!/bin/bash
Line 21: Line 21:
 
  fi
 
  fi
 
  ) | sed 's;/$;;g'
 
  ) | sed 's;/$;;g'
 +
 +
 +
Once saved in /usr/local/bin/gurls and made ​​executable, gurls can be used like this :
 +
 +
root@forensic# gurls a.file an.other.file
 +
http://www.forensicswiki.org
 +
 +
root@forensic# strings /mnt/forensic/partition/pagefile.sys | gurls | sort | uniq -c | sort -n
 +
      10 http://www.forensicswiki.org
 +
 +
root@forensic# strings /dev/sdb1 | gurls > /tmp/urls

Revision as of 21:05, 19 May 2013

Gruls is a bash script and is short for grep urls :

#!/bin/bash
protocol="(ftp|http|https|gopher|mailto|pop|smtp|news|nntp|telnet|whois|file|imap|prospero|peercast|ed2k|irc|aim|mime|ftam|pnm|rtsp|ldap)"
ip="([1-9][0-9]?|1[0-9]{2}|2[0-4][0-9]|25[0-4])\.((0|[1-9][0-9]?|1[0-9]{2}|2[0-4][0-9]|25[0-4])\.){2}([1-9][0-9]?|1[0-9]{2}|2[0-4][0-9]|25[0-4])"
fqdn="(\w(-?\w+)*\.)+[a-z]{2,}"
host="(${ip}|${fqdn})"
port="(:[0-9]+)?"
urlregexp="${protocol}://${host}${port}/?"

(
if [ "$1" ]
then
	while [ "$1" ]
	do
		egrep -o "$urlregexp" "$1"
		shift
	done
else
	egrep -o "$urlregexp" /dev/stdin
fi
) | sed 's;/$;;g'


Once saved in /usr/local/bin/gurls and made ​​executable, gurls can be used like this :

root@forensic# gurls a.file an.other.file
http://www.forensicswiki.org
root@forensic# strings /mnt/forensic/partition/pagefile.sys | gurls | sort | uniq -c | sort -n
     10 http://www.forensicswiki.org
root@forensic# strings /dev/sdb1 | gurls > /tmp/urls