Difference between revisions of "Gurls"

From ForensicsWiki
Jump to: navigation, search
Line 32: Line 32:
  
 
  root@forensic# strings /dev/sdb1 | gurls > /tmp/urls
 
  root@forensic# strings /dev/sdb1 | gurls > /tmp/urls
 +
 +
{{Linux}}

Revision as of 17:15, 19 May 2013

Gruls is a bash script and is short for grep urls :

#!/bin/bash
protocol="(ftp|http|https|gopher|mailto|pop|smtp|news|nntp|telnet|whois|file|imap|prospero|peercast|ed2k|irc|aim|mime|ftam|pnm|rtsp|ldap)"
ip="([1-9][0-9]?|1[0-9]{2}|2[0-4][0-9]|25[0-4])\.((0|[1-9][0-9]?|1[0-9]{2}|2[0-4][0-9]|25[0-4])\.){2}([1-9][0-9]?|1[0-9]{2}|2[0-4][0-9]|25[0-4])"
fqdn="(\w(-?\w+)*\.)+[a-z]{2,}"
host="(${ip}|${fqdn})"
port="(:[0-9]+)?"
urlregexp="${protocol}://${host}${port}/?"

(
if [ "$1" ]
then
	while [ "$1" ]
	do
		egrep -o "$urlregexp" "$1"
		shift
	done
else
	egrep -o "$urlregexp" /dev/stdin
fi
) | sed 's;/$;;g'


Once saved in /usr/local/bin/gurls and made ​​executable, gurls can be used like this :

root@forensic# gurls a.file an.other.file
http://www.forensicswiki.org
root@forensic# strings /mnt/forensic/partition/pagefile.sys | gurls | sort | uniq -c | sort -n
     10 http://www.forensicswiki.org
root@forensic# strings /dev/sdb1 | gurls > /tmp/urlsLinux