-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlogshell
executable file
·91 lines (76 loc) · 3.06 KB
/
logshell
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/bin/bash
## Function that will check if a shell connection has been made so that logging can start.
check_connection() {
local command="$2"
# Check if the command contains "ssh"...
if [[ $command == *"ssh"* ]]; then
# if so, get IP / hostname from the command itself.
target=$(echo "$command" | grep -oP '(?<=@)[^\s]+')
client='SSH'
return 0
fi
# Checks for Ncat connection string...
if [[ $1 =~ Ncat:\ Connection\ from\ .* ]]; then
target=$(echo "$1" | grep -oE "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | tail -1)
client='Ncat'
return 0
fi
# No connection was made.
return 1
}
# Removes any unwanted characters from a user input line.
clean_line() {
local str="$1"
# Cleans line of ^M (new line) characters.
str=$(echo "$str" | sed 's/\r//g')
# This loop cleans up backspaces in user input, so we only log the final characters without the ^H clutter.
local result=""
for ((i=0; i<${#str}; i++)); do
local char="${str:$i:1}"
if [ "$char" = $'\x08' ]; then
result="${result%?}"
else
result+="$char"
fi
done
echo "$result"
}
# Intructiosn on how to use the program alongisde netcat.
if [ "$#" -lt 1 ]; then
echo "Usage: logshell <netcat command>"
exit 1
fi
# Directory where log files will be stored.
# You can customize this as needed.
LOGDIR="/tmp"
connection_established=false
client=''
target=''
# Records the session output and simultaneously processes it line by line.
script -q -c "$*" /tmp/record.log | tee >(while IFS= read -r line; do
# Waits until a connection is established to start logging.
if ! $connection_established && check_connection "$line" "$*"; then
# Set log file location.
log_file="$LOGDIR/$target.log"
# Check if the file exists and if we don't have write permissions...
if [ -e "$log_file" ] && ! [ -w "$log_file" ]; then
# If log file exists but we can't write to it, print error and don't log.
echo "Error: Log file already exists but you don't have write permissions on it. Perhaps you previously used LogShell with sudo?"
echo "Session is NOT being logged. Either delete log file at $log_file or grant write permissions."
echo
continue
fi
# Will start logging now.
connection_established=true
# Writes a header indicating the start of a new session along with a timestamp.
echo "=============================================================" >> "$log_file"
echo "Shell session via $client initiated at: $(date +"%Y-%m-%d %T")" >> "$log_file"
echo "=============================================================" >> "$log_file"
continue
elif $connection_established; then
# Cleans line before logging it alonside the timestamp.
line=$(clean_line "$line")
echo "($(date +"%T")) $line" >> "$log_file"
fi
# Removes the temporary output file after the session is done.
done; rm /tmp/record.log)