-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathmain.go
99 lines (81 loc) · 2.5 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package main
import (
"bufio"
"encoding/json"
"flag"
"fmt"
"os"
"regexp"
"strconv"
"strings"
)
func main() {
inputFile := flag.String("inputFile", "default", "Required - Path to ad.trace file")
outputDir := flag.String("outputDir", ".", "Directory to write output to.")
flag.Parse()
if *inputFile == "default" {
fmt.Println("[+] ERROR inputFile was not provided")
os.Exit(1)
}
logreg := `^\s+(?P<loglevel>[^\s]+)\s(?P<datetime>[\d-]+\s[\d:\.]+)\s+(?P<appname>\w+)\s+(?P<threadname>[a-z][^\s]+)?\s+(?P<pid>\d+)\s+(?P<threadid>\d+)\s+(?P<fiberid>\d+)?\s+(?P<functionname>[^\s]+)\s+-(?P<message>.+)`
logre := regexp.MustCompile(logreg)
file, err := os.Open(*inputFile)
if err != nil {
fmt.Println(err)
os.Exit(1)
}
defer file.Close()
fileScanner := bufio.NewScanner(file)
fileScanner.Split(bufio.ScanLines)
var ads AnydeskSession
for fileScanner.Scan() {
match := logre.FindStringSubmatch(fileScanner.Text())
if len(match) == 0 {
continue
}
le := make(map[string]interface{})
for i, name := range logre.SubexpNames() {
if i != 0 {
switch name {
case "pid", "fiberid", "threadid":
le[name], _ = strconv.Atoi(match[i])
default:
le[name] = strings.TrimSpace(match[i])
}
}
}
jsonbody, _ := json.Marshal(le)
leS := LogEntry{}
json.Unmarshal(jsonbody, &leS)
leS.parseFunction(&ads)
if ads.SessionStart && leS.FunctionName != "main" {
ads.LogEntries = append(ads.LogEntries, leS)
}
if ads.SessionEnd {
if len(ads.FileTransfer) > 0 {
fmt.Printf("[+] INFO File transfer occured in Session: %d\n", ads.SessionId)
}
if len(ads.TextCopied) > 0 {
fmt.Printf("[+] INFO Text coping occured in Session: %d\n", ads.SessionId)
}
// ads.printSession()
ads.saveSession(*outputDir)
if !ads.SessionStart {
fmt.Println("[+] WARNING Found session need before finding a session begin.")
fmt.Println("[+] WARNING This could be because of rolled logs or parsing errors.")
}
ads = AnydeskSession{}
}
}
if ads.SessionStart && !ads.SessionEnd {
fmt.Println("[+] WARNING Found Session start but didn't find the end of the session before finish reading hte file.")
fmt.Println("[+] WARNING This could be because of on going connection when pulling the logs or parsing errors.")
if len(ads.FileTransfer) > 0 {
fmt.Printf("[+] INFO File transfer occured in Session: %d\n", ads.SessionId)
}
if len(ads.TextCopied) > 0 {
fmt.Printf("[+] INFO Text coping occured in Session: %d\n", ads.SessionId)
}
ads.printSession()
}
}