parser_kippo.sh

#!/bin/bash
#Script para parsear el log de Kippo
#Marc Rivero Lopez
#mriverolopez@gmail.com
#Twitter: @seifreed

#Fecha de parseo

echo "Fecha de parseo de logs" >> report.txt
date >> kippo_report.txt
cat *kippo* >> kippo.md5 && md5sum kippo.md5 >> report.txt
echo "[+] Calculando MD5 del log final"
echo "[+] Done!"
rm kippo.md5

#Extraer los logons fallidos
echo "[+] Calculando la cantidad de logons fallidos"
echo "[+] Done!"
echo "Cantidad de logons fallidos:" >> report.txt 
cat *kippo* | awk '/failed/ { print $5 }' | grep -v on | wc -l >> report.txt
cat *kippo* | awk '/failed/ { print $5 }' | grep -v on | wc -l >> logons_fallidos.txt
echo "[+] Done!"

#Extraer las Ip's implicadas
echo "[+]Extrayendo IP's implicadas"
echo "Lista de Ip's implicadas:" >> report.txt 
cat *kippo* | awk '/HoneyPotTransport/ { print $3 }' | cut -d "," -f3 | grep -v SSH | cut -d "]" -f1 | sort -u >> report.txt
cat *kippo* | awk '/HoneyPotTransport/ { print $3 }' | cut -d "," -f3 | grep -v SSH | cut -d "]" -f1 | sort -u >> listado_ip.txt
echo "[+] Done!"

#Extraer lista de usuarios y passwords usados
echo "[+]Extrayendo usuarios y passwords usados"
echo "Lista de usuarios y passwords usados:" >> report.txt
cat *kippo* | awk '/attempt/ { print $9 }' | cut -d "[" -f2 | cut -d "]" -f1 | sort -u >> report.txt
cat *kippo* | awk '/attempt/ { print $9 }' | cut -d "[" -f2 | cut -d "]" -f1 | sort -u >> credenciales.txt
echo "[+] Done!"