-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathfast
71 lines (59 loc) · 3.2 KB
/
fast
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/bin/bash
# FAST
# Forensic Analyser Scan Toolkit - From command line
# License: GPL v2 or later
# Author: Aurelien DESBRIERES - aurelien@hackers.camp
# https://github.com/aurelien-git/FAST
fast() # make the software run as a function
{
tput clear # clear the terminal
printf "\n\033[1;32mWelcome to FAST - Forensic Analyser Scan Toolkit\033[0m\n"
printf "\033[1;32mFAST need you to use the sudo command to run\033[0m\n"
printf "\033[1;32mFAST will run during more than one hour need you to use the sudo command to run\033[0m\n"
# command
the_user=`whoami`
the_machine=`hostname`
ip=`ip a | grep inet | grep 192`
network=`ip addr show | awk '/inet.*brd/{print $NF; exit}'`
# Network Analysis
## Network Interface Analysis
### print hostname of the current machine
printf "\n\033[1;32mYour hostname is:\033[0m $the_machine\n" | tee -a /home/$the_user/FAST/fast-report-$the_user-hostname
### print IP of the machine
printf "\033[1;32mYour IP is:\033[0m $ip\n" | tee -a /home/$the_user/FAST/fast-report-$the_user-IP
### Searching name of the active interface
printf "\033[1;32mHere is your network interface:\033[0m $network\n\n"
### search available network arround
printf "\n\033[1;32mFAST will now look for available network around you (if you use wifi)\033[0m\n"
printf "\033[1;32mHere is the list of available network arround you $the_user\033[0m\n"
sudo iw $network scan | awk -f scan.awk | tee -a /home/$the_user/FAST/fast-report-network-list
### catching wifi network arround
printf "\n\033[1;32mFAST will not get close information on networks\n(also if there is wifi network around you.)\033[0m\n"
printf "\033[1;32mCloser information on that wifi network around:\033[0m\n"
sudo iwlist $network s | grep 'ESSID\|IEEE' | tee -a /home/$the_user/FAST/fast-report-network-arround-$the_user
## Network Traffic Analysis
### scan active connection
printf "\n\033[1;32mscanning active Internet connections from $the_user\033[0m\n"
sudo netstat -natpe | tee -a /home/$the_user/FAST/fast-report-$the_user-active-Internet-connections
### print neighborwood
printf "\n\033[1;32mThere is different machine in your network:\033[0m\n"
ip neighbor | tee -a /home/$the_user/FAST/fast-report-$the_user-neighborwood
### Load traffic analysis
printf "\n\033[1;32mAnalysing now your traffic that will take 5 minutes\033[0m\n"
printf "\033[1;32mLoading traffic analysis:\033[0m\n"
sudo iftop -i $network -ts 300 | tee -a /home/$the_user/FAST/fast-report-traffic-analysis # 300 number of second of analysis
# Settings and Hardware Analysis
## Firewall analysis
### print firewall rules
firewall=`sudo iptables -L`
printf "\n\033[1;32mYour firewall rules are:\033[0m\n$firewall\n" | tee -a /home/$the_user/FAST/fast-report-$the_user-firewall
## Virus analysis
### scan all type of filesystem
printf "\n\033[1;32mScanning against virus will take more than one hour\033[0m\n"
virusscan=`sudo freshclam && sudo clamscan -ri --log=clam-log --cross-fs=yes /`
printf "\033[1;32mResult of the virus scan:\033[0m\n$virusscan\n" | tee -a /home/$the_user/FAST/fast-report-$the_user-virus
## Log analysis
### list all log of the machin
printf "\n\033[1;32mList of all your log on $hostname:\033[0m\n"
sudo ls -lait /var/log/ | tee -a /home/$the_user/FAST/fast-report-log-list-of-$the_machine
}