IRCP

- information gathering tool for irc servers
git clone git://git.acid.vegas/IRCP.git
Log | Files | Refs | Archive | README | LICENSE

commit abc8150ddf81697b1811ec5cd44d2a2a3e6d8abb
parent ab7062537a1b369c1d798007031664a8bc5de653
Author: acidvegas <acid.vegas@acid.vegas>
Date: Fri, 26 May 2023 17:57:53 -0400

Added a parser for searching logs with ease

Diffstat:
MREADME.md | 4+---
Aparser.py | 61+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

2 files changed, 62 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
@@ -89,10 +89,8 @@ All of the raw data from a server is logged & stored. The categories below are s
 ## Todo
 * Capture `IRCOPS` & `STATS p` command outputs
 * Built in identd
-* Checking for IPv6 availability *(Need to find the server DNS, link names are not required to have DNS entries)*
+* Checking for IPv6 availability *(SSL= in 005 responses may help verify IPv6)*
 * Random nick changes for stealth on larger networks
-* Create a helper script for parsing logs & generating statistics on data
-* Parse only certain information for numerics to cut down on log sizes *(Important for scaling)*
 
 ## Mirrors
 - [acid.vegas](https://git.acid.vegas/ircp)

diff --git a/parser.py b/parser.py
@@ -0,0 +1,60 @@
+#!/usr/bin/env python
+# ircp logs parser - developed by acidvegas in python (https://git.acid.vegas/ircp)
+
+import json
+import os
+import sys
+
+def parse(line, raw): # TODO: finish adding custom outputs for certain fields
+	if not raw:
+		args    = line.split()
+		numeric = args[1]
+		data    = ' '.join(args[3:])
+		if data[:1] == ':':
+			data = data[1:]
+		if numeric == '001' and len(args) >= 7 and data.lower().startswith('welcome to the '):
+			return args[6]
+		elif numeric == '002' and len(line.split('running version ')) == 2:
+			return line.split('running version ')[1]
+		elif numeric == '003':
+			check = [item for item in ('This server was cobbled together ','This server was created ','This server has been started ','This server was last re(started) on ','This server was last (re)started on ') if data.startswith(item)]
+			if check:
+				return data.replace(check[0],'')
+		elif numeric == '004' and len(args) >= 5:
+			return args[4]
+		elif numeric == '005':
+			return data.split(' :')[0]
+		elif numeric == '006':
+			while data[:1] in ('-','|',' ','`'):
+				data = data[1:]
+			return data.split()[0]
+	return line if raw else data
+
+# Main
+if len(sys.argv) >= 2:
+	check  = sys.argv[1]
+	raw    = True
+	if len(sys.argv) == 3:
+		if sys.argv[2] == 'clean':
+			raw = False
+	logs  = os.listdir('logs')
+	found = 0
+	for log in logs:
+		with open('logs/'+log) as logfile:
+			data = json.loads(logfile.read())
+			if check in data:
+				found += 1
+				data = data[check]
+				if type(data) == str:
+					print(parse(data, raw))
+				elif type(data) == list:
+					for item in data:
+						print(parse(item, raw))
+			else:
+				print(f'error: \'{check}\' is an invalid or missing field')
+				break
+	print(f'\nFound {found} results in {len(logs)} logs')
+else:
+	print('usage: python parser.py <field> [clean]\n')
+	print('       <field> may be any item in the snapshots (001, NOTICE, 464, etc)')
+	print('       [clean] may be optionally used to display a cleaner output')
+\ No newline at end of file