Difference between revisions of "Hacker Term Search"
From James Dooley's Wiki
(Created page with "==Overview== Simple find statement coupled with a grep statement. Will return path of any file containing these terms. ==Script== <code>[bash,n] find /home*/ -type f -name "*...") |
(→Script) |
||
| Line 6: | Line 6: | ||
<code>[bash,n] | <code>[bash,n] | ||
| − | find /home*/ -type f -name "*.htm*" -o -type f -name "*.php" -print0 | xargs -0 grep -il "hacked by\|script kitten" >> malware_hits.txt | + | find /home*/ -type f -name "*.htm*" -print0 -o -type f -name "*.php" -print0 | xargs -0 grep -il "hacked by\|script kitten" >> /home/malware_hits.txt |
</code> | </code> | ||
Revision as of 19:43, 26 November 2011
Overview
Simple find statement coupled with a grep statement. Will return path of any file containing these terms.
Script
[bash,n]
find /home*/ -type f -name "*.htm*" -print0 -o -type f -name "*.php" -print0 | xargs -0 grep -il "hacked by\|script kitten" >> /home/malware_hits.txt
What to change
Change the terms in the grep statement.
Hacked by is the most common, Kittens use the same terms on all of their pages. No need to be original.
Additional terms can be added if looking for a specific hacker group.
