Difference between revisions of "Hacker Term Search"
From James Dooley's Wiki
(→Script) |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | [[Category:One Liners]] | ||
==Overview== | ==Overview== | ||
Simple find statement coupled with a grep statement. Will return path of any file containing these terms. | Simple find statement coupled with a grep statement. Will return path of any file containing these terms. | ||
| Line 5: | Line 6: | ||
==Script== | ==Script== | ||
| − | < | + | <source lang='bash'> |
find /home*/ -type f -name "*.htm*" -print0 -o -type f -name "*.php" -print0 | xargs -0 grep -il "hacked by\|script kitten" >> /home/malware_hits.txt | find /home*/ -type f -name "*.htm*" -print0 -o -type f -name "*.php" -print0 | xargs -0 grep -il "hacked by\|script kitten" >> /home/malware_hits.txt | ||
| − | </ | + | </source> |
==What to change== | ==What to change== | ||
Latest revision as of 14:27, 25 March 2014
Overview
Simple find statement coupled with a grep statement. Will return path of any file containing these terms.
Script
find /home*/ -type f -name "*.htm*" -print0 -o -type f -name "*.php" -print0 | xargs -0 grep -il "hacked by\|script kitten" >> /home/malware_hits.txt
What to change
Change the terms in the grep statement.
Hacked by is the most common, Kittens use the same terms on all of their pages. No need to be original.
Additional terms can be added if looking for a specific hacker group.
