[英]Bash Script Passes Variable that is a Hex Number to a Perl Regex Search to Match MAC Address
我一直在撞牆,試圖找出我做錯了什么。 我的代碼當前是這樣的:
#!\bin\sh
read -p "Enter Third Octet Here " octet
perl -ne 'while(/[0-9A-F]{2}[:-][0-9A-F]{2}[:-]("$ENV{'$octet'}")[:-][0-9A-F]{2}[:-][0-9A-F]{2}[:-][0-9A-F]{2}(?=((\s)|(\/)))/ig){print "$&\n";}' manuf.txt
perl -ne 'while(/[0-9A-F]{2}[:-][0-9A-F]{2}[:-]("$ENV{'$octet'}")(?=((\s)|(\/)))/ig){print "$&\n";}' manuf.txt
我想做的是對照制造商查找列表確定MAC地址的第三個八位字節( https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=manuf ) 。 我希望腳本將變量55,B3,b3,FF傳遞給perl一線,然后將其插入MAC regex中,然后逐行打印匹配項。 到目前為止,如果沒有該變量,它將找到文件中的每個MAC地址,無論該地址用-或-表示,還是6個八位位組的字符串還是3個八位位組的字符串。 使用env變量,它什么也不返回。 我已經嘗試了一切,但似乎沒有任何效果。 我撞牆了
我還希望能夠基於第三和第四八位組進行第二場比賽,也能夠基於第三,第四和第五八位組進行第三場比賽,但這是遠未實現的目標
要將shell變量傳遞給Perl單行代碼,請使用-s
選項。 例如:
SOME_VAR=test
perl -se 'print $var' -- -var=$SOME_VAR
為什么不只在perl中做所有這些呢?
#!/usr/bin/env perl
use strict;
use warnings;
#get input
print "Enter third octet:\n";
chomp ( my $input = <> );
#open our file for reading.
open ( my $manuf, '<', 'manuf.txt') or die $!;
#iterate line by line
while (<$manuf>) {
#match instances of octets from the file, into $mac
my ($mac) = m/((?:[0-9a-fA-F]{2}[:-]?){3})/ or next;
#split it on 'nonwords' which means pretty much any delimiter.
#map {lc} lowercases the elements, this makes the whole thing case
#insensitive.
my @octets = map { lc } split /\W/, $mac;
#print if there's a match
print if $octets[2] eq lc $input;
}
close ( $manuf );
如果要匹配多個,則最簡單的方法是將輸入重新格式化為定界符盲注,然后使用regex
匹配。 像這樣:
$input =~ s/\W/:/g;
將輸入定界符轉換為:
不管有人給出什么。 因此您可以輸入:
00:00:0A
00-0A-00
00 0A-FF
然后,您可以在循環中進行匹配-而不是測試八位位組匹配,請使用正則表達式匹配:
while (<$manuf>) {
my ($mac) = m/^((?:[0-9a-fA-F]{2}[:-]?){3})/ or next;
my $reformatted_mac = join ":", map { lc } split /\W/, $mac;
print if $reformatted_mac =~ m/$input/;
}
現在,這使用的是正則表達式,因此實際上是子字符串匹配。 它也沒有固定,因此如果您“輸入”“ 0A”,則將字符串中的所有內容都匹配為0A
。
但是您可以改為:
print if $reformatted_mac =~ m/^$input/;
但是,隨后您將始終必須輸入“起始”八位位組。 (但是在那時也支持正則表達式輸入並不難)。
我的最終代碼最終被
#!\\bin\\sh #requires perl #requires manuf.txt available from wireshark #requires last 4 octets of mac address available from Ubertooth-scan #use responsibly and don't use for any unauthorized purposes #based in part on code from http://stackoverflow.com/questions/36119396/bash-script-passes-variable-that-is-a-hex-number-to-a-perl-regex-search-to-match?noredirect=1#comment59878958_36119396 read -p "Enter Third and Fourth and Fifth and Sixth Octet Here (AB:CD:EF:12) " STR octet6=$(echo $STR | cut -c 1-11) octet5=$(echo $STR | cut -c 1-8) octet4=$(echo $STR | cut -c 1-5) octet=$(echo $STR | cut -c 1-2) #Makes sure the manuf.txt file only contains ":" notation sed -i 's/-/:/ig' manuf.txt #third and fourth and fifth octet perl -nse 'print if /[0-9A-F]{2}[:][0-9A-F]{2}[:]$octet[:][0-9A-F]{2}[:][0-9A-F]{2}[:][0-9A-F]{2}(?=((\\s)|(\\/)))/ig' -- -octet=$octet5 manuf.txt perl -nse 'print if /[0-9A-F]{2}[:][0-9A-F]{2}[:]$octet(?=((\\s)|(\\/)))/ig' -- -octet=$octet5 manuf.txt #third and fourth octet perl -nse 'print if /[0-9A-F]{2}[:][0-9A-F]{2}[:]$octet[:][0-9A-F]{2}[:][0-9A-F]{2}[:][0-9A-F]{2}(?=((\\s)|(\\/)))/ig' -- -octet=$octet4 manuf.txt perl -nse 'print if /[0-9A-F]{2}[:][0-9A-F]{2}[:]$octet(?=((\\s)|(\\/)))/ig' -- -octet=$octet4 manuf.txt #Third octet. Kind of pointless bc it might generate hundreds or thousands of matches perl -nse 'print if /[0-9A-F]{2}[:][0-9A-F]{2}[:]$octet[:][0-9A-F]{2}[:][0-9A-F]{2}[:][0-9A-F]{2}(?=((\\s)|(\\/)))/ig' -- -octet=$octet manuf.txt perl -nse 'print if /[0-9A-F]{2}[:][0-9A-F]{2}[:]$octet(?=((\\s)|(\\/)))/ig' -- -octet=$octet manuf.txt #Trim things up and make them look neat and tidy sed -i -E 's/^([0-9A-F]{2}[:][0-9A-F]{2}[:][0-9A-F]{2}[:][0-9A-F]{2}[:][0-9A-F]{2}[:][0-9A-F]{2}).*/\\1/g' matches.txt sed -i -E 's/^([0-9A-F]{2}[:][0-9A-F]{2}[:][0-9A-F]{2})\\s.*/\\1/ig' matches.txt #Replace everything after the third octet with the rest of the Mac address for 6 octetc strings sed -i -E 's/^([0-9A-F]{2}[:][0-9A-F]{2}[:])[0-9A-F]{2}[:][0-9A-F]{2}[:][0-9A-F]{2}[:][0-9A-F]{2}/\\1'$octet6'/g' matches.txt #Replace everything after the third octet with the rest of the Mac address for 3 octetc strings sed -i -E 's/^([0-9A-F]{2}:[0-9A-F]{2}):[0-9A-F]{2}$/\\1:'$octet6'/g' matches.txt #Remove repeated strings sed -i '$!N; /^\\(.*\\)\\n\\1$/!P; D' matches.txt
雖然不漂亮,但是可以完成工作,並且可以創建對PoC代碼有用的匹配項列表
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.