forked from donfranke/domainparser
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.go
130 lines (113 loc) · 2.81 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
// IP Address Parser
// Created by Don Franke
// This takes a list of domains/URLs/URIs and formats them into a Splunk proxy log search.
package main
import (
"bufio"
"bytes"
"flag"
"fmt"
"io"
"log"
"os"
"regexp"
"strings"
)
// Read a whole file into the memory and store it as array of lines
func readLines(path string) (lines []string, err error) {
var (
file *os.File
part []byte
prefix bool
)
if file, err = os.Open(path); err != nil {
return
}
defer file.Close()
reader := bufio.NewReader(file)
buffer := bytes.NewBuffer(make([]byte, 0))
for {
if part, prefix, err = reader.ReadLine(); err != nil {
break
}
buffer.Write(part)
if !prefix {
lines = append(lines, buffer.String())
buffer.Reset()
}
}
if err == io.EOF {
err = nil
}
return
}
func main() {
// get filename from comamnd line
filename := flag.String("u", "", "Name of URLs File")
includewww := flag.String("www", "", "Indicate (Y/N) whether or not to include a www. version of the domain in the results")
flag.Parse()
if *filename == "" || *includewww == "" {
log.Fatal("EXECUTION HALTED: Not enough arguments supplied. Usage:\n" + showUsage())
}
// read file
lines, err := readLines(*filename)
if err != nil {
log.Fatal("ERROR: %s\n", err)
}
// display contents
var spl string
var url string
spl = "index=proxy ("
var i = 0
for _, line := range lines {
line = strings.Trim(line, " ")
if line == "" {
continue
}
url = line
// de-sanitize value
r := regexp.MustCompile(`\[[\.\,]\]`)
url = r.ReplaceAllString(url, ".")
// remove quotes and double quotes
r = regexp.MustCompile(`[\"\'"]`)
url = r.ReplaceAllString(url, "")
// remove string preceeding ://
r = regexp.MustCompile(`\w*:\/\/`)
url = r.ReplaceAllString(url, "")
// remove [dot]
r = regexp.MustCompile(`\[dot\]`)
url = r.ReplaceAllString(url, ".")
// remove leading arrows
r = regexp.MustCompile(`-->`)
url = r.ReplaceAllString(url, "")
// remove uri stuff
r = regexp.MustCompile(`\/.+`)
url = r.ReplaceAllString(url, "")
// remove domain:
r = regexp.MustCompile(`domain:\s`)
url = r.ReplaceAllString(url, "")
// trim whitespace
url = strings.Trim(url, " ")
if i == 0 {
spl += "dest_host=\"" + url + "\""
} else {
spl += " OR dest_host=\"" + url + "\""
}
if *includewww == "Y" {
spl += " OR dest_host=\"www." + url + "\""
}
i++
}
spl += ")"
fmt.Println(strings.Repeat("=", 30) + " SNIP " + strings.Repeat("=", 30))
fmt.Println(spl)
fmt.Println(strings.Repeat("=", 30) + " /SNIP " + strings.Repeat("=", 30))
}
func showUsage() string {
var message string
message = strings.Repeat("-", 75) + "\n"
message += "\t-u = path/file of URL file\n"
message += "\t-www = whether or not to include a www.[url] in results [Y/N]\n"
message += strings.Repeat("-", 75) + "\n"
return message
}