-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCorrelated-Search.sh
90 lines (71 loc) · 3.18 KB
/
Correlated-Search.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# A little reverse engineering tool for using ripgrep to do correlative searches.
# Copyright (C) 2024 Simon Carlson-Thies
# This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
# You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
#! /bin/bash
usage() {
cat <<EOF
Usage: $(basename "$0") [OPTIONS]
A tool for reverse engineering. Specify multiple searches and then using ripgrep correlate those searches to
find all files that contain all of those terms. This tool is built off of ripgrep so be sure you have that.
NOTE
This tool will not work with regex searches. Additionally the ripgrep options are -luuui statically defined.
Furthermore, there is no real progress output so this may take a while and show no evidence that it is working.
Options:
-r <path_to_ripgrep> Path to the ripgrep binary. (Required)
-p <path_to_search> Directory path to search within. WITHOUT the trailing / or * (Required)
-s '<searches>' Comma-separated list of search terms. (Required)
Example: 'term1, term2' BE SURE: to quote strings with spaces.
-o <output_file> Path to the output file where results will be saved. (Required)
-h Display this help message and exit.
Examples:
$(basename "$0") -r "/usr/local/bin/" -p /home/user/documents -s 'foo, bar, baz' -o ~/Desktop/output.txt
This command searches for files in '/home/user/documents' containing all terms 'foo', 'bar', and 'baz',
and writes the list of matching files to '~/Desktop/output.txt'.
EOF
exit 1
}
while getopts 'r:p:s:o:h' OPTION; do
case "$OPTION" in
r)
rgPath="$OPTARG"
;;
p)
sPath="$OPTARG"
;;
s)
search="$OPTARG"
;;
o)
output="$OPTARG"
;;
h)
usage
;;
*)
usage
;;
esac
done
if [[ ! -e "$rgPath" ]]
then
echo "Couldn't find ripgrep at this path."
exit 1
fi
if [[ ! $(echo "$rgPath" | grep -E '/$') ]]
then
rgPath=$(echo "${rgPath}/")
fi
# Convert the search terms to an array we can loop over.
IFS=',' read -r -a searchArray <<< "$search"
for s in "${searchArray[@]}"
do
"${rgPath}"rg -luuui "$s" "${sPath}"/* >> /tmp/searchesInitial.txt
done
#cat "/tmp/searchesInitial.txt" | sort | uniq -d >> "$output"
# Obtains the duplicated results that are greater or equal to the number of items in the array. This is what gives us the results that are applicable to all search terms.
cat "/tmp/searchesInitial.txt" | sort | uniq -c | awk -v reps="${#searchArray[@]}" '$1 >= reps {print $2}' >> "$output"
#cat "/tmp/searchesInitial.txt" | awk -v reps="${#searchArray[@]}" '{ count[$0]++ } END { for (file in count) if (count[file] >= reps) print file }' > "$output"
rm "/tmp/searchesInitial.txt"
exit 0