此shell脚本代码可读取URL以基于扫描API 读取,扫描URL,IP,域这三行 它正在很好地阅读URL和IP
ScriptDir=$HomeDir/python
ResultDir=/home/kia/HTTPOutput/aut
ToDay=`date "+%Y%m%d"`
CheckDATE=`date "+%Y-%m-%d" --date '45 day ago'`
NOWDATE=`date "+%Y-%m-%d"`
AddCheckDate=$1
content=
while read buffer;
do
Check=$content$buffer;
if echo "${Check}" | grep -E "/" >/dev/null; then
URLName=`echo ${Check} | sed 's/\//-/g'`
echo ${Check}
python $ScriptDir/bin/panafapi.py -K --samples -j -r "{\"query\":{\"operator\":\"all\",\"children\":[{\"field\":\"sample.malware\",\"operator\":\"is\",\"value\":1},{\"field\":\"alias.url\",\"operator\":\"contains\",\"value\":\"$ResultFile\"},{\"field\":\"sample.create_date\",\"operator\":\"is in the range\",\"value\":[\"${CheckDATE}T00:00:00\",\"${NOWDATE}T23:59:59\"]}]},\"scope\":\"global\",\"size\":1,\"from\":0,\"sort\":{\"create_date\":{\"order\":\"desc\"}}}" > $ResultDir/HTTP-$URLName-$ToDay.json
ResultData=`cat $ResultDir/HTTP-$URLName-$ToDay.json | jq -r '.hits[]._source | .create_date + "," + .sha256'`
echo "$Check" $ResultData >> $ResultDir/HTTP-Result-${AddCheckDate}.csv
sleep 4
elif echo "${Check}" | grep -E "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" >/dev/null; then
echo ${Check}
python $ScriptDir/bin/panafapi.py -K --samples -j -r "{\"query\":{\"operator\":\"all\",\"children\":[{\"field\":\"sample.malware\",\"operator\":\"is\",\"value\":1},{\"field\":\"alias.ip_address\",\"operator\":\"contains\",\"value\":\"$ResultFile\"},{\"field\":\"sample.create_date\",\"operator\":\"is in the range\",\"value\":[\"${CheckDATE}T00:00:00\",\"${NOWDATE}T23:59:59\"]}]},\"scope\":\"global\",\"size\":1,\"from\":0,\"sort\":{\"create_date\":{\"order\":\"desc\"}}}" > $ResultDir/HTTP-$ResultFile-$ToDay.json
ResultData=`cat $ResultDir/HTTP-$ResultFile-$ToDay.json | jq -r '.hits[]._source | .create_date + "," + .sha256'`
echo "$Check" $ResultData >> $ResultDir/HTTP-Result-${AddCheckDate}.csv
sleep 4
else
echo ${Check}
python $ScriptDir/bin/panafapi.py -K --samples -j -r "{\"query\":{\"operator\":\"all\",\"children\":[{\"field\":\"sample.malware\",\"operator\":\"is\",\"value\":1},{\"field\":\"alias.domain\",\"operator\":\"contains\",\"value\":\"$ResultFile\"},{\"field\":\"sample.create_date\",\"operator\":\"is in the range\",\"value\":[\"${CheckDATE}T00:00:00\",\"${NOWDATE}T23:59:59\"]}]},\"scope\":\"global\",\"size\":1,\"from\":0,\"sort\":{\"create_date\":{\"order\":\"desc\"}}}" > $ResultDir/HTTP-$ResultFile-$ToDay.json
ResultData=`cat $ResultDir/HTTP-$ResultFile-$ToDay.json | jq -r '.hits[]._source | .create_date + "," + .sha256'`
echo "$Check" $ResultData >> $ResultDir/HTTP-Result-${AddCheckDate}.csv
sleep 4
fi
done
问题是此行及其未读取此类型的域google.com:443 如何使用条件也要阅读网址并删除:443
else
echo ${Check}
python $ScriptDir/bin/panafapi.py -K --samples -j -r "{\"query\":{\"operator\":\"all\",\"children\":[{\"field\":\"sample.malware\",\"operator\":\"is\",\"value\":1},{\"field\":\"alias.domain\",\"operator\":\"contains\",\"value\":\"$ResultFile\"},{\"field\":\"sample.create_date\",\"operator\":\"is in the range\",\"value\":[\"${CheckDATE}T00:00:00\",\"${NOWDATE}T23:59:59\"]}]},\"scope\":\"global\",\"size\":1,\"from\":0,\"sort\":{\"create_date\":{\"order\":\"desc\"}}}" > $ResultDir/HTTP-$ResultFile-$ToDay.json
ResultData=`cat $ResultDir/HTTP-$ResultFile-$ToDay.json | jq -r '.hits[]._source | .create_date + "," + .sha256'`
echo "$Check" $ResultData >> $ResultDir/HTTP-Result-${AddCheckDate}.csv
sleep 4
如何读取和删除此URL:443
错误:
http://google.com/
samples_search: 200 OK 339 0%
samples_results: 200 OK 798 100% hits=0 total=0 time=0:00:00.668 "complete"
google.com:443
samples_search_results: "HTTP Error 409: Conflict Invalid license"