Userscripts.org

And here's the tool I used to manage IPs and logs and stuff. It's not much, but it's better than nothing.

#!/usr/bin/perl -w
####
use strict;

use Tk;

my ($tk_main, $tk_top, $tk_find_frm, $tk_find, $tk_IPList, $tk_middle, $tk_Bank, $tk_bottom, $tk_Entry, $tk_News, $tk_statusframe, $text, $find_query);

$tk_main = MainWindow->new();
$tk_main->title('Slavehack IP Manager');

$tk_top = $tk_main->Frame()->pack(-side=>'top',-fill => 'both', -expand => 1);
$tk_top->Label(-text=>'IP List:')->pack(-side=>'top');
$tk_IPList = $tk_top->Scrolled('Text', -scrollbars => 'oe', -height=>20, -wrap => 'none'
)->pack(-side=>'top', -fill => 'both', -expand => 1);

$tk_find_frm = $tk_top->Frame()->pack(-side=>'top',-fill => 'both', -expand => 1);
$tk_find_frm->Label(-text=>'Find:')->pack(-side=>'top', -anchor => "w");
$tk_find = $tk_find_frm->Entry(-textvariable => \$find_query)->pack(-side=>'top', -fill => 'x', -expand => 1);
$tk_find->bind('<KeyPress>' => \&find);

$tk_middle = $tk_main->Frame()->pack(-side=>'top',-fill => 'both', -expand => 1);
$tk_middle->Label(-text=>'Bank Account Info:')->pack(-side=>'top');
$tk_Bank = $tk_middle->Scrolled('Text', -scrollbars => 'oe', -height=>10, -wrap => 'none'
)->pack(-side=>'top',-fill => 'both', -expand => 1);

$tk_bottom = $tk_main->Frame()->pack(-side=>'top',-fill => 'both', -expand => 1);
$tk_bottom->Label(-text=>'Paste Log Lines Here')->pack(-side=>'top');
$tk_Entry = $tk_bottom->Scrolled('Text', -scrollbars => 'oe', -height=>5, -wrap => 'none'
#, -command => [ \&readlog, $text ],
)->pack(-side=>'top',-fill => 'both', -expand => 1);
$tk_bottom->Button(-text => 'Close', -command => \&exit )->pack(-side=>'top');

$tk_statusframe = $tk_bottom->Frame()->pack(-side=>'bottom',-side=>'top',-fill => 'both', -expand => 1);
$tk_News = $tk_statusframe->Label(-relief=>'groove', -text=>'Status: ', -anchor => "w")->pack(-side=>'bottom',-fill => 'both', -expand => 1);

$tk_main->repeat(1000, \&tick);

# Load from file
if (open INFILE, "<bank.txt") {
my @contents = <INFILE>;
close INFILE;
$tk_Bank->insert('end', join('', @contents));
}
if (open INFILE, "<IP.txt") {
my @contents = <INFILE>;
close INFILE;
$tk_IPList->insert('end', join('', @contents));
}

MainLoop();

sub tick {
my $msg = '';
my $ct = 0;
my $bankct = 0;
my (%IP, %IPNotes, %BankGross, %BankNet, %BankNotes);

####
# Load data
my $content = $tk_Entry->get("1.0", "end");
# Return if there's nothing new.
return if ($content !~ /.+/);
# Finish loading data and clear the input area
my $content2 = $content;
my $IPList = $tk_IPList->get("1.0", "end");
my $BankList = $tk_Bank->get("1.0", "end");
$tk_Entry->delete("1.0", "end");

####
# Append data to log
open OUTFILE, ">>log.txt";
print OUTFILE $content;
close OUTFILE;

####
# Parse in prior data
# Parse in IP data
foreach (split("\n",$IPList)) {
# Popularity IP Notes
if (/^(\d+)\t(\d+\.\d+\.\d+\.\d+)\t(.*)$/) {
$IP{$2} = $1;
$IPNotes{$2} = $3;
}
}
# Parse in bank data
foreach (split("\n", $BankList)) {
# IP:ACCOUNT GROSS_CASHFLOW NET_CASHFLOW NOTES
if (/^(\d+\.\d+\.\d+\.\d+\:\d+)\t(\d+\.?\d*)\t(\-?\d+\.?\d*)\t(.*)$/) {
$BankGross{$1} = $2;
$BankNet{$1} = $3;
$BankNotes{$1} = $4;
}
}

####
# Extract the IP addresses
while ($content =~ s/(\d+\.\d+\.\d+\.\d+)//) {
my $IP = $1;

if (!defined($IPNotes{$IP})) { $IPNotes{$IP} = ''; }
if ($IP{$IP}++ == 0) {$ct++;}
}

####
# For each line:
foreach(split("\n",$content2)) {
# if a line start with an IP address, the rest of the line will be added to the notes section
if (/^(\d+\.\d+\.\d+\.\d+) (.*)$/) {
$IPNotes{$1} = addnote($IPNotes{$1}, $2);
}

# Extract bank transfers
# bank transfer: 107268.74 euros 499492 [71.136.63.190] --> 747744 [135.132.154.124]
if(/bank transfer\: (\d+\.?\d*) euros (\d+) \[(\d+\.\d+\.\d+\.\d+)\] \-\-\> (\d+) \[(\d+\.\d+\.\d+\.\d+)\]/) {
my ($cash, $srcacc, $dstacc, $srcbank, $dstbank) = ($1, "$3:$2", "$5:$4", $3, $5);
$IPNotes{$srcbank} = addnote($IPNotes{$srcbank}, "BANK");
$IPNotes{$dstbank} = addnote($IPNotes{$dstbank}, "BANK");
if (!defined($BankNotes{$srcacc})) {$bankct++;}
if (!defined($BankNotes{$dstacc})) {$bankct++;}
$BankNotes{$srcacc} = addnote($BankNotes{$srcacc}, "TRANSFER_FROM");
$BankNotes{$dstacc} = addnote($BankNotes{$dstacc}, "TRANSFER_TO");
$BankNet{$srcacc} -= $cash;
$BankNet{$dstacc} += $cash;
$BankGross{$srcacc} += $cash;
$BankGross{$dstacc} += $cash;
}

# [86.175.209.78] launched a DDoS attack via [localhost] to [0.209.34.123]
if (/\[(\d+\.\d+\.\d+\.\d+)\] launched a DDoS attack via \[localhost\] to \[(\d+\.\d+\.\d+\.\d+)\]/) {
my ($srcIP, $dstIP) = ($1, $2);
$IPNotes{$srcIP} = addnote($IPNotes{$srcIP}, "DDoSer");
$IPNotes{$dstIP} = addnote($IPNotes{$dstIP}, "DDoS_Target");
}

# slave 96.5.101.128 earned 8.08 euros, funds transferred to bank account 826665 at [33.53.184.126]
if (/slave (\d+\.\d+\.\d+\.\d+) earned (\d+\.?\d*) euros, funds transferred to bank account (\d+) at \[(\d+\.\d+\.\d+\.\d+)\]/) {
my ($IP, $cash, $account, $bankIP) = ($1, $2, "$4:$3", $4);
if (!defined($BankNotes{$account})) {$bankct++;}
$IPNotes{$IP} = addnote($IPNotes{$IP}, "SLAVE");
$IPNotes{$bankIP} = addnote($IPNotes{$bankIP}, "BANK");
$BankNet{$account} += $cash;
$BankGross{$account} += $cash;
$BankNotes{$account} = addnote($BankNotes{$account}, "SLAVE_DUMP");
}

# The slave 1.96.53.203 was removed from your list because you no longer have the admin password anymore and no virus is active.
if (/The slave (\d+\.\d+\.\d+\.\d+) was removed from your list because you no longer have the admin password anymore and no virus is active./) {
$IPNotes{$1} = delnote($IPNotes{$1}, "MySlave");
}
}



#####
# Format and output bank data
# IP:ACCOUNT GROSS_CASHFLOW NET_CASHFLOW NOTES
my $output = "IP:AccountNumber\tGross_Cashflow\tNet_Cashflow\tNotes\n";
foreach my $account (sort {$BankGross{$b} <=> $BankGross{$a}} keys(%BankNet)) {
$output .= "$account\t$BankGross{$account}\t$BankNet{$account}\t$BankNotes{$account}\n";
}
$tk_Bank->delete("1.0", "end");
$tk_Bank->insert('end', $output);
if (open OUTFILE, ">bank.txt") {
print OUTFILE $output;
close OUTFILE;
} else {
warn "Unable to open bank.txt! ($!)\n";
}

####
# Format and output IP data
# Popularity IP Notes
$output = "Qty.\tIP_Address\tNotes\n";
foreach my $IP (sort {$IP{$b} <=> $IP{$a}} keys(%IPNotes)) {
$output .= "$IP{$IP}\t$IP\t$IPNotes{$IP}\n";
}
$tk_IPList->delete("1.0", "end");
$tk_IPList->insert('end', $output);
if (open OUTFILE, ">IP.txt") {
print OUTFILE $output;
close OUTFILE;
} else {
warn "Unable to open IP.txt! ($!)\n";
}


$msg = "$ct new IPs found. $bankct new bank accounts found.";

$tk_News->configure(-text=>"Status: $msg");
}

sub addnote {
my ($str, $substr) = @_;
return $substr if (!defined($str));
return $str if (index($str, $substr) >= 0);
return $substr if ($str eq '');
return $str . " " . $substr;
}

sub delnote {
my ($str, $substr) = @_;
return $str if (!defined($str) || !defined($substr));
$str =~ s/ $substr / / ||
$str =~ s/$substr // ||
$str =~ s/ $substr//;
return $str;
}

sub find {
my $i = $tk_IPList->search(-nocase, $find_query, "1.0");
$tk_IPList->see($i) if defined($i);

$i = $tk_Bank->search(-nocase, $find_query, "1.0");
$tk_Bank->see($i) if defined($i);
}