{"id":13846085,"url":"https://github.com/enomothem/Whoamifuck","last_synced_at":"2025-07-12T04:30:52.090Z","repository":{"id":112648542,"uuid":"337044068","full_name":"enomothem/Whoamifuck","owner":"enomothem","description":"用于Linux应急响应，快速排查异常用户登录情况和入侵信息排查，准确定位溯源时间线，高效辅助还原攻击链。","archived":false,"fork":false,"pushed_at":"2024-08-06T01:01:35.000Z","size":471,"stargazers_count":298,"open_issues_count":3,"forks_count":34,"subscribers_count":8,"default_branch":"main","last_synced_at":"2024-08-06T11:18:30.629Z","etag":null,"topics":["anti-virus","blueteam","emergency-response","eonian-sharp","incedence","incedence-response","ir","linux","linux-ir","pentesting-tools","pentration-testing","redteam","shell"],"latest_commit_sha":null,"homepage":"http://eoniansharp.com","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/enomothem.png","metadata":{"files":{"readme":"README-EN.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-02-08T10:50:41.000Z","updated_at":"2024-08-06T01:01:39.000Z","dependencies_parsed_at":"2024-04-17T15:29:22.294Z","dependency_job_id":"99aa3564-3fff-407c-b2be-84e91e32eb0c","html_url":"https://github.com/enomothem/Whoamifuck","commit_stats":null,"previous_names":[],"tags_count":22,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enomothem%2FWhoamifuck","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enomothem%2FWhoamifuck/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enomothem%2FWhoamifuck/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enomothem%2FWhoamifuck/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/enomothem","download_url":"https://codeload.github.com/enomothem/Whoamifuck/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225791532,"owners_count":17524803,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anti-virus","blueteam","emergency-response","eonian-sharp","incedence","incedence-response","ir","linux","linux-ir","pentesting-tools","pentration-testing","redteam","shell"],"created_at":"2024-08-04T17:04:19.924Z","updated_at":"2024-11-21T19:31:08.405Z","avatar_url":"https://github.com/enomothem.png","language":"Shell","funding_links":[],"categories":["取证溯源","Shell"],"sub_categories":[],"readme":"# Whoamifuck\n\n[中文](https://github.com/enomothem/Whoamifuck) | English \n\n## Ax Introduction\n\u003cp\u003eWhoamifuck，Eonian sharp's first open source tool. This is a tool written by shell to detect intruders, after the function update, is not limited to checking users' login information.\u003c/p\u003e\n\u003cp\u003eThe current functions of the tool basically meet the basic needs of emergency response, and more intrusion detection points will be added in the future and the code will be improved.\u003c/p\u003e\n\n\n## Bx Version\n#### update\n\n * February 8, 2021 Release whoamifuck2.\n * June 3, 2021 Format to optimize.\n * June 6, 2021 Whoamifuck3, add user basic information.\n * June 3, 2022 New features added.\n * June 6, 2022 Release whoamifuck4.0.\n\n#### TODO\n\n- [x] System Version information\n- [x] History Command `history` Information\n- [x] Enabling Service Information\n- [x] Process analysis information\n- [x] User Information Verification\n- [x] File Status information\n- [x] Scheduled Task `crontab` Information\n\n## Cx Usage\n### Download\n```\ngit clone https://github.com/enomothem/Whoamifuck.git\ncd Whoamifuck\nchmod +x whoamifuck.sh\n```\n### Usage\n```\nusage:  \n\n\t -v --version\t\t\tshow version.\n \t -h --help\t\t\tshow help guide.\n\t -f --file [filepath]\t\tselect file path, Default file: /var/log/auth.log\n\t -n --nomal\t\t\tnomal show.\n\t -a --process-and-service\tcheck service and process information.\n\t -u --user-device\t\tcheck device information.\n\n```\n![](https://lit.enomothem.com/zhixinghe/20220605001102.png)\n\n## Cx About Eonian Sharp\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://lit.enomothem.com/zhixinghe/20220528141025.jfif\"\u003e\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenomothem%2FWhoamifuck","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fenomothem%2FWhoamifuck","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenomothem%2FWhoamifuck/lists"}