Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/enomothem/Whoamifuck

用于Linux应急响应，快速排查异常用户登录情况和入侵信息排查，准确定位溯源时间线，高效辅助还原攻击链。
https://github.com/enomothem/Whoamifuck

anti-virus blueteam emergency-response eonian-sharp incedence incedence-response ir linux linux-ir pentesting-tools pentration-testing redteam shell

Last synced: about 1 month ago
JSON representation

用于Linux应急响应，快速排查异常用户登录情况和入侵信息排查，准确定位溯源时间线，高效辅助还原攻击链。

Host: GitHub
URL: https://github.com/enomothem/Whoamifuck
Owner: enomothem
Created: 2021-02-08T10:50:41.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2024-08-03T10:53:14.000Z (about 1 month ago)
Last Synced: 2024-08-04T11:00:00.719Z (about 1 month ago)
Topics: anti-virus, blueteam, emergency-response, eonian-sharp, incedence, incedence-response, ir, linux, linux-ir, pentesting-tools, pentration-testing, redteam, shell
Language: Shell
Homepage: http://eoniansharp.com
Size: 453 KB
Stars: 298
Watchers: 8
Forks: 34
Open Issues: 3
Metadata Files:
- Readme: README-EN.md

Awesome Lists containing this project

awesome-hacking-lists - enomothem/Whoamifuck - 用于Linux应急响应，快速排查异常用户登录情况和入侵信息排查，准确定位溯源时间线，高效辅助还原攻击链。 (Shell)

README

# Whoamifuck

[中文](https://github.com/enomothem/Whoamifuck) | English

## Ax Introduction

Whoamifuck，Eonian sharp's first open source tool. This is a tool written by shell to detect intruders, after the function update, is not limited to checking users' login information.

The current functions of the tool basically meet the basic needs of emergency response, and more intrusion detection points will be added in the future and the code will be improved.

## Bx Version
#### update

* February 8, 2021 Release whoamifuck2.
* June 3, 2021 Format to optimize.
* June 6, 2021 Whoamifuck3, add user basic information.
* June 3, 2022 New features added.
* June 6, 2022 Release whoamifuck4.0.

#### TODO

- [x] System Version information
- [x] History Command `history` Information
- [x] Enabling Service Information
- [x] Process analysis information
- [x] User Information Verification
- [x] File Status information
- [x] Scheduled Task `crontab` Information

## Cx Usage
### Download
```
git clone https://github.com/enomothem/Whoamifuck.git
cd Whoamifuck
chmod +x whoamifuck.sh
```
### Usage
```
usage:

-v --version show version.
-h --help show help guide.
-f --file [filepath] select file path, Default file: /var/log/auth.log
-n --nomal nomal show.
-a --process-and-service check service and process information.
-u --user-device check device information.

```
![](https://lit.enomothem.com/zhixinghe/20220605001102.png)

## Cx About Eonian Sharp