Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/enomothem/Whoamifuck
用于Linux应急响应,快速排查异常用户登录情况和入侵信息排查,准确定位溯源时间线,高效辅助还原攻击链。
https://github.com/enomothem/Whoamifuck
anti-virus blueteam emergency-response eonian-sharp incedence incedence-response ir linux linux-ir pentesting-tools pentration-testing redteam shell
Last synced: 21 days ago
JSON representation
用于Linux应急响应,快速排查异常用户登录情况和入侵信息排查,准确定位溯源时间线,高效辅助还原攻击链。
- Host: GitHub
- URL: https://github.com/enomothem/Whoamifuck
- Owner: enomothem
- Created: 2021-02-08T10:50:41.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2024-08-06T01:01:35.000Z (4 months ago)
- Last Synced: 2024-08-06T11:18:30.629Z (4 months ago)
- Topics: anti-virus, blueteam, emergency-response, eonian-sharp, incedence, incedence-response, ir, linux, linux-ir, pentesting-tools, pentration-testing, redteam, shell
- Language: Shell
- Homepage: http://eoniansharp.com
- Size: 460 KB
- Stars: 298
- Watchers: 8
- Forks: 34
- Open Issues: 3
-
Metadata Files:
- Readme: README-EN.md
Awesome Lists containing this project
- awesome-hacking-lists - enomothem/Whoamifuck - 用于Linux应急响应,快速排查异常用户登录情况和入侵信息排查,准确定位溯源时间线,高效辅助还原攻击链。 (Shell)
README
# Whoamifuck
[中文](https://github.com/enomothem/Whoamifuck) | English
## Ax Introduction
Whoamifuck,Eonian sharp's first open source tool. This is a tool written by shell to detect intruders, after the function update, is not limited to checking users' login information.
The current functions of the tool basically meet the basic needs of emergency response, and more intrusion detection points will be added in the future and the code will be improved.
## Bx Version
#### update* February 8, 2021 Release whoamifuck2.
* June 3, 2021 Format to optimize.
* June 6, 2021 Whoamifuck3, add user basic information.
* June 3, 2022 New features added.
* June 6, 2022 Release whoamifuck4.0.#### TODO
- [x] System Version information
- [x] History Command `history` Information
- [x] Enabling Service Information
- [x] Process analysis information
- [x] User Information Verification
- [x] File Status information
- [x] Scheduled Task `crontab` Information## Cx Usage
### Download
```
git clone https://github.com/enomothem/Whoamifuck.git
cd Whoamifuck
chmod +x whoamifuck.sh
```
### Usage
```
usage:-v --version show version.
-h --help show help guide.
-f --file [filepath] select file path, Default file: /var/log/auth.log
-n --nomal nomal show.
-a --process-and-service check service and process information.
-u --user-device check device information.```
![](https://lit.enomothem.com/zhixinghe/20220605001102.png)## Cx About Eonian Sharp