cat pslist.txt | awk {'print $3'} | grep -vi "pid1\|pid2\|pid3\|" | tr "\n" ", "
to then copy paste the 3-5 lines of pids into the command line (making a big ugly mess,) I decided it was high time to make things a little simpler (and cleaner).
I started out writing a script that prompted me for the pids I wanted to exclude, which would then just dump the entire mess into the command line, for me to still then copy/paste into the volatility command. Saves me a bit of typing, but wasn't quite as clean as I wanted. So, I figured it was high time I learn how to use options in bash. This is a simple but functional script so that instead of pasting a zillion pids into volatility's -p option, I can do something cleaner like
volcommandstuff -p $(getpid -p "pid1 pid2 pid3") and it'll dump the edited list in for me. I'm kind of proud of this one, probably for no good reason, but whatever.
Here's the script
#!/bin/bash
#Script to pull all the PIDs from volatility pslist output stored in a text file, excluding specified PIDs supplied by the user
#This script assumes you're in a directory with the appropriate pslist.txt output file
set -e
#check to see if an option was entered
if [ $OPTIND -eq 0 ]; then
echo 'Useage: thisScript.sh -p "space seperated pid list"'
exit 1
fi
while getopts "p:" userInput; do
case "$userInput" in
"p") read -a pids <<< "${OPTARG}"
for item in ${pids[@]}; do
string+="$item\|"
done
modString=(${string:0:${#string}-2})
string=$(cat pslist.txt | awk {'print $3'} | tail -n +3 | grep -vi "$modString" | tr "\n" ",")
modString=(${string:0:${#
;;
*) echo 'Useage: getpid -p "space seperated pid list"'
;;
esac
done
echo $modString
modString=(${string:0:${#
;;
*) echo 'Useage: getpid -p "space seperated pid list"'
;;
esac
done
echo $modString
No comments:
Post a Comment