• TRAP
  • NAME
  • VERSION
  • SYNOPSIS
    • Perl
    • Command line
  • DESCRIPTION
    • TRAP
    • TRAP::Compare
  • REQUIREMENTS
  • INSTALLATION
  • METHODS
    • • analysis
  • OSNAMES
  • SCRIPT CATEGORIES
  • DOCUMENTATION
  • SUPPORT
    • • Bugs / Feature Requests
      • Source Code
  • AUTHORS
  • COPYRIGHT AND LICENSE

TRAP

NAME

TRAP::Compare. TRAP - Tool for Regex Analysis with Perl

VERSION

version 0.0.1

SYNOPSIS

Perl

    use TRAP::Compare;
    my @directories = ("TRAP_*", "report_*");
    my $reports = analysis \@directories;
    report($reports);

Command line

    ~# perl TRAP.pm -f "forensic_files*,other_files*"
    ~# perl TRAP/Compare.pm
    ~# perl TRAP/Compare.pm "custom_report_directories*" "second_report_directory*"

DESCRIPTION

TRAP

A forensic tool to extract some informations from files.

I created this tool following an investigation of an infected backup file. This file was only part of a backup and it was necessary to identify the server to which this piece of backup corresponded. I finally found the server by analyzing the file, strings after strings. Some strings allowed the absolute identification of the server. I chose to create this tool in order to avoid long search to other people in a similar case.

It was also important to find out why the file was detected as infected. This tool will allow you to identify certain payloads or abnormal elements on a server.

I make this tool in perl because it is pre-integrated on all Linux systems and it is particularly optimized for regular expression.

TRAP::Compare

This file compare reports by filename and saves and prints matches with multiple filenames.

REQUIREMENTS

• perl - Perl (v5.26)

• perl standard library - Perl Standard Library

Modules used:

• strict - strict

• Text::CSV - Text::CSV

INSTALLATION

    ~# git clone https://github.com/MauriceLambert/TRAP.git

METHODS

analysis

    use TRAP::Compare;
    my @directories = ("TRAP_*", "report_*");
    my $reports = analysis \@directories;
    report($reports);

This method returns a HASH of HASHES -> {match => {filename => 1}}.

• directories - Array of glob syntax of report directories to be analysed.

This method analyses reports to extract matches with multiple filenames.

OSNAMES

any

SCRIPT CATEGORIES

Forensic/Investigation

DOCUMENTATION

• https://mauricelambert.github.io/info/perl/code/TRAP_Compare.html

SUPPORT

Bugs / Feature Requests

Please report any bugs or feature requests through the issue tracker at https://github.com/MauriceLambert/TRAP/issues. You will be notified automatically of any progress on your issue.

Source Code

This is open source software. The code repository is available for public review and contribution under the terms of the license.

https://github.com/MauriceLambert/TRAP

  git clone https://github.com/MauriceLambert/TRAP.git

AUTHORS

• Maurice LAMBERT <mauricelambert434@gmail.com>

COPYRIGHT AND LICENSE

TRAP Copyright (C) 2022 Maurice Lambert This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions.

• https://www.gnu.org/licenses/ - Licensed under the GPL, version 3. (GPL-3.0 License)