bash

Show all IP’s for AS32934 (Facebook)

whois -h whois.radb.net -- '-i origin AS32934' | awk '/^route:/ {print $2;}' | sort | uniq
102.132.96.0/20
102.132.96.0/24
102.132.97.0/24
103.4.96.0/22
129.134.0.0/16
129.134.0.0/17
129.134.25.0/24
129.134.26.0/24
129.134.27.0/24
129.134.28.0/24
129.134.29.0/24
129.134.30.0/23
129.134.30.0/24
129.134.31.0/24
157.240.0.0/16
157.240.0.0/17
157.240.0.0/24
157.240.1.0/24
157.240.10.0/24
157.240.11.0/24
157.240.12.0/24
157.240.13.0/24
157.240.14.0/24
157.240.15.0/24
157.240.16.0/24
157.240.17.0/24
157.240.18.0/24
157.240.19.0/24
157.240.192.0/24
157.240.193.0/24
157.240.194.0/24
157.240.195.0/24
157.240.196.0/24
157.240.197.0/24
157.240.198.0/24
157.240.2.0/24
157.240.20.0/24
157.240.200.0/24
157.240.201.0/24
157.240.203.0/24
157.240.204.0/24
157.240.205.0/24
157.240.206.0/24
157.240.207.0/24
157.240.208.0/24
157.240.209.0/24
157.240.21.0/24
157.240.210.0/24
157.240.211.0/24
157.240.212.0/24
157.240.213.0/24
157.240.214.0/24
157.240.215.0/24
157.240.216.0/24
157.240.22.0/24
157.240.222.0/24
157.240.23.0/24
157.240.24.0/24
157.240.25.0/24
157.240.26.0/24
157.240.27.0/24
157.240.28.0/24
157.240.29.0/24
157.240.3.0/24
157.240.30.0/24
157.240.4.0/24
157.240.5.0/24
157.240.6.0/24
157.240.7.0/24
157.240.8.0/24
157.240.9.0/24
173.252.64.0/18
173.252.64.0/19
173.252.70.0/24
173.252.96.0/19
179.60.192.0/22
179.60.192.0/24
179.60.193.0/24
179.60.194.0/24
179.60.195.0/24
185.60.216.0/22
185.60.216.0/24
185.60.217.0/24
185.60.218.0/24
185.60.219.0/24
185.89.218.0/23
185.89.218.0/24
185.89.219.0/24
199.201.64.0/22
199.201.64.0/24
199.201.65.0/24
204.15.20.0/22
31.13.24.0/21
31.13.64.0/18
31.13.64.0/19
31.13.64.0/24
31.13.65.0/24
31.13.66.0/24
31.13.67.0/24
31.13.68.0/24
31.13.69.0/24
31.13.70.0/24
31.13.71.0/24
31.13.72.0/24
31.13.73.0/24
31.13.74.0/24
31.13.75.0/24
31.13.76.0/24
31.13.77.0/24
31.13.78.0/24
31.13.79.0/24
31.13.80.0/24
31.13.81.0/24
31.13.82.0/24
31.13.83.0/24
31.13.84.0/24
31.13.85.0/24
31.13.86.0/24
31.13.87.0/24
31.13.88.0/24
31.13.89.0/24
31.13.90.0/24
31.13.91.0/24
31.13.92.0/24
31.13.93.0/24
31.13.94.0/24
31.13.95.0/24
31.13.96.0/19
45.64.40.0/22
66.220.144.0/20
66.220.144.0/21
66.220.152.0/21
66.220.159.0/24
69.171.224.0/19
69.171.224.0/20
69.171.239.0/24
69.171.240.0/20
69.171.250.0/24
69.171.253.0/24
69.171.255.0/24
69.63.176.0/20
69.63.176.0/21
69.63.176.0/24
69.63.178.0/24
69.63.184.0/21
69.63.186.0/24
74.119.76.0/22

Read UFW logfile and show attempts to login to port 22 (ssh)

sudo grep "DPT=22" /var/log/ufw.log | sed 's/<[0-9]>/0&/' | cut -d' ' -f12 | awk '{a[$0]++}END{for(i in a)print i,a[i]}' | sort -k 2 -n -r | head -n 20
SRC=94.102.56.181 20
SRC=80.82.70.239 8
SRC=104.244.72.106 7
SRC=116.89.189.37 6
SRC=80.211.9.178 4
SRC=80.211.57.210 4
SRC=80.211.40.182 4
SRC=223.111.157.138 4
SRC=218.89.55.163 4
SRC=205.185.127.36 4
SRC=185.156.73.60 4
SRC=107.189.11.160 4
SRC=80.211.224.49 3
SRC=80.211.112.81 3
SRC=45.136.109.83 3
SRC=212.237.25.99 3
SRC=94.102.52.28 2
SRC=80.211.75.118 2
SRC=72.52.128.192 2
SRC=67.207.88.180 2

Read log files & show failed user attempts

sudo grep "Invalid user " /var/log/auth.log | sed 's/<[0-9]>/0&/' | cut -d' ' -f8 | awk '{a[$0]++}END{for(i in a)print i,a[i]}' | sort -k 2 -n -r | head -n 100

Read log files & show the IP address for failed user attempts

sudo grep "Invalid user " /var/log/auth.log | sed 's/<[0-9]>/0&/' | cut -d' ' -f10 | awk '{a[$0]++}END{for(i in a)print i,a[i]}' | sort -k 2 -n -r | head -n 100

Leave a Reply

Your email address will not be published.