diff --git a/tools/analyze-historical-attacks.sh b/tools/analyze-historical-attacks.sh index a3f225e..3732e63 100755 --- a/tools/analyze-historical-attacks.sh +++ b/tools/analyze-historical-attacks.sh @@ -157,10 +157,14 @@ declare -A IP_SAMPLE_URLS # Sample URLs per IP # Progress indicator show_progress() { -count=$1 -total=$2 -percent=$((count * 100 / total)) - echo -ne "\r${BLUE}[*]${NC} Processing: $count/$total lines ($percent%) " + count=$1 + total=$2 + if [ "$total" = "unknown" ] || [ "$total" -eq 0 ] 2>/dev/null; then + echo -ne "\r${BLUE}[*]${NC} Processing: $count lines... " + else + percent=$((count * 100 / total)) + echo -ne "\r${BLUE}[*]${NC} Processing: $count/$total lines ($percent%) " + fi } # Start analysis @@ -273,16 +277,16 @@ uri="${temp#*||}" fi done < <($CAT_CMD "$log_file" 2>/dev/null) - echo " → Found $file_attacks attacks" >> "$OUTPUT_FILE" + echo " → Found $file_attacks attacks" done - echo "" >> "$OUTPUT_FILE" + echo "" echo "================================================================================ -" >> "$OUTPUT_FILE" - echo "ATTACKING IPs - DETAILED BREAKDOWN" >> "$OUTPUT_FILE" +" + echo "ATTACKING IPs - DETAILED BREAKDOWN" echo "================================================================================ -" >> "$OUTPUT_FILE" - echo "" >> "$OUTPUT_FILE" +" + echo "" # Sort IPs by cumulative threat score and display # Create sorted list first to avoid subshell issues @@ -327,9 +331,9 @@ uri="${temp#*||}" fi # Print IP summary - echo "[$ip_count] $ip" >> "$OUTPUT_FILE" - printf " Attacks: %d | Avg Score: %d | Threat Level: %s\n" "$attack_count" "$avg_score" "$level" >> "$OUTPUT_FILE" - echo " Attack Types: $attack_summary" >> "$OUTPUT_FILE" + echo "[$ip_count] $ip" + printf " Attacks: %d | Avg Score: %d | Threat Level: %s\n" "$attack_count" "$avg_score" "$level" + echo " Attack Types: $attack_summary" # Get reputation (if available) if type get_threat_intelligence &>/dev/null; then @@ -337,53 +341,53 @@ uri="${temp#*||}" if [ -n "$threat_intel" ]; then IFS='|' read -r abuse_conf abuse_rpts country isp geo timing whitelisted <<< "$threat_intel" if [ "${abuse_conf:-0}" -gt 0 ]; then - printf " Reputation: AbuseIPDB %d%% confidence (%d reports) | %s\n" "${abuse_conf:-0}" "${abuse_rpts:-0}" "${country:-Unknown}" >> "$OUTPUT_FILE" + printf " Reputation: AbuseIPDB %d%% confidence (%d reports) | %s\n" "${abuse_conf:-0}" "${abuse_rpts:-0}" "${country:-Unknown}" fi fi fi # Show sample URLs if [ -n "$sample_urls" ]; then - echo " Sample Targets:" >> "$OUTPUT_FILE" + echo " Sample Targets:" IFS='||' read -ra urls <<< "$sample_urls" for url in "${urls[@]}"; do - echo " - $url" >> "$OUTPUT_FILE" + echo " - $url" done fi - echo "" >> "$OUTPUT_FILE" + echo "" done <<< "$sorted_ips" echo "================================================================================ -" >> "$OUTPUT_FILE" - echo "SUMMARY STATISTICS" >> "$OUTPUT_FILE" +" + echo "SUMMARY STATISTICS" echo "================================================================================ -" >> "$OUTPUT_FILE" - echo "" >> "$OUTPUT_FILE" - echo "Total lines processed: $TOTAL_LINES" >> "$OUTPUT_FILE" - echo "Total attacks detected: $TOTAL_ATTACKS" >> "$OUTPUT_FILE" - echo "Unique attacking IPs: ${#TOP_ATTACKERS[@]}" >> "$OUTPUT_FILE" - echo "" >> "$OUTPUT_FILE" - echo "Attack Severity:" >> "$OUTPUT_FILE" - echo " - Critical (≥85): $CRITICAL_ATTACKS" >> "$OUTPUT_FILE" - echo " - High (70-84): $HIGH_ATTACKS" >> "$OUTPUT_FILE" - echo " - Medium (50-69): $MEDIUM_ATTACKS" >> "$OUTPUT_FILE" - echo "" >> "$OUTPUT_FILE" +" + echo "" + echo "Total lines processed: $TOTAL_LINES" + echo "Total attacks detected: $TOTAL_ATTACKS" + echo "Unique attacking IPs: ${#TOP_ATTACKERS[@]}" + echo "" + echo "Attack Severity:" + echo " - Critical (≥85): $CRITICAL_ATTACKS" + echo " - High (70-84): $HIGH_ATTACKS" + echo " - Medium (50-69): $MEDIUM_ATTACKS" + echo "" # Top Attack Types - echo "Top Attack Types:" >> "$OUTPUT_FILE" + echo "Top Attack Types:" for type in "${!ATTACK_TYPES[@]}"; do echo "$type:${ATTACK_TYPES[$type]}" done | sort -t: -k2 -nr | head -10 | while IFS=: read -r type count; do - printf " %-20s %5d attacks\n" "$type" "$count" >> "$OUTPUT_FILE" + printf " %-20s %5d attacks\n" "$type" "$count" done - echo "" >> "$OUTPUT_FILE" + echo "" echo "================================================================================ -" >> "$OUTPUT_FILE" - echo "END OF REPORT" >> "$OUTPUT_FILE" +" + echo "END OF REPORT" echo "================================================================================ -" >> "$OUTPUT_FILE" +" } > "$OUTPUT_FILE"