Carrie Roberts
0859cb997a
* removing descriptions of xxx (left over from template) * update input param descriptions * description update * removing descriptions of xxx (left over from template)
29 lines
821 B
YAML
29 lines
821 B
YAML
---
|
|
attack_technique: T1139
|
|
display_name: Bash History
|
|
|
|
atomic_tests:
|
|
- name: Search Through Bash History
|
|
description: |
|
|
Search through bash history for specifice commands we want to capture
|
|
supported_platforms:
|
|
- linux
|
|
- macos
|
|
input_arguments:
|
|
bash_history_filename:
|
|
description: Path of the bash history file to capture
|
|
type: Path
|
|
default: ~/.bash_history
|
|
bash_history_grep_args:
|
|
description: grep arguments that filter out specific commands we want to capture
|
|
type: Path
|
|
default: -e '-p ' -e 'pass' -e 'ssh'
|
|
output_file:
|
|
description: Path where captured results will be placed
|
|
type: Path
|
|
default: ~/loot.txt
|
|
executor:
|
|
name: sh
|
|
command: |
|
|
cat #{bash_history_filename} | grep #{bash_history_grep_args} > #{output_file}
|