migrate to git.charlotte.sh

2025-04-19 23:42:08 -04:00 · 2025-04-19 23:42:08 -04:00 · fbd588721e
commit fbd588721e
412 changed files with 13750 additions and 0 deletions
--- a/automation-sys320/week08/Midterm.ps1
+++ b/automation-sys320/week08/Midterm.ps1
@ -0,0 +1,67 @@
+
+# 1. Function to get IOC table from the given web page
+function getIOCTable(){
+
+    $page = Invoke-WebRequest -TimeoutSec 10 http://10.0.17.5/IOC.html
+
+    # get all tr elements
+    $trs=$page.ParsedHTML.body.getElementsByTagName("tr")
+
+    # array to hold results
+    $IOCTable = @()
+    for($i=1; $i -lt $trs.length; $i++){
+        # get every td element of current tr element
+           $tds= $trs[$i].getElementsByTagName("td")
+           $IOCTable += [pscustomobject]@{"Pattern" = $tds[0].innerText; "Explanation" = $tds[1].innerText; }                                 
+    }# for loop end
+
+        return $IOCTable
+} # function end
+
+# getIOCTable | Format-Table
+
+# 2. function to get Apache Access logs
+function getApacheLogs(){
+    $logs = Get-Content "C:\Users\champuser\SYS320\week8\access.log"
+    $logTable = @()
+
+    for($i=0; $i -lt $logs.Length; $i++){
+
+        # split string into words
+        $words = $logs[$i] -split " "
+
+        $logTable += [pscustomobject]@{"IP" = $words[0]; `
+                                           "Time" = $words[3].Trim('['); `
+                                           "Method" = $words[5].Trim('"'); `
+                                           "Page" = $words[6]; `
+                                           "Protocol" = $words[7]; `
+                                           "Response" = $words[8]; `
+                                           "Referrer" = $words[10]; ` }
+    }# for loop end
+
+    return $logTable
+} # function end
+
+# getApacheLogs | Format-Table
+
+
+# 3. get Apache logs, but only display those that have an IOC in the page field
+function getIOCLogs(){
+    $logTable = getApacheLogs
+    $IOCTable = getIOCTable
+
+    $IOCLogTable = @()
+    for($i = 0; $i -lt $logTable.Count; $i++){
+        for($j = 0; $j -lt $IOCTable.Count; $j++){
+            if ($logTable[$i].Page -match $IOCTable[$j].Pattern){
+                $IOCLogTable += $logTable[$i]
+            } # if end
+        } # inner for loop end
+    } # outer for loop end
+   
+   return $IOCLogTable
+
+} # function end
+
+getIOCLogs | Format-Table
+