Bash脚本将十六进制数的变量传递给Perl Regex搜索以匹配MAC地址

Question

我一直在碰壁，试图找出我做错了什么。我现在的代码是：

#!\bin\sh 

read -p "Enter Third Octet Here " octet
perl -ne 'while(/[0-9A-F]{2}[:-][0-9A-F]{2}[:-]("$ENV{'$octet'}")[:-][0-9A-F]{2}[:-][0-9A-F]{2}[:-][0-9A-F]{2}(?=((\s)|(\/)))/ig){print "$&\n";}' manuf.txt
perl -ne 'while(/[0-9A-F]{2}[:-][0-9A-F]{2}[:-]("$ENV{'$octet'}")(?=((\s)|(\/)))/ig){print "$&\n";}' manuf.txt

我要做的是根据制造商查找列表(https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=manuf)识别MAC地址的第三个八位字节。我希望脚本将变量55，B3，b3，FF传递给perl单行程序，并让它将其插入到matches中，然后逐行打印匹配项。到目前为止，如果没有这个变量，它将查找文件中的每个MAC地址，无论它是用:还是-表示，也不管它是6个八位字节的字符串还是3个八位字节的字符串。使用env变量，它不会返回任何内容。我什么都试过了，似乎都不管用。我碰到了一堵墙

我还希望能够进行基于第三和第四个八位字节的第二次匹配，以及基于第三和第四个和第五个八位字节的第三次匹配，但这是一个遥远的目标，不仅仅是让它工作

Answer 1

要将外壳变量传递给Perl单行程序，请使用-s选项。例如：

SOME_VAR=test
perl -se 'print $var' -- -var=$SOME_VAR

Answer 2

为什么不用perl来完成所有的工作呢？

#!/usr/bin/env perl
use strict;
use warnings;

#get input
print "Enter third octet:\n";
chomp ( my $input = <> );

#open our file for reading. 
open ( my $manuf, '<', 'manuf.txt') or die $!;

#iterate line by line
while (<$manuf>) {
   #match instances of octets from the file, into $mac
   my ($mac) = m/((?:[0-9a-fA-F]{2}[:-]?){3})/ or next;
   #split it on 'nonwords' which means pretty much any delimiter. 
   #map {lc} lowercases the elements, this makes the whole thing case
   #insensitive.  
   my @octets = map { lc } split /\W/, $mac;
   #print if there's a match
   print if $octets[2] eq lc $input; 
}

close ( $manuf );

如果您希望匹配多个，那么最简单的方法可能是重新格式化您的输入，使其不受分隔符的限制，然后由regex进行匹配。如下所示：

$input =~ s/\W/:/g;

将把输入分隔符转换为:，而不管别人给了什么。所以你可以输入：

00:00:0A
00-0A-00
00 0A-FF

然后，您可以在循环中匹配-而不是测试八位数匹配，使用正则表达式匹配：

while (<$manuf>) {
   my ($mac) = m/^((?:[0-9a-fA-F]{2}[:-]?){3})/ or next;
   my $reformatted_mac = join ":", map { lc } split /\W/, $mac;
   print if $reformatted_mac =~ m/$input/; 
}

现在，这是使用正则表达式，所以它实际上是一个子串匹配。它也是非锚定的，所以如果你‘输入’'0A‘，你会匹配字符串中所有的0A。

但是你可以这样做：

   print if $reformatted_mac =~ m/^$input/; 

但是，您必须始终输入“起始”八位字节。(但在这一点上支持正则表达式输入也不是太难)。

Answer 3

我的最终代码最终是

​

  #!\bin\sh 
#requires perl
#requires manuf.txt available from wireshark
#requires last 4 octets of mac address available from Ubertooth-scan
#use responsibly and don't use for any unauthorized purposes
#based in part on code from http://stackoverflow.com/questions/36119396/bash-script-passes-variable-that-is-a-hex-number-to-a-perl-regex-search-to-match?noredirect=1#comment59878958_36119396

read -p "Enter Third and Fourth and Fifth and Sixth Octet Here (AB:CD:EF:12) " STR

octet6=$(echo $STR | cut -c 1-11)
octet5=$(echo $STR | cut -c 1-8)
octet4=$(echo $STR | cut -c 1-5)
octet=$(echo $STR | cut -c 1-2)

#Makes sure the manuf.txt file only contains ":" notation
sed -i 's/-/:/ig' manuf.txt

#third and fourth and fifth octet
perl -nse 'print if /[0-9A-F]{2}[:][0-9A-F]{2}[:]$octet[:][0-9A-F]{2}[:][0-9A-F]{2}[:][0-9A-F]{2}(?=((\s)|(\/)))/ig' -- -octet=$octet5 manuf.txt

perl -nse 'print if /[0-9A-F]{2}[:][0-9A-F]{2}[:]$octet(?=((\s)|(\/)))/ig' -- -octet=$octet5 manuf.txt

#third and fourth octet
perl -nse 'print if /[0-9A-F]{2}[:][0-9A-F]{2}[:]$octet[:][0-9A-F]{2}[:][0-9A-F]{2}[:][0-9A-F]{2}(?=((\s)|(\/)))/ig' -- -octet=$octet4 manuf.txt

perl -nse 'print if /[0-9A-F]{2}[:][0-9A-F]{2}[:]$octet(?=((\s)|(\/)))/ig' -- -octet=$octet4 manuf.txt

#Third octet. Kind of pointless bc it might generate hundreds or thousands of matches
perl -nse 'print if /[0-9A-F]{2}[:][0-9A-F]{2}[:]$octet[:][0-9A-F]{2}[:][0-9A-F]{2}[:][0-9A-F]{2}(?=((\s)|(\/)))/ig' -- -octet=$octet manuf.txt

perl -nse 'print if /[0-9A-F]{2}[:][0-9A-F]{2}[:]$octet(?=((\s)|(\/)))/ig' -- -octet=$octet manuf.txt

#Trim things up and make them look neat and tidy
sed -i -E 's/^([0-9A-F]{2}[:][0-9A-F]{2}[:][0-9A-F]{2}[:][0-9A-F]{2}[:][0-9A-F]{2}[:][0-9A-F]{2}).*/\1/g' matches.txt
sed -i -E 's/^([0-9A-F]{2}[:][0-9A-F]{2}[:][0-9A-F]{2})\s.*/\1/ig' matches.txt

#Replace everything after the third octet with the rest of the Mac address for 6 octetc strings
sed -i -E 's/^([0-9A-F]{2}[:][0-9A-F]{2}[:])[0-9A-F]{2}[:][0-9A-F]{2}[:][0-9A-F]{2}[:][0-9A-F]{2}/\1'$octet6'/g' matches.txt

#Replace everything after the third octet with the rest of the Mac address for 3 octetc strings
sed -i -E 's/^([0-9A-F]{2}:[0-9A-F]{2}):[0-9A-F]{2}$/\1:'$octet6'/g' matches.txt

#Remove repeated strings
sed -i '$!N; /^\(.*\)\n\1$/!P; D' matches.txt

​

这并不美观，但它完成了工作，并创建了一个对PoC代码有用的匹配列表