Skip to content

Instantly share code, notes, and snippets.

@shoghicp

shoghicp/analysis.sh

Last active April 6, 2022 02:52
Show Gist options
  • Save shoghicp/2b93ac93664561c0e9e4 to your computer and use it in GitHub Desktop.
Save shoghicp/2b93ac93664561c0e9e4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
analysis.sh
#!/bin/bash
#PocketMine automatic analysis tool
echo "[*] PocketMine automatic analysis tool"
cat > ttyecho.c <<'TTYECHO'
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
#include <string.h>
#include <unistd.h>
void print_help(char *prog_name) {
printf("Usage: %s [-n] DEVNAME COMMAND\n", prog_name);
printf("Usage: '-n' is an optional argument if you want to push a new line at the end of the text\n");
printf("Usage: Will require 'sudo' to run if the executable is not setuid root\n");
exit(1);
}
int main (int argc, char *argv[]) {
char *cmd, *nl = "\n";
int i, fd;
int devno, commandno, newline;
int mem_len;
devno = 1; commandno = 2; newline = 0;
if (argc < 3) {
print_help(argv[0]);
}
if (argc > 3 && argv[1][0] == '-' && argv[1][1] == 'n') {
devno = 2; commandno = 3; newline=1;
} else if (argc > 3 && argv[1][0] == '-' && argv[1][1] != 'n') {
printf("Invalid Option\n");
print_help(argv[0]);
}
fd = open(argv[devno],O_RDWR);
if(fd == -1) {
perror("open DEVICE");
exit(1);
}
mem_len = 0;
for ( i = commandno; i < argc; i++ ) {
mem_len += strlen(argv[i]) + 2;
if ( i > commandno ) {
cmd = (char *)realloc((void *)cmd, mem_len);
} else { //i == commandno
cmd = (char *)malloc(mem_len);
}
strcat(cmd, argv[i]);
strcat(cmd, " ");
}
if (newline == 0)
usleep(225000);
for (i = 0; cmd[i]; i++)
ioctl (fd, TIOCSTI, cmd+i);
if (newline == 1)
ioctl (fd, TIOCSTI, nl);
close(fd);
free((void *)cmd);
exit (0);
}
TTYECHO
gcc -o ttyecho ttyecho.c
PM_PID=$(pgrep -f PocketMine | tail -n 1)
if [ "$PM_PID" == "" ]; then
PM_PID=$(pgrep php | tail -n 1)
fi
if [ "$PM_PID" == "" ]; then
echo "Could not find PocketMine! Is it currently running?"
exit 1
fi
echo "[+] Got pid ${PM_PID}"
echo "## PocketMine analysis tool $(date) ##" > analysis.log
echo >> analysis.log
echo "[*] Writing generic information..."
echo >> analysis.log
echo "- Process Information -" >> analysis.log
#Lists all threads running on PocketMine
ps aux | grep ${PM_PID} | grep -v grep >> analysis.log
echo >> analysis.log
echo "- File and resources opened -" >> analysis.log
echo >> analysis.log
#Lists files used by PocketMine
lsof -oc php | grep ${PM_PID} >> analysis.log
echo >> analysis.log
echo "- Thread list -" >> analysis.log
echo >> analysis.log
#Lists all threads running on PocketMine
ps -eLf | grep ${PM_PID} | grep -v grep >> analysis.log
echo >> analysis.log
echo "- Advanced information (Status) -" >> analysis.log
echo >> analysis.log
cat /proc/${PM_PID}/status >> analysis.log
echo >> analysis.log
echo "- Advanced information (Maps) -" >> analysis.log
echo >> analysis.log
cat /proc/${PM_PID}/maps >> analysis.log
echo >> analysis.log
echo "- Advanced information (IO) -" >> analysis.log
echo >> analysis.log
cat /proc/${PM_PID}/io >> analysis.log
echo >> analysis.log
echo "- Advanced information (Limits) -" >> analysis.log
echo >> analysis.log
cat /proc/${PM_PID}/limits >> analysis.log
rm /proc/${PM_PID}/cwd/timings/timings.txt 2> /dev/null
if [ "$(id -u)" != "0" ]; then
echo "[!] We require root (sudo) to output to the PocketMine terminal"
fi
sudo ./ttyecho -n /proc/${PM_PID}/fd/0 say Starting automatic analysis 2>/dev/null #Clears any other command
echo "[*] Reading timings..."
sudo ./ttyecho -n /proc/${PM_PID}/fd/0 timings on 2>/dev/null
sleep 10
sudo ./ttyecho -n /proc/${PM_PID}/fd/0 timings report 2>/dev/null
sleep 2
echo >> analysis.log
echo "- Timings report (~10s) -" >> analysis.log
echo >> analysis.log
cat /proc/${PM_PID}/cwd/timings/timings.txt 2>/dev/null >> analysis.log
echo "[*] Getting server files..."
echo >> analysis.log
echo "- Plugins list -" >> analysis.log
echo >> analysis.log
ls -lh /proc/${PM_PID}/cwd/plugins/ >> analysis.log
echo >> analysis.log
echo "- Worlds list -" >> analysis.log
echo >> analysis.log
ls -lh /proc/${PM_PID}/cwd/worlds/ >> analysis.log
echo >> analysis.log
echo "- server.properties -">> analysis.log
echo >> analysis.log
cat /proc/${PM_PID}/cwd/server.properties | grep -v rcon.password >> analysis.log
echo >> analysis.log
echo "- pocketmine.yml -" >> analysis.log
echo >> analysis.log
cat /proc/${PM_PID}/cwd/pocketmine.yml >> analysis.log
echo "[*] Reading server information..."
sudo ./ttyecho -n /proc/${PM_PID}/fd/0 help 2>/dev/null
sudo ./ttyecho -n /proc/${PM_PID}/fd/0 version 2>/dev/null
sudo ./ttyecho -n /proc/${PM_PID}/fd/0 list 2>/dev/null
sudo ./ttyecho -n /proc/${PM_PID}/fd/0 plugins 2>/dev/null
sleep 3
echo >> analysis.log
echo "- server.log -" >> analysis.log
echo >> analysis.log
tail -q -n 400 /proc/${PM_PID}/cwd/server.log >> analysis.log
rm ttyecho.c ttyecho 2>/dev/null
echo "[+] Analysis completed! Please upload analysis.log somewhere"
Raw
analysisHangUp.sh
#!/bin/bash
#PocketMine automatic analysis tool
echo "[*] PocketMine automatic hang-up analysis tool"
PM_PID=$(pgrep -f PocketMine | tail -n 1)
if [ "$PM_PID" == "" ]; then
PM_PID=$(pgrep php | tail -n 1)
fi
if [ "$PM_PID" == "" ]; then
echo "Could not find PocketMine! Is it currently running?"
exit 1
fi
echo "[+] Got pid ${PM_PID}"
echo "## PocketMine analysis tool $(date) ##" > analysis.log
echo >> analysis.log
echo "[*] Writing generic information..."
echo >> analysis.log
echo "- Process Information -" >> analysis.log
#Lists all threads running on PocketMine
ps aux | grep ${PM_PID} | grep -v grep >> analysis.log
echo >> analysis.log
echo "- File and resources opened -" >> analysis.log
echo >> analysis.log
#Lists files used by PocketMine
lsof -oc php | grep ${PM_PID} >> analysis.log
echo >> analysis.log
echo "- Thread list -" >> analysis.log
echo >> analysis.log
#Lists all threads running on PocketMine
ps -eLf | grep ${PM_PID} | grep -v grep >> analysis.log
echo >> analysis.log
echo "- Advanced information (Status) -" >> analysis.log
echo >> analysis.log
cat /proc/${PM_PID}/status >> analysis.log
echo >> analysis.log
echo "- Advanced information (Maps) -" >> analysis.log
echo >> analysis.log
cat /proc/${PM_PID}/maps >> analysis.log
echo >> analysis.log
echo "- Advanced information (IO) -" >> analysis.log
echo >> analysis.log
cat /proc/${PM_PID}/io >> analysis.log
echo >> analysis.log
echo "- Advanced information (Limits) -" >> analysis.log
echo >> analysis.log
cat /proc/${PM_PID}/limits >> analysis.log
if [ "$(id -u)" != "0" ]; then
echo "[!] We require root (sudo) to attach to the PocketMine process"
fi
echo >> analysis.log
echo "- Process trace -" >> analysis.log
echo >> analysis.log
echo "[*] Attaching trace..."
sudo strace -s 80 -x -p ${PM_PID} 2>> analysis.log > /dev/null &
STRACE_PID=$!
echo "[*] Reading trace..."
sleep 15
sudo kill ${STRACE_PID}
echo "[*] Getting server files..."
echo >> analysis.log
echo "- Plugins list -" >> analysis.log
echo >> analysis.log
ls -lh /proc/${PM_PID}/cwd/plugins/ >> analysis.log
echo >> analysis.log
echo "- server.properties -">> analysis.log
echo >> analysis.log
cat /proc/${PM_PID}/cwd/server.properties | grep -v rcon.password >> analysis.log
echo >> analysis.log
echo "- pocketmine.yml -" >> analysis.log
echo >> analysis.log
cat /proc/${PM_PID}/cwd/pocketmine.yml >> analysis.log
echo >> analysis.log
echo "- server.log -" >> analysis.log
echo >> analysis.log
tail -q -n 80 /proc/${PM_PID}/cwd/server.log >> analysis.log
echo "[+] Analysis completed! Please upload analysis.log somewhere"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment