IP analysis shell function

Brian Warehime of nullsecure.org published a new threat intel piece, walking his readers through his analysis of incidents captures through his honeypot. The entire post, http://nullsecure.org/threat-intel-web-crew/, is fantastic and I encourage you to read it top to bottom. One snippet I found incredibly useful was a simple bash shell function that saves a great deal of time when performing IP based analysis.


function ipgrab() { read line; echo $line | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; while read line; do echo $line | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; done echo $line | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; }


Drop this into your .bashrc file and invoke it when analyzing files for IP addresses. For example:
cat /var/log/httpd.log | ipgrab > ips.txt