CLH-009

TEXT PROCESSING

< Script House
operator@shadow:~
[SYSTEM] Text processing module loaded
[MISSION] Analyze intercepted server logs and extract intelligence
> Mission: Master cut, sort, uniq, awk, and sed
Type help for available commands.
operator@shadow:~$

CURRENT OBJECTIVE

1
2
3
4
5

EXTRACT: Cut IP Addresses

Use cut to extract the first field (IP addresses) from access.log. Fields are space-delimited.

$ cut -d ' ' -f 1 intel/access.log

ANALYST TOOLKIT

The Mission

You've intercepted server logs from a compromised host. Extract and analyze the data to identify suspicious activity patterns.

cut - Extract Columns

$ cut -d ' ' -f 1 file.txt
-d = delimiter, -f = field number

sort - Order Data

$ sort file.txt
Alphabetical sort

uniq - Find Unique

$ sort file.txt | uniq -c
Count occurrences

awk - Pattern Processing

$ awk -F: '{print $1}' /etc/passwd
Print first column

sed - Stream Editor

$ sed 's/old/new/g' file.txt
Replace text
PIPELINE POWER:

Chain commands: cut -d' ' -f1 log | sort | uniq -c

REMEMBER:

uniq only removes ADJACENT duplicates. Always sort first!