hi
i have a small project to do in shell script
the instruction are:
Create a script that analyzes HDD and memory files.
functions:
Getting the user input
The user enters mem or hdd, and for the second argument, the filename to
analyze
Function for each filetype
The script runs operations depending on the type of file (HDD/mem).
Available tools: binwalk, foremost, strings, bulk_extractor, volatility
Save results into a file
The file analysis should be saved in the created directory; once finished the file
operation, display the user with the analysis statistics
the script is approximately 70 lines
i already Wrote a script
i sent it to my teacher and he told that i have 2 problems
Your code has errors.
No automations using Volatility.
please if somone can help write a new script or fix mine I will be grateful
#!/bin/bash
function Downloads()
{
echo "File analyzer"
sleep 1.0
echo "We'll start with Downloads"
sudo wget -nc -q downloads.volatilityfoundation.org/releases/2.6/volatility_2.6_lin64_standalone.zip#unzip volatility_2.6_lin64_standalone.zip
sudo apt-get install cmatrix
}
Downloads
function START()
{
read -p "insert the sort of file (mem or hdd): " file
if [[ $file = mem ]]
then
MEM
elif [[ $file = hdd ]]
then
HDD
else
echo "wrong file"
START
fi
}
START
function MEM()
{
read -p "insert the MEM path: " path
cd /home/kali/volatility_2.6_lin64_standalone
mv volatility_2.6_lin64_standalone volatility
./volatility -f $path imageinfo
echo "write your profile"
read profile
echo "your command"
read command
echo "enter the name of your output file"
read file
./volatility -f $path --profile=$profile $command --output-file=$file
}
function HDD()
{
read -p "insert the HDD path: " path
echo " what the name of your output file"
read file
bulk_extractor -o $file $path
foremost $path -o $file
binwalk $path -o $file
}
START
welcome, we trust you find the forum helpful and educational.
can you show specific errors your teacher raised with your code ?
what does 'No automations using Volatility' mean (NB: I have no experience of this tool)
run your script through the shellcheck utility (if not installed search for an online version) and address any/all issues it raises.
once you've done those report back with continuing issues - showing what they are not simply saying you have issues , otherwise we are guessing.
$ shellcheck myscript
Line 21:
read -p "insert the sort of file (mem or hdd): " file
^-- SC2162 (info): read without -r will mangle backslashes.
Line 40:
read -p "insert the MEM path: " path
^-- SC2162 (info): read without -r will mangle backslashes.
Line 42:
cd /home/kali/volatility_2.6_lin64_standalone
^-- SC2164 (warning): Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
Did you mean: (apply this, apply all SC2164)
cd /home/kali/volatility_2.6_lin64_standalone || exit
Line 44:
./volatility -f $path imageinfo
^-- SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean: (apply this, apply all SC2086)
./volatility -f "$path" imageinfo
Line 46:
read profile
^-- SC2162 (info): read without -r will mangle backslashes.
Line 48:
read command
^-- SC2162 (info): read without -r will mangle backslashes.
Line 50:
read file
^-- SC2162 (info): read without -r will mangle backslashes.
Line 51:
./volatility -f $path --profile=$profile $command --output-file=$file
^-- SC2086 (info): Double quote to prevent globbing and word splitting.
^-- SC2086 (info): Double quote to prevent globbing and word splitting.
^-- SC2086 (info): Double quote to prevent globbing and word splitting.
>> ^-- SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean: (apply this, apply all SC2086)
./volatility -f "$path" --profile="$profile" "$command" --output-file="$file"
Line 58:
read -p "insert the HDD path: " path
^-- SC2162 (info): read without -r will mangle backslashes.
Line 60:
read file
^-- SC2162 (info): read without -r will mangle backslashes.
Line 61:
bulk_extractor -o $file $path
^-- SC2086 (info): Double quote to prevent globbing and word splitting.
^-- SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean: (apply this, apply all SC2086)
bulk_extractor -o "$file" "$path"
Line 62:
foremost $path -o $file
^-- SC2086 (info): Double quote to prevent globbing and word splitting.
^-- SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean: (apply this, apply all SC2086)
foremost "$path" -o "$file"
Line 63:
binwalk $path -o $file
^-- SC2086 (info): Double quote to prevent globbing and word splitting.
^-- SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean: (apply this, apply all SC2086)
binwalk "$path" -o "$file"
$
yes i tried to run this but there is an error when i write "mem" in function START
that should call to the MEM function instead it print an error line 24: MEM: command not found