- 论坛徽章:
- 4
|
本帖最后由 方兆国儿 于 2016-12-06 14:47 编辑
- zip -r cu.zip cu
- adding: cu/ (stored 0%)
- adding: cu/cu.sh (deflated 57%)
- adding: cu/cu.txt (deflated 79%)
复制代码
cu.zip
(1.99 KB, 下载次数: 19)
为方便大家,相关内容已压入附件,多谢。
大家都强调我的数据类型不完整,在此重新统计,以下文为例:
- cat cu.txt
- Dec 2 10:12:19 ooxx-term[2060]: ooxx_pool/s1 200 {Mac+OS+X/10.12.1 (16B2555) CalendarAgent/384} "CONNECT p11-caldav.icloud.com:443 HTTP/1.1"
- Dec 2 10:12:21 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "GET http://www.ipip.net/ HTTP/1.1"
- Dec 2 10:12:23 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "CONNECT wx.qq.com:443 HTTP/1.1"
- Dec 2 10:12:25 ooxx-term[2060]: ooxx_pool/s1 200 {trustd (unknown version) CFNetwork/807.1.3 Darwin/16.1.0 (x86_64)} "GET http://gn.symcd.com/MFYwVKADAgEAME0wSzBJMAkGBSsOAwIaBQAEFLGLCwGXUwcsdDfSnbPhjaNszlfgBBTSb%2FeW9IU%2FcjwwfSPahXibo3xafAIQa1D5LH%2BKMjI0sFeAEoCizQ%3D%3D HTTP/1.1"
- Dec 2 10:12:26 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "CONNECT js.aq.qq.com:443 HTTP/1.1"
- Dec 2 10:12:26 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "CONNECT res.wx.qq.com:443 HTTP/1.1"
- Dec 2 10:12:26 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "GET http://bbs.chinaunix.net/ HTTP/1.1"
- Dec 2 10:12:27 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "GET http://bbs.chinaunix.net/data/cache/style_3_common.css?HLC HTTP/1.1"
- Dec 2 10:12:27 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "GET http://bbs.chinaunix.net/data/cache/style_3_forum_index.css?HLC HTTP/1.1"
- Dec 2 10:12:27 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "GET http://bbs.chinaunix.net/static/js/common.js?HLC HTTP/1.1"
- Dec 2 10:12:28 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "CONNECT res.wx.qq.com:443 HTTP/1.1"
- Dec 2 10:20:16 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "CONNECT im.mukewang.com:80 HTTP/1.1"
- Dec 2 10:20:16 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "GET http://coding.imooc.com/static/lib/login-regist/tpl/erweima.js?v=201611280061 HTTP/1.1"
- Dec 2 10:20:16 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "GET http://szimg.mukewang.com/57ea56bd0001f6cb01400140-200-200.jpg HTTP/1.1"
- Dec 2 10:20:17 ooxx-term[2060]: ooxx_pool/s1 200 {trustd (unknown version) CFNetwork/807.1.3 Darwin/16.1.0 (x86_64)} "GET http://ocsp.comodoca.com/MFYwVKADAgEAME0wSzBJMAkGBSsOAwIaBQAEFHrhPuigxCostCjL56YFRhlA4qHpBBSQr2o6lFoL2JDqElZz30O0Oija5wIQVY0%2F9sceAGHVl7iNuX8gzA%3D%3D HTTP/1.1"
- Dec 2 10:20:53 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "POST http://python.jobbole.com/wp-admin/admin-ajax.php HTTP/1.1"
- Dec 2 10:21:31 ooxx-term[2060]: ooxx_pool/s1 200 {trustd (unknown version) CFNetwork/807.1.3 Darwin/16.1.0 (x86_64)} "GET http://g.symcd.com/MEkwR6ADAgEAMEAwPjA8MAkGBSsOAwIaBQAEFLG0OReQFreXeVAR8WC51KI82%2B3uBBQA%2BSrDQZG2ycK4PlXywJcRE6AHIAIDAjp3 HTTP/1.1"
- Dec 2 10:12:31 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "GET http://cu.img168.net/static/image/common/tubiao/common_283_icon.png HTTP/1.1"
- Dec 2 10:12:31 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "GET http://cu.img168.net/static/image/common//logo.gif HTTP/1.1"
- Dec 2 10:12:31 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "GET http://cu.img168.net/static/image/common/tubiao/common_233_icon.png HTTP/1.1"
- Dec 2 10:12:31 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "GET http://bbs.chinaunix.net/data/attachment/common/icon/clearcase.gif HTTP/1.1"
- Dec 2 10:14:00 ooxx-term[2060]: ooxx_pool/s1 200 {trustd (unknown version) CFNetwork/807.1.3 Darwin/16.1.0 (x86_64)} "GET http://ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISA5qXFMT5ISpagmnHsXfXtpIF HTTP/1.1"
- Dec 2 10:16:56 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "GET http://www.wooyun.org/favicon.ico HTTP/1.1"
- Dec 2 10:17:46 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "CONNECT dn-linuxcn.qbox.me:443 HTTP/1.1"
- Dec 2 10:19:05 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "CONNECT www.bell.ca:443 HTTP/1.1"
- Dec 2 10:19:15 ooxx-term[2060]: ooxx_pool/s1 200 {trustd (unknown version) CFNetwork/807.1.3 Darwin/16.1.0 (x86_64)} "GET http://support.typora.io//MEcwRaADAgEAMD4wPDA6MAkGBSsOAwIaBQAEFB0jb44GS5cf3d%2BhFSPhruUCvisbBBQ6moUHEGcotu%2F2vQVBbiDBlNoP3gIBBw%3D%3D HTTP/1.1"
- Dec 2 10:23:53 ooxx-term[2060]: ooxx_pool/s1 200 {Mozilla/5.0 (Macintosh; Int el Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36} "GET https://www.iperf.fr/recv/gs.gif?gsver=3.4.0.4&gscmd=hb&gssrvid=GWD-000673&gsuid=80 6453484s4rbw17&gssid=80645348ochre617&pvid=806453487gf4rf17&gsltime=1480674232289&gstmzone=8&rd =4r45p&pld=84&gsst=0&gswh=734 HTTP/1.1"
复制代码
如下是我的输出结果:
- cat cu.sh
- #!/bin/sh
- #
- cat cu.txt |sort |uniq|egrep -i 'get|post|connect'|cut -d'"' -f2|cut -d' ' -f2|sort|uniq>out.txt
- cat out.txt|grep -i '^http'>http.txt
- cat out.txt|grep -iv '^http'>nohttp.txt
- cat http.txt|cut -d'/' -f3|sort|uniq|awk -F'.' '{print "."$(NF-1)"."$NF}'|sort|uniq>out1.txt
- cat nohttp.txt|cut -d':' -f1|awk -F'.' '{print "."$(NF-1)"."$NF}'>out2.txt
- cat out1.txt out2.txt >ooxx.txt
- cat ooxx.txt|sort|uniq>result.txt
- rm ./out.txt
- rm ./http.txt
- rm ./nohttp.txt
- rm ./out1.txt
- rm ./out2.txt
- rm ./ooxx.txt
复制代码- sh cu.sh
- wc -l result.txt
- 16 result.txt
- more result.txt
- .bell.ca
- .chinaunix.net
- .comodoca.com
- .icloud.com
- .img168.net
- .imooc.com
- .iperf.fr
- .ipip.net
- .jobbole.com
- .letsencrypt.org
- .mukewang.com
- .qbox.me
- .qq.com
- .symcd.com
- .typora.io
- .wooyun.org
复制代码
回复 13# yinyuemi- awk 'match($0,/.*"(GET|POST|CONNECT) ([^ ]+)/,a){match(a[2],/.*(\.[^.]+\.(net|com))/,b);if(!c[b[1]]++)print b[1]}' cu.txt
- .icloud.com
- .ipip.net
- .qq.com
- .symcd.com
- .chinaunix.net
- .mukewang.com
- .imooc.com
- .comodoca.com
- .jobbole.com
- .img168.net
复制代码
- awk 'match($0,/.*"(GET|POST|CONNECT) ([^ ]+)/,a){match(a[2],/.*(\.[^.]+\.(net|com))/,b);if(!c[b[1]]++)print b[1]}' cu.txt|wc -l
- 11
复制代码
回复 5# moperyblue
- awk '$(NF-2)~/get|post|connect/{match($(NF-1),/(http:\/\/)?[^/]*((\.[^/]*){2})[/:].*/,a)}!b[a[2]]++{print a[2]}' IGNORECASE=1 cu.txt
- .icloud.com
- .ipip.net
- .qq.com
- .symcd.com
- .chinaunix.net
- .mukewang.com
- .imooc.com
- .comodoca.com
- .jobbole.com
- .img168.net
- .letsencrypt.org
- .wooyun.org
- .qbox.me
- .bell.ca
- .typora.io
复制代码- awk '$(NF-2)~/get|post|connect/{match($(NF-1),/(http:\/\/)?[^/]*((\.[^/]*){2})[/:].*/,a)}!b[a[2]]++{print a[2]}' IGNORECASE=1 cu.txt|wc -l
- 15
复制代码
回复 6# sunzhiguolu
- perl -ne '{$h{"$1\n"}++ if(/((?>\.\w+){2})(?=:|\/)/)}END{print keys %h}' cu.txt
- .qbox.me
- .mukewang.com
- .typora.io
- .iperf.fr
- .ipip.net
- .symcd.com
- .wooyun.org
- .imooc.com
- .jobbole.com
- .img168.net
- .qq.com
- .bell.ca
- .comodoca.com
- .letsencrypt.org
- .icloud.com
- .chinaunix.net
复制代码- perl -ne '{$h{"$1\n"}++ if(/((?>\.\w+){2})(?=:|\/)/)}END{print keys %h}' cu.txt|wc -l
- 16
- 您的结果准确无误,唯在下不才,用不起perl而已,非是对语言有偏见,此事需讲明。对仁兄的宽广胸襟,在下深感敬佩,如有失礼之处,忘您勿怪责个。
复制代码
|
|