mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-15 17:28:13 +00:00
973 B
973 B
USB logs analysis
USBrip
usbrip is a small piece of software written in pure Python 3 which parses Linux log files `/var/log/syslog*` or `/var/log/messages*` depending on the distro
for constructing USB event history tables.
It is interesting to know all the USBs that have been used and it will be more usefull if you have an authorized list of USB to find "violation events" the use of USBs that aren't inside that list
.
Installation
pip3 install usbrip
usbrip ids download #Downloal USB ID database
Examples
usbrip events history #Get USB history of your curent linux machine
usbrip events history --pid 0002 --vid 0e0f --user kali #Search by pid OR vid OR user
#Search for vid and/or pid
usbrip ids download #Downlaod database
usbrip ids search --pid 0002 --vid 0e0f #Search for pid AND vid
More examples and info inside the github: https://github.com/snovvcrash/usbrip