View Ron Dilley's profile on LinkedIn

Please donate if you find the tools, scripts and info useful.

BTC: 1GwYToq2AuUWUfJJ7NeCpksfjMth7bw7Tu
LTC: LKh99yzPeXZ7jQgvGgRhkTGReN4TRK4C6p

I have been a system administrator for the better part of two decades and over that period I have written just about every type of script needed to administer an enterprise UNIX environment.  So, I have looked through my scripts directory and have begun to label and organize them for your enjoyment.

Script Name Description D/L Count This script reads Apache web server logs and generates dot files usable in GraphViz. This script reads Symantec A/V logs in syslog format and converts to CSV for processing with visualization tools like Advisor Analyst. This script reads Symantec A/V logs in syslog format and generates a report of most infected hosts by day.  Very handy for locating 'Infested machines'. This is a temp directory scrubber for the paranoid. This script is handy when trying to get a handle on network disk space and who is burning it up. If you are having trouble managing networks with DHCP ranges or just want to know what IP addresses are really being used, this script can help by ping sweeping your network and keeping track of what is out there. This is a simple perl wrapper for extracting data from LDAP This is a wrapper script for tcpflow that will tell you who is using ActiveX on your network.  It is handy to get a handle on what business related sides require ActiveX so you can give them the bad news before you start blocking it at the perimeter. This is a wrapper script for tcpflow that tracks the browser strings. This can be helpful in identifying malicious software
Sucks host and user information out of a Windows system and sends it to a syslog server.  Very handy in a login script.  If you don't feel like compiling it yourself (reporter.exe MD5=5dce36f029a1c667198bfba12b260473) While doing some malware analysis of MyDoom I put together a primitive control program An effective way to supress BOT systems that depend on IRC for command and control, is to hyjack that C&C Tired of scanning your entire class-b network with nmap?  Why not just dump your routing table and use this script to make an nmap friendly network list. This script reads in John the Ripper crack reports and generates a pretty report based on a generic password policy.
pwMarkov.plThis script reads a list of passwords and generates derivative passwords using Markov chains. Collect and process SNMP data This script will sort your password dictionaries from weakest to strongest. This overly complex script will generate handy report of a Sun Solaris box that can be used to auditing or configuration tracking. This script will chew on syslog from you mail relays and tell you all kinds of interesting things. Everyone should go out and buy a Soekris box and build a tarpit!  This script will let you know when someone is spanking your network.
vmd.c The volume monitor daemon (vmd) is the poor mans removable drive monitoring tool for OS/X.  It won't stop the bad guys from copying all of your data onto their iPod, but it will prove that they did it.

Please report issues to

Last Updated: 2013-12-07 @ 1:12pm