#!/usr/bin/env python
import os, sys
print "*** Dyre Config Dumper, by @iHeartMalware ***"

try:
	memory_dump = sys.argv[1]
	if sys.argv[1] == "-h" or sys.argv[1] == "--help":
		print "Usage: python " + sys.argv[0] + " <dumpFile> [-c for configs]\n"
		sys.exit()

except: 
	print "Usage: python " + sys.argv[0] + " <dumpFile> [-c for long configs]\n"
	sys.exit()

print "### Dyre Campaign ID ###"
os.system("strings " + memory_dump + " | grep \"/ HTTP/1.1\" | awk '{print $2}' | awk -F/ '{print $2}' | sed 's/1\.1//g' | sort | uniq")

print "### Dyre IP addresses ###\nNote: These may need to be checked as memory can make things\nappear wonky or good IP's may be in here"
os.system("strings " + memory_dump + " | grep \":443\|:4443\" | awk -F: '{print $1}' | sed 's/<saddr>//' | sed 's/\ //g' | sort | uniq")

try:
	if sys.argv[2] == "-c":

		print "### Dyre Short Configs ###"
		os.system("strings " + memory_dump + " | grep  \"litem\|saddr\|localitems\|srvname\|rpci\|dpsrv\|<ssq>\" -A5 -B5 | sort | uniq")

		print "### Dyre Long Config ###"
		os.system("strings " + memory_dump + " | grep  \"litem\|saddr\|localitems\|srvname\|rpci\|dpsrv\|<ssq>\" -A5 -B5")

except:
	pass