From 41bc816b619d8663cf7aa58e8919706542553469 Mon Sep 17 00:00:00 2001 From: thankgod4rob <189082078+thankgod4rob@users.noreply.github.com> Date: Thu, 12 Mar 2026 02:35:30 -0500 Subject: [PATCH 1/4] added v6 into the sheet --- triage.tsv | 33 +++++++++++++++++++++++++++++++++ triage/network_info.go | 12 ++++++------ 2 files changed, 39 insertions(+), 6 deletions(-) create mode 100644 triage.tsv diff --git a/triage.tsv b/triage.tsv new file mode 100644 index 0000000..011096d --- /dev/null +++ b/triage.tsv @@ -0,0 +1,33 @@ +DESKTOP-DLRMKU3 "Ubuntu +24.04.3 LTS (Noble Numbat)" N/A "eth0 + 172.25.126.210 + +" "## TCPv4 ## +53 + + +## UDPv4 ## +NONE + +## TCPv6 ## +NONE + +## UDPv6 ## +NONE" "root (0, 0, /bin/bash) +sync (4, 65534, /bin/sync) +builder (1000, 1000, /bin/bash) +" "adm (GID: 4) - syslog, builder + +cdrom (GID: 24) - builder + +sudo (GID: 27) - builder + +dip (GID: 30) - builder + +plugdev (GID: 46) - builder + +users (GID: 100) - builder + +docker (GID: 1001) - builder + +" No Firewall! Not Domain Jointed \ No newline at end of file diff --git a/triage/network_info.go b/triage/network_info.go index 71d1bbc..1ee8c74 100644 --- a/triage/network_info.go +++ b/triage/network_info.go @@ -136,7 +136,7 @@ func printNetstat() string { fmt.Print(err) result += "err" } else { - result += "## TCP ##\n" + printSockets("\nTCP IPv4 Sockets:", tcpSocks) + result += "## TCPv4 ##\n" + printSockets("\nTCP IPv4 Sockets:", tcpSocks) } // Get UDP IPv4 sockets udpSocks, err := netstat.UDPSocks(netstat.NoopFilter) @@ -144,23 +144,23 @@ func printNetstat() string { fmt.Print(err) result += "err" } else { - result += "\n## UDP ##\n" + printSockets("\nUDP IPv4 Sockets:", udpSocks) + result += "\n\n## UDPv4 ##\n" + printSockets("\nUDP IPv4 Sockets:", udpSocks) } // Get TCP IPv6 sockets tcp6Socks, err := netstat.TCP6Socks(netstat.NoopFilter) if err != nil { fmt.Print(err) - //result += "err" + result += "err" } else { - printSockets("\nTCP IPv6 Sockets:", tcp6Socks) + result += "\n\n## TCPv6 ##\n" + printSockets("\nTCP IPv6 Sockets:", tcp6Socks) } // Get UDP IPv6 sockets udp6Socks, err := netstat.UDP6Socks(netstat.NoopFilter) if err != nil { fmt.Print(err) - //result += "err" + result += "err" } else { - printSockets("\nUDP IPv6 Sockets:", udp6Socks) + result += "\n\n## UDPv6 ##\n" + printSockets("\nUDP IPv6 Sockets:", udp6Socks) } return "\"" + result + "\"\t" } From 4f39c3a3c60af77d2aa92ca4c167e5979aa70fff Mon Sep 17 00:00:00 2001 From: thankgod4rob <189082078+thankgod4rob@users.noreply.github.com> Date: Thu, 12 Mar 2026 02:48:57 -0500 Subject: [PATCH 2/4] Update .gitignore --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 9fe8afd..e0e01fd 100644 --- a/.gitignore +++ b/.gitignore @@ -32,6 +32,8 @@ build/ # script artifacts /*.csv +/*.tsv +*.tsv *.crt *.key go/ From 2ff1f646442f346553f278ca8f2e9c48632560e8 Mon Sep 17 00:00:00 2001 From: thankgod4rob <189082078+thankgod4rob@users.noreply.github.com> Date: Thu, 12 Mar 2026 02:50:01 -0500 Subject: [PATCH 3/4] Delete triage.tsv --- triage.tsv | 33 --------------------------------- 1 file changed, 33 deletions(-) delete mode 100644 triage.tsv diff --git a/triage.tsv b/triage.tsv deleted file mode 100644 index 011096d..0000000 --- a/triage.tsv +++ /dev/null @@ -1,33 +0,0 @@ -DESKTOP-DLRMKU3 "Ubuntu -24.04.3 LTS (Noble Numbat)" N/A "eth0 - 172.25.126.210 - -" "## TCPv4 ## -53 - - -## UDPv4 ## -NONE - -## TCPv6 ## -NONE - -## UDPv6 ## -NONE" "root (0, 0, /bin/bash) -sync (4, 65534, /bin/sync) -builder (1000, 1000, /bin/bash) -" "adm (GID: 4) - syslog, builder - -cdrom (GID: 24) - builder - -sudo (GID: 27) - builder - -dip (GID: 30) - builder - -plugdev (GID: 46) - builder - -users (GID: 100) - builder - -docker (GID: 1001) - builder - -" No Firewall! Not Domain Jointed \ No newline at end of file From f086af2bd5212167ee3e3fbd15ae8a5470140037 Mon Sep 17 00:00:00 2001 From: Ameya Purao Date: Thu, 12 Mar 2026 18:36:29 -0500 Subject: [PATCH 4/4] sort and remove duplicate ports --- triage/network_info.go | 39 +++++++++++++++++++++++++++++++++------ 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/triage/network_info.go b/triage/network_info.go index 1ee8c74..767c8e7 100644 --- a/triage/network_info.go +++ b/triage/network_info.go @@ -4,6 +4,7 @@ import ( "fmt" "net" "os" + "sort" "github.com/cakturk/go-netstat/netstat" "github.com/charmbracelet/log" @@ -110,17 +111,43 @@ func printAddrs(list []string, msg string) string { } func printSockets(title string, sockets []netstat.SockTabEntry) string { - var result = "" - if len(sockets) > 0 { - fmt.Print(title) - for _, e := range sockets { - if e.State.String() == "LISTEN" && !e.LocalAddr.IP.IsLoopback() { + type entry struct { + port uint16 + process string + } + + var result string + seen := make(map[uint16]bool) + var entries []entry + + for _, e := range sockets { + if e.State.String() == "LISTEN" && !e.LocalAddr.IP.IsLoopback() { + port := e.LocalAddr.Port + + if !seen[port] { + seen[port] = true + entries = append(entries, entry{ + port: port, + process: e.Process.String(), + }) + fmt.Printf("%s %s %d %s\n", e.LocalAddr.String(), e.State.String(), e.UID, e.Process) - result += fmt.Sprintf("%d\t%s\n", e.LocalAddr.Port, e.Process) } } } + if len(entries) > 0 { + fmt.Print(title) + + sort.Slice(entries, func(i, j int) bool { + return entries[i].port < entries[j].port + }) + + for _, e := range entries { + result += fmt.Sprintf("%d\t%s\n", e.port, e.process) + } + } + if len(result) == 0 { result = "NONE" }