forked from zyedidia/highlight
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathnetstat.yaml
30 lines (28 loc) · 1.01 KB
/
netstat.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
filetype: netstat
detect:
filename: "\\.netstat$"
header: "(^Active Internet connections|\\sRecv-Q\\sSend-Q\\sLocal Address)"
rules:
# Scan Title
- magenta: "\\sRecv-Q\\sSend-Q\\sLocal Address.*"
# IP
- yellow: "\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}"
# Ports
- green: "^(\\d+)"
- red: "(\\s+\\d+)/(\\w+).*"
- red: "users:\\(\\(\"[a-zA-Z.0-9-]+\",pid=\\d+,fd=\\d+\\).*"
- magenta: "\\s+([a-zA-Z-]+)$"
# Ports Details
- yellow: "^\\|_?(.*)"
- yellow: "(Service Info|OS details|Device type|Running):\\s.*$"
- constant.number: "(\\b[0-9.]+\\b|\\b0x[0-9A-Fa-f]+\\b)([ms|s|seconds])?(\\s+|$)"
- yellow: "\\d{4}-\\d{2}-\\d{2}\\s\\d{2}:\\d{2}(:\\d{2})?"
- yellow: "\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}"
# hostname
- yellow: "\\s+([a-z-]+\\.)?[a-z-]+\\.[a-z-]+\\.[a-z-]+"
- green: "(tcp)(6)?"
- yellow: "(unix|udp(6)?)"
- green: "(CONNECTED|ESTABLISHED|LISTEN)"
- red: "\\s+SYN_SENT"
- yellow: "pid=\\d+"
- green: "\"[a-zA-Z.0-9-]+\""