ShellOpsLog : A Lightweight Command Logger

ShellOpsLog is a versatile tool designed to capture and log all executed commands during various operations, such as red and purple team engagements.

It provides a lightweight solution for tracking command history without recording their output. The logged commands are saved in a CSV file, making it easy to analyze and include in client deliverables or internal reviews.

Key Features

Portability: ShellOpsLog functions are portable, allowing deployment on remote hosts via SSH or RDP, providing flexibility in logging commands across different environments.
CSV Output: Logs are saved in a CSV format with columns for Timestamp, User, Path, and Command, facilitating easy review and analysis.
Responsibility: Users are reminded to be responsible for their actions when using this tool.

ShellOpsLog offers two primary implementations:

Bash/Zsh Version (ShellOpsLog.sh):
- Utilizes shell hooks like PROMPT_COMMAND in Bash or preexec in Zsh to log commands in Unix-based shells.
- Usage:
  - Place the script in your filesystem or clone the repository.
  - Add source /path/to/ShellOpsLog.sh to your shell startup file (e.g., ~/.bashrc or ~/.zshrc).
  - Open a new terminal and manually call or uncomment the auto-start line at the bottom of the script.
  - Optionally specify a custom log directory with start_operation_log ~/Projects/MyClient.
  - Stop logging with stop_operation_log.
PowerShell Version (Microsoft.PowerShell_profile.ps1):
- Automatically logs commands in PowerShell sessions.
- Usage:
  - Copy the script into your PowerShell profile file.
  - If the file doesn’t exist, create it with New-Item -ItemType File -Path $PROFILE -Force.
  - Restart PowerShell or open a new tab.
  - Manually call or uncomment the auto-start line.
  - Optionally specify a custom log directory with Start-OperationLog "C:\Projects\MyClient".
  - Stop logging with Stop-OperationLog.

While CMD support is available, it currently has limitations and is slated for updates in the future.

ShellOpsLog provides a simple yet effective way to track command history across different shell environments, making it a valuable tool for maintaining a clear record of activities during various operational engagements.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.