Added a splitter to work with the default Kippo log files and in doing

that fixed a small bug in the username splitter

checkers_available/usernames.rb

@@ -61,12 +61,13 @@ def process_word (password, extras)
 			res = check_it(password, username)
 			unless res.nil?
 				if res['distance'] == 0
-					unless @exact_matches_name.include? username
-						@exact_matches_name << {"name" => username}
+					data = {"name" => username}
+					unless @exact_matches_name.include? data
+						@exact_matches_name << data
 					end
 				else
 					@lev_total_name += res["distance"]
-					if res["distance"] <= @lev_tolerance
+					if res["distance"] <= @lev_tolerance and not (@lev_matches_name.include? res)
 						@lev_matches_name << res
 					end
 				end
@@ -83,10 +84,10 @@ def get_results()
 		ret_str << "Exact Matches\n"
 		ret_str << "-------------\n"
 		if @exact_matches_name.count > 0
-			ret_str << "Total: #{@exact_matches_name.count.to_s}\n\n"
+			ret_str << "Total: #{@exact_matches_name.count.to_s} Unique\n\n"
 
 			@exact_matches_name.sort{|a,b| (a['name'] <=> b['name'])}.each do |match|
-				ret_str << "#{match['name']} #{match['email']}\n"
+				ret_str << "#{match['name']}\n"
 			end
 		else
 			ret_str << "No Exact Matches\n"
@@ -95,14 +96,14 @@ def get_results()
 		ret_str << "\nLevenshtein Results\n"
 		ret_str << "-------------------\n"
 		lev_average = (@lev_total_name.to_f / @total_words_processed).round(2)
-		ret_str << "Average distance (name) #{lev_average}\n"
+		ret_str << "Average distance #{lev_average}\n"
 
 		ret_str << "\nClose Matches\n"
 		ret_str << "-------------\n"
 
 		# Need to sort this then have it obey the cap_at value
 		if @lev_matches_name.count > 0
-			ret_str << "Total: #{@lev_matches_name.count.to_s}\n\n"
+			ret_str << "Total: #{@lev_matches_name.count.to_s} Unique\n\n"
 			@lev_matches_name.sort{|a,b| (a['distance'] <=> b['distance'])}[0, @cap_at].each do |user_pass|
 				ret_str << "D: #{user_pass['distance']} U: #{user_pass['value']} P: #{user_pass['password']}\n"
 			end

pipal.rb

@@ -311,7 +311,7 @@ def list_checkers
 					pbar.inc
 					next
 				end
-				# single threaded
+
 				modules.each do |mod|
 					if !custom_word_splitter.nil?
 						word, extras = Custom_word_splitter::split(line)
@@ -327,16 +327,6 @@ def list_checkers
 					end
 				end
 
-		# Multi-threaded. With just 5 modules this makes the script about 25% slower
-		#		threads = []
-		#		modules.each do |mod|
-		#			threads << Thread.new(line) do |my_line|
-		#				mod.process_word(my_line)
-		#			end
-		#		end
-		#		threads.each do | a_thread | a_thread.join end
-
-
 				pbar.inc
 			rescue ArgumentError => e
 				puts "Encoding problem processing word: " + line

spliters_available/kippo_file.rb

@@ -0,0 +1,29 @@
+# Split the line on a pipe with the format
+# password|username
+#
+# To use this script sym link it to
+# custom_splitter.rb in the main Pipal directory
+
+class Custom_word_splitter
+	def self.split (line)
+		begin
+
+# 2014-07-31 15:37:17+0100 [SSHService ssh-userauth on HoneyPotTransport,1,2.123.133.112] login attempt [root/root] failed
+			if line =~ /^.*login attempt \[([^\]]*)\].*$/
+				creds = $1
+				# Treat everything up to the first / as username and 
+				# everything after as password.
+				# A username could have a / in it but unlikely
+				if creds =~ /^([^\/]*)\/(.*)$/
+					username = $1
+					password = $2
+					return [password, {"username" => username}]
+				end
+			end
+
+			return [nil, {}]
+		rescue
+			return [nil, {}]
+		end
+	end
+end