Logging terminal session

Logging and replaying your complete terminal session with script

As a penetration tester you really must log all steps you take to make a complete and detailed report for the client. Ofcourse you can’t help that once in a while you miss one step. From my training I got a valuable tip to use the script command for logging complete terminal sessions.

Using the script command

Logging your complete terminal session with “script” records all in and output from your terminal session.

root:~# script log.txt

Displaying the session

The recording contains al formatting and special characters. Simply showing the log with “cat” or “grep” won’t be very nice.

The less command can remove control characters by using the “-Rr” option:

root:~# less -Rr log.txt

Replaying the session

Even better, we can replay the session completely!

First we have to specify that “script” needs to record the timings of the in- and output.

root:~# script --timing=timing.txt log.txt

Now we can replay the session with scriptreplay. Let us speed things up. Replaying at 3x speed with “-d 3.0” and having the maximum wait of 1 second with “-m 1”, so you don’t have to relive the moment completely that you were getting a cup of tea…

root:~# scriptreplay -d 3.0 -m 1 timing.txt log.txt

Recorded Terminal Session

Create animated gif

I you happen to write blog posts, you can even show off and create an animated gif by using a script like this. (Please note: this script uses the $WINDOWID environment variable, my terminal (terminator) does not have this variable set. XTerm does have it by default.)

Wrap up

Yet another tip! Start “script” in your “.profile”, so you record every session and are able to look up anything later on.

You might want to echo the date and time now and then, so you can find your way in the log-file more easily. I have written another blog post about that.