A command-line security tool for analyzing web server access logs. Detects common attack patterns and generates structured threat reports.
- SQL Injection detection — identifies SQLi patterns in request paths
- Directory traversal detection — flags
../and path manipulation attempts - Vulnerability scanner fingerprinting — detects automated scanner activity by request patterns
- Brute-force detection — identifies IPs with excessive failed authentication attempts
- Top IP ranking — shows most active IPs with brute-force flags
- HTTP status code distribution — visualized with ASCII bar chart
- JSON export — machine-readable report output for further processing
python log_analyzer.py access.log
python log_analyzer.py access.log --top 20
python log_analyzer.py access.log --export report.json=================================================================
SECURITY LOG ANALYSIS REPORT
Generated: 2025-11-14 18:32:01
=================================================================
Total entries : 24,831
Unique IPs : 1,204
HTTP Status Codes:
200: 18,402 ##################
404: 3,221 ###
403: 912 #
Top 5 IPs by Request Count:
192.168.1.105 4,201 requests [!!! BRUTE-FORCE]
10.0.0.22 1,830 requests
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
ALERTS (3)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[!] SQL Injection attempts: 14 requests
[!] Directory traversal attempts: 7 requests
[!] Brute-force suspects: 1 IPs
| Threat | Detection Method |
|---|---|
| SQL Injection | Pattern match on UNION, SELECT, '--, 1=1 in URL path |
| Directory Traversal | Detects ../, %2e%2e, encoded path sequences |
| Scanner Activity | Fingerprints common scanner User-Agents and probe paths |
| Brute Force | IP threshold on 401/403 responses within a time window |
Python 3.10+ — standard library only (no external dependencies)
- Post-incident log forensics
- Continuous monitoring pipeline integration
- Security audit evidence collection
- Learning web attack pattern recognition