analyze a web-based network traffic to detect central command and control servers
Python Shell
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
config Remove *.pyc files Jun 30, 2018
core Remove *.pyc files Jun 30, 2018
modules Remove *.pyc files Jun 30, 2018
README.md SquidMagic App Jun 30, 2018
config.ini SquidMagic App Jun 30, 2018
install.sh SquidMagic App Jun 30, 2018
requirements.txt SquidMagic App Jun 30, 2018
squidmagic.py SquidMagic App Jun 30, 2018

README.md

Squidmagic is a tool designed to analyze a web-based network traffic to detect central command and control (C&C) servers and Malicious site, using Squid proxy server and Spamhaus.

Install dependencies

pip install -r requirements.txt

Usage

python squidmagic.py /squid/access.log

                 _     _                       _      
                (_)   | |                     (_)     
 ___  __ _ _   _ _  __| |_ __ ___   __ _  __ _ _  ___ 
/ __|/ _` | | | | |/ _` | '_ ` _ \ / _` |/ _` | |/ __|
\__ \ (_| | |_| | | (_| | | | | | | (_| | (_| | | (__ 
|___/\__, |\__,_|_|\__,_|_| |_| |_|\__,_|\__, |_|\___|
        | |                               __/ |       
        |_|                              |___/        
     Analyzing...

Analyzing by SBL Advisory...
	Spam server detected, ip is 65.182.101.221
Analyzing by SBL_CSS Advisory...
	safe server detected, host or ip is 65.182.101.221
Analyzing by PBL Advisory...
	safe server detected, host or ip is 65.182.101.221