Skip to content

Commit d3d3a9d

Browse files
meramseymeramsey
committed
Add other CMS detection and GET/POST counters
1 parent 38697a0 commit d3d3a9d

File tree

1 file changed

+189
-1
lines changed

1 file changed

+189
-1
lines changed

CPScripts/access-logparser.py

Lines changed: 189 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -200,22 +200,42 @@ def keyfunction(k):
200200
pages = []
201201

202202
# Initialize dictionaries for hit counters
203+
post_request_dict = {}
204+
get_request_dict = {}
203205
wp_login_dict = {}
204206
wp_cron_dict = {}
205207
wp_xmlrpc_dict = {}
206208
wp_admin_ajax_dict = {}
209+
drupal_login_dict = {}
210+
magento_login_dict = {}
211+
joomla_login_dict = {}
212+
vbulletin_login_dict = {}
213+
opencart_login_dict = {}
214+
prestashop_login_dict = {}
207215

208216
# Parse all the lines associated with the day of interest.
209217

210218
for log in logs:
211219
file = os.path.join(path, log)
212220
text = open(file, "r")
221+
post_request_hit_count = 0
222+
get_request_hit_count = 0
213223
wp_login_hit_count = 0
214224
wp_cron_hit_count = 0
215225
wp_xmlrpc_hit_count = 0
216226
wp_admin_ajax_hit_count = 0
227+
drupal_hit_count = 0
228+
magento_hit_count = 0
229+
joomla_hit_count = 0
230+
vbulletin_hit_count = 0
231+
opencart_hit_count = 0
232+
prestashop_hit_count = 0
217233
for line in text:
218234
if apache_day in line:
235+
if re.match("(.*)(POST)(.*)", line):
236+
post_request_hit_count = post_request_hit_count + 1
237+
if re.match("(.*)(GET)(.*)", line):
238+
get_request_hit_count = get_request_hit_count + 1
219239
if re.match("(.*)(wp-login.php)(.*)", line):
220240
wp_login_hit_count = wp_login_hit_count + 1
221241
if re.match("(.*)(wp-cron.php)(.*)", line):
@@ -224,6 +244,18 @@ def keyfunction(k):
224244
wp_xmlrpc_hit_count = wp_xmlrpc_hit_count + 1
225245
if re.match("(.*)(admin-ajax.php)(.*)", line):
226246
wp_admin_ajax_hit_count = wp_admin_ajax_hit_count + 1
247+
if re.match("(.*)(user/login/)(.*)", line):
248+
drupal_hit_count = drupal_hit_count + 1
249+
if re.match("(.*)(admin_[a-zA-Z0-9_]*[/admin/index/index])(.*)", line):
250+
magento_hit_count = magento_hit_count + 1
251+
if re.match("(.*)(/administrator/index.php)(.*)", line):
252+
joomla_hit_count = joomla_hit_count + 1
253+
if re.match("(.*)(admincp)(.*)", line):
254+
vbulletin_hit_count = vbulletin_hit_count + 1
255+
if re.match("(.*)(/admin/index.php)(.*)", line):
256+
opencart_hit_count = opencart_hit_count + 1
257+
if re.match("(.*)(/admin[a-zA-Z0-9_]*$)(.*)", line):
258+
prestashop_hit_count = prestashop_hit_count + 1
227259
m = pattern.match(line)
228260
hit = m.groupdict()
229261
if ispage(hit):
@@ -242,6 +274,12 @@ def keyfunction(k):
242274
# wp_admin_ajax_dict[log] = int(wp_admin_ajax_hit_count)
243275

244276
# Only add hit count to dictionary if not equal to '0'
277+
if post_request_hit_count != '0':
278+
post_request_dict[log] = int(post_request_hit_count)
279+
280+
if get_request_hit_count != '0':
281+
get_request_dict[log] = int(get_request_hit_count)
282+
245283
if wp_login_hit_count != '0':
246284
wp_login_dict[log] = int(wp_login_hit_count)
247285

@@ -254,6 +292,24 @@ def keyfunction(k):
254292
if wp_admin_ajax_hit_count != '0':
255293
wp_admin_ajax_dict[log] = int(wp_admin_ajax_hit_count)
256294

295+
if drupal_hit_count != '0':
296+
drupal_login_dict[log] = int(drupal_hit_count)
297+
298+
if magento_hit_count != '0':
299+
magento_login_dict[log] = int(magento_hit_count)
300+
301+
if joomla_hit_count != '0':
302+
joomla_login_dict[log] = int(joomla_hit_count)
303+
304+
if vbulletin_hit_count != '0':
305+
vbulletin_login_dict[log] = int(vbulletin_hit_count)
306+
307+
if opencart_hit_count != '0':
308+
opencart_login_dict[log] = int(opencart_hit_count)
309+
310+
if prestashop_hit_count != '0':
311+
prestashop_login_dict[log] = int(prestashop_hit_count)
312+
257313
# print(log)
258314
# print("Wordpress Logins => " + str(wp_login_hit_count))
259315
# print("Wordpress wp-cron => " + str(wp_cron_hit_count))
@@ -275,7 +331,39 @@ def keyfunction(k):
275331
print('Accesslog path used: ' + path)
276332
# print(dcpumon_current_log)
277333

278-
# Show the top five pages and the total.
334+
d = post_request_dict
335+
# Using dictionary comprehension to find list
336+
# keys having value in 0 will be removed from results
337+
delete = [key for key in d if d[key] == 0]
338+
339+
# delete the key
340+
for key in delete: del d[key]
341+
342+
print('''Top POST requests for %s''' % the_day.strftime('%b %d, %Y'))
343+
print(' ')
344+
# sort by dictionary by the values and print top 10 {key, value} pairs
345+
for key in sorted(d, key=keyfunction, reverse=True)[:10]:
346+
print(' %5d %s' % (d[key], key))
347+
print(' %5d total hits' % sum(dict.values(d)))
348+
print('============================================')
349+
350+
d = get_request_dict
351+
# Using dictionary comprehension to find list
352+
# keys having value in 0 will be removed from results
353+
delete = [key for key in d if d[key] == 0]
354+
355+
# delete the key
356+
for key in delete: del d[key]
357+
358+
print('''Top GET requests for %s''' % the_day.strftime('%b %d, %Y'))
359+
print(' ')
360+
# sort by dictionary by the values and print top 10 {key, value} pairs
361+
for key in sorted(d, key=keyfunction, reverse=True)[:10]:
362+
print(' %5d %s' % (d[key], key))
363+
print(' %5d total hits' % sum(dict.values(d)))
364+
print('============================================')
365+
366+
# Show the top 10 pages and the total.
279367
print('''
280368
Show top 10 pages %s''' % the_day.strftime('%b %d, %Y'))
281369
pageviews = Counter(x['request'] for x in pages if goodagent(x))
@@ -379,6 +467,106 @@ def keyfunction(k):
379467
print(' %5d total hits' % sum(dict.values(d)))
380468
print('============================================')
381469

470+
d = drupal_login_dict
471+
# Using dictionary comprehension to find list
472+
# keys having value in 0 will be removed from results
473+
delete = [key for key in d if d[key] == 0]
474+
475+
# delete the key
476+
for key in delete: del d[key]
477+
478+
print('''Drupal Login Bruteforcing checks for user/login/ for %s''' % the_day.strftime('%b %d, %Y'))
479+
print(' ')
480+
# sort by dictionary by the values and print top 10 {key, value} pairs
481+
for key in sorted(d, key=keyfunction, reverse=True)[:10]:
482+
print(' %5d %s' % (d[key], key))
483+
print(' %5d total hits' % sum(dict.values(d)))
484+
print('============================================')
485+
486+
d = magento_login_dict
487+
# Using dictionary comprehension to find list
488+
# keys having value in 0 will be removed from results
489+
delete = [key for key in d if d[key] == 0]
490+
491+
# delete the key
492+
for key in delete: del d[key]
493+
494+
print(
495+
'''Magento Login Bruteforcing checks for admin pages /admin_xxxxx/admin/index/index for %s''' % the_day.strftime(
496+
'%b %d, %Y'))
497+
print(' ')
498+
# sort by dictionary by the values and print top 10 {key, value} pairs
499+
for key in sorted(d, key=keyfunction, reverse=True)[:10]:
500+
print(' %5d %s' % (d[key], key))
501+
print(' %5d total hits' % sum(dict.values(d)))
502+
print('============================================')
503+
504+
d = joomla_login_dict
505+
# Using dictionary comprehension to find list
506+
# keys having value in 0 will be removed from results
507+
delete = [key for key in d if d[key] == 0]
508+
509+
# delete the key
510+
for key in delete: del d[key]
511+
512+
print('''Joomla Login Bruteforcing checks for admin pages /administrator/index.php for %s''' % the_day.strftime(
513+
'%b %d, %Y'))
514+
print(' ')
515+
# sort by dictionary by the values and print top 10 {key, value} pairs
516+
for key in sorted(d, key=keyfunction, reverse=True)[:10]:
517+
print(' %5d %s' % (d[key], key))
518+
print(' %5d total hits' % sum(dict.values(d)))
519+
print('============================================')
520+
521+
d = vbulletin_login_dict
522+
# Using dictionary comprehension to find list
523+
# keys having value in 0 will be removed from results
524+
delete = [key for key in d if d[key] == 0]
525+
526+
# delete the key
527+
for key in delete: del d[key]
528+
529+
print('''vBulletin Login Bruteforcing checks for admin pages admincp for %s''' % the_day.strftime('%b %d, %Y'))
530+
print(' ')
531+
# sort by dictionary by the values and print top 10 {key, value} pairs
532+
for key in sorted(d, key=keyfunction, reverse=True)[:10]:
533+
print(' %5d %s' % (d[key], key))
534+
print(' %5d total hits' % sum(dict.values(d)))
535+
print('============================================')
536+
537+
d = opencart_login_dict
538+
# Using dictionary comprehension to find list
539+
# keys having value in 0 will be removed from results
540+
delete = [key for key in d if d[key] == 0]
541+
542+
# delete the key
543+
for key in delete: del d[key]
544+
545+
print('''Opencart Login Bruteforcing checks for admin pages /admin/index.php for %s''' % the_day.strftime(
546+
'%b %d, %Y'))
547+
print(' ')
548+
# sort by dictionary by the values and print top 10 {key, value} pairs
549+
for key in sorted(d, key=keyfunction, reverse=True)[:10]:
550+
print(' %5d %s' % (d[key], key))
551+
print(' %5d total hits' % sum(dict.values(d)))
552+
print('============================================')
553+
554+
d = prestashop_login_dict
555+
# Using dictionary comprehension to find list
556+
# keys having value in 0 will be removed from results
557+
delete = [key for key in d if d[key] == 0]
558+
559+
# delete the key
560+
for key in delete: del d[key]
561+
562+
print('''Prestashop Login Bruteforcing checks for admin pages /adminxxxx for %s''' % the_day.strftime('%b %d, %Y'))
563+
print(' ')
564+
# sort by dictionary by the values and print top 10 {key, value} pairs
565+
for key in sorted(d, key=keyfunction, reverse=True)[:10]:
566+
print(' %5d %s' % (d[key], key))
567+
print(' %5d total hits' % sum(dict.values(d)))
568+
print('============================================')
569+
382570

383571
if __name__ == '__main__':
384572
main()

0 commit comments

Comments
 (0)