Now lists requesters, associates ips, and sorts requesters by frequency

2022-12-30 12:04:53 -05:00 · 2022-12-30 12:04:53 -05:00 · c54d5e308e
parent 6ae882b509
commit c54d5e308e
1 changed files with 36 additions and 9 deletions
--- a/analyze.py
+++ b/analyze.py
@ -1,8 +1,8 @@
 import sys
-import time
+import requests

 def main(filename: str):
-    validwords = {
+    validnames = {
        'wp-login.php',
        '.env',
        'plugins/system/debug/debug.xml',
@ -30,22 +30,49 @@ def main(filename: str):
        'wp-commentin.php',
        'wp-signin.php'
    }
-    for ip, date, time, timezone, status, method, filename in filterwords(filename, validwords):
-        print(f'{ip = }, {date = }, {time = }, {timezone = }, {status = }, {method = }, {filename = }')
+    hitfiles = {}.fromkeys(validnames, 0)
+    requesters = {}
+    ips = {}
+    for ip, date, time, timezone, status, method, file in filterwords(filename, validnames):
+        hitfiles[file] += 1
+
+        if ip in requesters:
+            requesters[ip] += 1
+        else:
+            requesters[ip] = 1
+            latlon = get_ip_latlon(ip)
+            if latlon is not None:
+                ips[ip] = latlon
+
+    print(f'{hitfiles = }')
+    print(f'{requesters = }')
+    print(f'{ips = }')
+    req_list = list(requesters)
+    req_list.sort(key=req_list.count)
+    print(f'{req_list = }')
+
+def get_ip_latlon(ip: str) -> (int, int):
+    # make a reqest to ip-api.com to associate an ip to a
+    # latitude and longitude
+    addr = f'http://ip-api.com/json/{ip}'
+    response = requests.get(addr)
+    resulting_dict = eval(response.content)
+    if resulting_dict['status'] != 'fail':
+        return resulting_dict['lat'], resulting_dict['lon']

 def filterwords(filename: str, validnames: set):
    with open(filename, 'r') as f:
        for line in f:
-            ip, timethings, status, method, filename = line.split(',')
-            filename = '/'.join(filename.split('/')[4:]).strip()
+            # IP,YYMMDD hhmmss TIMEZONE,STATUS,METHOD,FILE
+            ip, timethings, status, method, filepath = line.split(',', 4)
+            file = '/'.join(filepath.split('/')[4:]).strip()
            if (
                status != '200'
                or method != 'GET'
-                or filename not in validnames
+                or file not in validnames
            ): continue
-            # IP,YYMMDD hhmmss TIMEZONE,STATUS,METHOD,FILE
            date, time, timezone = timethings.split(' ')
-            yield ip, date, time, timezone, status, method, filename
+            yield ip, date, time, timezone, status, method, file

 if __name__ == '__main__':
    main(sys.argv[1])