Now lists requesters, associates ips, and sorts requesters by frequency
parent
6ae882b509
commit
c54d5e308e
45
analyze.py
45
analyze.py
|
@ -1,8 +1,8 @@
|
|||
import sys
|
||||
import time
|
||||
import requests
|
||||
|
||||
def main(filename: str):
|
||||
validwords = {
|
||||
validnames = {
|
||||
'wp-login.php',
|
||||
'.env',
|
||||
'plugins/system/debug/debug.xml',
|
||||
|
@ -30,22 +30,49 @@ def main(filename: str):
|
|||
'wp-commentin.php',
|
||||
'wp-signin.php'
|
||||
}
|
||||
for ip, date, time, timezone, status, method, filename in filterwords(filename, validwords):
|
||||
print(f'{ip = }, {date = }, {time = }, {timezone = }, {status = }, {method = }, {filename = }')
|
||||
hitfiles = {}.fromkeys(validnames, 0)
|
||||
requesters = {}
|
||||
ips = {}
|
||||
for ip, date, time, timezone, status, method, file in filterwords(filename, validnames):
|
||||
hitfiles[file] += 1
|
||||
|
||||
if ip in requesters:
|
||||
requesters[ip] += 1
|
||||
else:
|
||||
requesters[ip] = 1
|
||||
latlon = get_ip_latlon(ip)
|
||||
if latlon is not None:
|
||||
ips[ip] = latlon
|
||||
|
||||
print(f'{hitfiles = }')
|
||||
print(f'{requesters = }')
|
||||
print(f'{ips = }')
|
||||
req_list = list(requesters)
|
||||
req_list.sort(key=req_list.count)
|
||||
print(f'{req_list = }')
|
||||
|
||||
def get_ip_latlon(ip: str) -> (int, int):
|
||||
# make a reqest to ip-api.com to associate an ip to a
|
||||
# latitude and longitude
|
||||
addr = f'http://ip-api.com/json/{ip}'
|
||||
response = requests.get(addr)
|
||||
resulting_dict = eval(response.content)
|
||||
if resulting_dict['status'] != 'fail':
|
||||
return resulting_dict['lat'], resulting_dict['lon']
|
||||
|
||||
def filterwords(filename: str, validnames: set):
|
||||
with open(filename, 'r') as f:
|
||||
for line in f:
|
||||
ip, timethings, status, method, filename = line.split(',')
|
||||
filename = '/'.join(filename.split('/')[4:]).strip()
|
||||
# IP,YYMMDD hhmmss TIMEZONE,STATUS,METHOD,FILE
|
||||
ip, timethings, status, method, filepath = line.split(',', 4)
|
||||
file = '/'.join(filepath.split('/')[4:]).strip()
|
||||
if (
|
||||
status != '200'
|
||||
or method != 'GET'
|
||||
or filename not in validnames
|
||||
or file not in validnames
|
||||
): continue
|
||||
# IP,YYMMDD hhmmss TIMEZONE,STATUS,METHOD,FILE
|
||||
date, time, timezone = timethings.split(' ')
|
||||
yield ip, date, time, timezone, status, method, filename
|
||||
yield ip, date, time, timezone, status, method, file
|
||||
|
||||
if __name__ == '__main__':
|
||||
main(sys.argv[1])
|
Loading…
Reference in New Issue