From c54d5e308e329333d588fabfd33707a992321f06 Mon Sep 17 00:00:00 2001
From: nick <github@nickhope.world>
Date: Fri, 30 Dec 2022 12:04:53 -0500
Subject: [PATCH] Now lists requesters, associates ips, and sorts requesters by
 frequency

---
 analyze.py | 45 ++++++++++++++++++++++++++++++++++++---------
 1 file changed, 36 insertions(+), 9 deletions(-)

diff --git a/analyze.py b/analyze.py
index ad9a656..304db5d 100644
--- a/analyze.py
+++ b/analyze.py
@@ -1,8 +1,8 @@
 import sys
-import time
+import requests
 
 def main(filename: str):
-    validwords = {
+    validnames = {
         'wp-login.php',
         '.env',
         'plugins/system/debug/debug.xml',
@@ -30,22 +30,49 @@ def main(filename: str):
         'wp-commentin.php',
         'wp-signin.php'
     }
-    for ip, date, time, timezone, status, method, filename in filterwords(filename, validwords):
-        print(f'{ip = }, {date = }, {time = }, {timezone = }, {status = }, {method = }, {filename = }')
+    hitfiles = {}.fromkeys(validnames, 0)
+    requesters = {}
+    ips = {}
+    for ip, date, time, timezone, status, method, file in filterwords(filename, validnames):
+        hitfiles[file] += 1
+
+        if ip in requesters:
+            requesters[ip] += 1
+        else:
+            requesters[ip] = 1
+            latlon = get_ip_latlon(ip)
+            if latlon is not None:
+                ips[ip] = latlon
+
+    print(f'{hitfiles = }')
+    print(f'{requesters = }')
+    print(f'{ips = }')
+    req_list = list(requesters)
+    req_list.sort(key=req_list.count)
+    print(f'{req_list = }')
+
+def get_ip_latlon(ip: str) -> (int, int):
+    # make a reqest to ip-api.com to associate an ip to a
+    # latitude and longitude
+    addr = f'http://ip-api.com/json/{ip}'
+    response = requests.get(addr)
+    resulting_dict = eval(response.content)
+    if resulting_dict['status'] != 'fail':
+        return resulting_dict['lat'], resulting_dict['lon']
 
 def filterwords(filename: str, validnames: set):
     with open(filename, 'r') as f:
         for line in f:
-            ip, timethings, status, method, filename = line.split(',')
-            filename = '/'.join(filename.split('/')[4:]).strip()
+            # IP,YYMMDD hhmmss TIMEZONE,STATUS,METHOD,FILE
+            ip, timethings, status, method, filepath = line.split(',', 4)
+            file = '/'.join(filepath.split('/')[4:]).strip()
             if (
                 status != '200'
                 or method != 'GET'
-                or filename not in validnames
+                or file not in validnames
             ): continue
-            # IP,YYMMDD hhmmss TIMEZONE,STATUS,METHOD,FILE
             date, time, timezone = timethings.split(' ')
-            yield ip, date, time, timezone, status, method, filename
+            yield ip, date, time, timezone, status, method, file
 
 if __name__ == '__main__':
     main(sys.argv[1])
\ No newline at end of file