Now lists requesters, associates ips, and sorts requesters by frequency
parent
6ae882b509
commit
c54d5e308e
45
analyze.py
45
analyze.py
|
@ -1,8 +1,8 @@
|
||||||
import sys
|
import sys
|
||||||
import time
|
import requests
|
||||||
|
|
||||||
def main(filename: str):
|
def main(filename: str):
|
||||||
validwords = {
|
validnames = {
|
||||||
'wp-login.php',
|
'wp-login.php',
|
||||||
'.env',
|
'.env',
|
||||||
'plugins/system/debug/debug.xml',
|
'plugins/system/debug/debug.xml',
|
||||||
|
@ -30,22 +30,49 @@ def main(filename: str):
|
||||||
'wp-commentin.php',
|
'wp-commentin.php',
|
||||||
'wp-signin.php'
|
'wp-signin.php'
|
||||||
}
|
}
|
||||||
for ip, date, time, timezone, status, method, filename in filterwords(filename, validwords):
|
hitfiles = {}.fromkeys(validnames, 0)
|
||||||
print(f'{ip = }, {date = }, {time = }, {timezone = }, {status = }, {method = }, {filename = }')
|
requesters = {}
|
||||||
|
ips = {}
|
||||||
|
for ip, date, time, timezone, status, method, file in filterwords(filename, validnames):
|
||||||
|
hitfiles[file] += 1
|
||||||
|
|
||||||
|
if ip in requesters:
|
||||||
|
requesters[ip] += 1
|
||||||
|
else:
|
||||||
|
requesters[ip] = 1
|
||||||
|
latlon = get_ip_latlon(ip)
|
||||||
|
if latlon is not None:
|
||||||
|
ips[ip] = latlon
|
||||||
|
|
||||||
|
print(f'{hitfiles = }')
|
||||||
|
print(f'{requesters = }')
|
||||||
|
print(f'{ips = }')
|
||||||
|
req_list = list(requesters)
|
||||||
|
req_list.sort(key=req_list.count)
|
||||||
|
print(f'{req_list = }')
|
||||||
|
|
||||||
|
def get_ip_latlon(ip: str) -> (int, int):
|
||||||
|
# make a reqest to ip-api.com to associate an ip to a
|
||||||
|
# latitude and longitude
|
||||||
|
addr = f'http://ip-api.com/json/{ip}'
|
||||||
|
response = requests.get(addr)
|
||||||
|
resulting_dict = eval(response.content)
|
||||||
|
if resulting_dict['status'] != 'fail':
|
||||||
|
return resulting_dict['lat'], resulting_dict['lon']
|
||||||
|
|
||||||
def filterwords(filename: str, validnames: set):
|
def filterwords(filename: str, validnames: set):
|
||||||
with open(filename, 'r') as f:
|
with open(filename, 'r') as f:
|
||||||
for line in f:
|
for line in f:
|
||||||
ip, timethings, status, method, filename = line.split(',')
|
# IP,YYMMDD hhmmss TIMEZONE,STATUS,METHOD,FILE
|
||||||
filename = '/'.join(filename.split('/')[4:]).strip()
|
ip, timethings, status, method, filepath = line.split(',', 4)
|
||||||
|
file = '/'.join(filepath.split('/')[4:]).strip()
|
||||||
if (
|
if (
|
||||||
status != '200'
|
status != '200'
|
||||||
or method != 'GET'
|
or method != 'GET'
|
||||||
or filename not in validnames
|
or file not in validnames
|
||||||
): continue
|
): continue
|
||||||
# IP,YYMMDD hhmmss TIMEZONE,STATUS,METHOD,FILE
|
|
||||||
date, time, timezone = timethings.split(' ')
|
date, time, timezone = timethings.split(' ')
|
||||||
yield ip, date, time, timezone, status, method, filename
|
yield ip, date, time, timezone, status, method, file
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
main(sys.argv[1])
|
main(sys.argv[1])
|
Loading…
Reference in New Issue