Posted By

Affix on 12/18/10


Tagged

apache


Versions (?)

Apache Log File Analyzer


 / Published in: Perl
 

  1. #!/usrb/bin/perl
  2. # _ __ __ _ __ __ _____
  3. # / \ / _|/ _(_)_ __ | \/ | ____|
  4. # / _ \ | |_| |_| \ \/ / | |\/| | _|
  5. # / ___ \| _| _| |> < _| | | | |___
  6. # /_/ \_\_| |_| |_/_/\_(_)_| |_|_____|
  7. #
  8. # Title : Apache Log File Analyzer
  9. # Author : Affix <[email protected]>
  10. # Website : http://Affix.ME
  11. # License : GNU/GPL V3
  12. # Description : Analyzes Apache Log files
  13. # to determine possible vulnerabilities and
  14. # output a HTML log file highlighting the most
  15. # serious attempts.
  16.  
  17. #################################################
  18. #### DO NOT EDIT BELOW THIS LINE ####
  19. #################################################
  20.  
  21. open(FILE, $ARGV[0]) or die $!;
  22.  
  23. my @lines = <FILE>;
  24.  
  25. my $i = 0;
  26. my $errors = 0;
  27. my $fileError = 0;
  28. my $phpError = 0;
  29. my $forbidError = 0;
  30. my $rlfi = 0;
  31. my $sqli = 0;
  32. my $xss = 0;
  33. my @vuln;
  34. my @php;
  35. my @file;
  36.  
  37. while($i <= scalar(@lines))
  38. {
  39. if(index($lines[$i], "[error]") != -1)
  40. {
  41. if(index($lines[$i], "File does not exist:") != -1)
  42. {
  43. push(@file, $lines[$i]);
  44. $fileError++
  45. }
  46. if(index($lines[$i], "PHP ") != -1)
  47. {
  48. push(@php, $lines[$i]);
  49. $phpError++
  50. }
  51.  
  52. if(index($lines[$i], "forbidden ") != -1)
  53. {
  54. push(@vuln, $lines[$i]);
  55. $forbidError++
  56. }
  57. $errors++
  58. }
  59. else
  60. {
  61. if(index($lines[$i], "../") != -1)
  62. {
  63. push(@vuln, $lines[$i]);
  64. $rlfi++
  65. }
  66. if(index($lines[$i], "union") != -1)
  67. {
  68. push(@vuln, $lines[$i]);
  69. $sqli++
  70. }
  71. if(index($lines[$i], "select") != -1)
  72. {
  73. push(@vuln, $lines[$i]);
  74. $sqli++
  75. }
  76. if(index($lines[$i], "from") != -1)
  77. {
  78. push(@vuln, $lines[$i]);
  79. $sqli++
  80. }
  81. if(index($lines[$i], "=http") != -1)
  82. {
  83. push(@vuln, $lines[$i]);
  84. $rlfi++
  85. }
  86. if(index($lines[$i], "%3Cscript%3E") != -1)
  87. {
  88. push(@vuln, $lines[$i]);
  89. $xss++
  90. }
  91. }
  92. $i++;
  93. }
  94.  
  95. # Begin Writing Log File
  96.  
  97. $i = 0;
  98. my $time = time();
  99. open(VLOG, ">log-" . $time . ".html");
  100.  
  101. print(VLOG "<!--Force IE6 into quirks mode with this comment tag--><!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"><html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\"><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\" /><title>Affix.ME Apache Log File Analysis</title><style type=\"text/css\">body{margin: 0;padding: 0;border:0;overflow: hidden;height: 100%; max-height: 100%; }#framecontentLeft, #framecontentRight{position: absolute; top: 0; left: 0; width: 200px; /*Width of left frame div*/height: 100%;overflow: hidden; /*Disable scrollbars. Set to \"scroll\" to enable*/background-color: #515151;color: white;
  102. }#framecontentRight{left: auto;right: 0; width: 150px; /*Width of right frame div*/overflow: hidden; /*Disable scrollbars. Set to \"scroll\" to enable*/background-color: #515151;color: white;}#framecontentBottom{position: absolute;bottom: 0; left: 0px; /*Set left value to WidthOfLeftFrameDiv*/right: 0px; /*Set right value to WidthOfRightFrameDiv*/width: auto;height: 120px; /*Height of bottom frame div*/overflow: hidden; /*Disable scrollbars. Set to \"scroll\" to enable*/background-color: #515151;color: white;}#maincontent{position: fixed; top: 0;bottom: 120px; /*Set bottom value to HeightOfBottomFrameDiv*/left: 0px; /*Set left value to WidthOfLeftFrameDiv*/right: 0px; /*Set right value to WidthOfRightFrameDiv*/overflow: auto;background: #fff; width=\"100%\"}.innertube{margin: 15px; /*Margins for inner DIV inside each DIV (to provide padding)*/}* html body{ /*IE6 hack*/padding: 0 150px 120px 200px; /*Set value to (0 WidthOfRightFrameDiv HeightOfTopFrameDiv WidthOfLeftFrameDiv)*/}* html #maincontent{ /*IE6 hack*/height: 100%; width: 100%; }/* html #framecontentBottom{ /*IE6 hack*/width: 100%;}</style>");
  103. print(VLOG "</head><body><div id=\"framecontentBottom\"><div class=\"innertube\"><div align=\"center\"><h3>Log File Analysis on : " . $ARGV[0] . "</h3></div></div></div><div id=\"maincontent\"><div class=\"innertube\">");
  104.  
  105. print(VLOG "<table border=\"0\" cellpadding=\"5\">");
  106. print(VLOG "<tr><td>Potential RFI/LFI</td><td>" . $rlfi . "</td><tr>");
  107. print(VLOG "<tr><td>Potential SQL Injection</td><td>" . $sqli . "</td><tr>");
  108. print(VLOG "<tr><td>Potential XSS</td><td>" . $xss . "</td><tr>");
  109. print(VLOG "<tr><td>Potential Access Atempts</td><td>" . $forbidError . "</td><tr>");
  110. print(VLOG "<tr><td>Total PHP Errors</td><td>" . $phpError . "</td><tr>");
  111. print(VLOG "<tr><td>Total 404 Errors</td><td>" . $fileError . "</td><tr>");
  112. print(VLOG "</table><br /><small>Please note these are only potential Vulnerabilities</small>");
  113.  
  114. print(VLOG "<br /><h1>Potential Vulnerabilities</h1><br />");
  115. while($i <= @vuln)
  116. {
  117. print(VLOG $vuln[$i] . "<br /><br />");
  118. $i++
  119. }
  120. $i = 0;
  121.  
  122. print(VLOG "<br /><h1>PHP Errors</h1><br />");
  123. while($i <= @php)
  124. {
  125. print(VLOG $php[$i] . "<br /><br />");
  126. $i++
  127. }
  128. $i = 0;
  129.  
  130. print(VLOG "<br /><h1>404 Errors</h1><br />");
  131. while($i <= @php)
  132. {
  133. print(VLOG $file[$i] . "<br /><br />");
  134. $i++
  135. }
  136. $i = 0;
  137.  
  138. print(VLOG "</div></div></body></html>");
  139.  
  140. close(VLOG);
  141. close(FILE);
  142.  
  143. print("Analysis complete, Log file written to log-" . $time . ".html");

Report this snippet  

You need to login to post a comment.