sh4d0w-w4tch/wlscan.py

## wlscan.py
#!/usr/bin/env python

import os.path

# String match terms will be rendered case insensitive
war_strs = ['UNION','() {','phpmyadmin']
log_path = 'Enter the path to the web log here!'

print '''*******************************************
__        ___ ____
\ \      / / / ___|  ___ __ _ _ __
 \ \ /\ / /| \___ \ / __/ _` | '_ \\
  \ V  V / | |___) | (_| (_| | | | |
   \_/\_/  |_|____/ \___\__,_|_| |_|
-------------------------------------------
    Apache web log malicious activity
                 scanner

    GNU/GPL (c) 2015 sh4d0w_w4tch
*******************************************'''

line_num = 1
malicious_entries = 0
if os.path.isfile('malicious-ips.txt') == False:
    with open('malicious-ips.txt', 'w+') as mif:
        0x90
with open('.rev', 'a+') as cf:
    with open(log_path, 'r') as lf:
        print 'Scanning '+ log_path
        for line in lf:
            for item in war_strs:
                if line_num % 5000 == 0:
                    print '  [+] Scanned '+ str(line_num) +' lines'
                    if malicious_entries > 0:
                        print '  [!] '+ str(malicious_entries) +' potentially malicious incidents detected'
                if item.lower() in line.lower() and str(line_num) not in open('.rev').read():
                    malicious_entries += 1
                    with open('scan.log', 'a+') as rf:
                        rf.write('Malicious activity suspected at line '+ str(line_num) +': '+ line)
                    with open('.rev', 'a') as cfa:
                        cfa.write(str(line_num) +'\n')
                    entry = line.split(' ', 1)
                    if entry[0] not in open('malicious-ips.txt').read():
                        with open('malicious-ips.txt', 'a+') as mif:
                            mif.write(entry[0] +'\n')
            line_num += 1
print 'Scan complete'
	#!/usr/bin/env python

	import os.path

	# String match terms will be rendered case insensitive
	war_strs = ['UNION','() {','phpmyadmin']
	log_path = 'Enter the path to the web log here!'

	print '''*******************************************
	__ ___ ____
	\ \ / / / ___\| ___ __ _ _ __
	\ \ /\ / /\| \___ \ / __/ _` \| '_ \\
	\ V V / \| \|___) \| (_\| (_\| \| \| \| \|
	\_/\_/ \|_\|____/ \___\__,_\|_\| \|_\|
	-------------------------------------------
	Apache web log malicious activity
	scanner

	GNU/GPL (c) 2015 sh4d0w_w4tch
	*******************************************'''

	line_num = 1
	malicious_entries = 0
	if os.path.isfile('malicious-ips.txt') == False:
	with open('malicious-ips.txt', 'w+') as mif:
	0x90
	with open('.rev', 'a+') as cf:
	with open(log_path, 'r') as lf:
	print 'Scanning '+ log_path
	for line in lf:
	for item in war_strs:
	if line_num % 5000 == 0:
	print ' [+] Scanned '+ str(line_num) +' lines'
	if malicious_entries > 0:
	print ' [!] '+ str(malicious_entries) +' potentially malicious incidents detected'
	if item.lower() in line.lower() and str(line_num) not in open('.rev').read():
	malicious_entries += 1
	with open('scan.log', 'a+') as rf:
	rf.write('Malicious activity suspected at line '+ str(line_num) +': '+ line)
	with open('.rev', 'a') as cfa:
	cfa.write(str(line_num) +'\n')
	entry = line.split(' ', 1)
	if entry[0] not in open('malicious-ips.txt').read():
	with open('malicious-ips.txt', 'a+') as mif:
	mif.write(entry[0] +'\n')
	line_num += 1
	print 'Scan complete'