import urllib2
import re
import sys
# parsetor.py script to detect TOR IPs in access_log files
# www.securitybydefault.com
url="https://exitlist.torproject.org/exit-addresses"
page =urllib2.urlopen(url)
data=page.read()
arraydata = data.split("\n")
ips = []
for text in arraydata:
regex = re.findall( r'[0-9]+(?:\.[0-9]+){3}', text )
strdata = ', '.join(regex)
if strdata is not None and strdata not in ips:
ips.append(strdata)
LogFile = sys.argv[1]
file = open(LogFile, "r")
for LOG in file.readlines():
regex = re.findall( r'^[0-9]+(?:\.[0-9]+){3}', LOG )
strdata = ', '.join(regex)
if strdata in ips:
print LOG