Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- class Logger
- {
- /*
- * string $logFile;
- */
- private $logFile;
- /*
- * $lines[] log lines
- */
- private $lines = array();
- /*
- * int $requestCounter
- */
- private $requestCounter = 0;
- /*
- * string $lineRegex regex for nginx log line
- */
- private static $lineRegex = '/^(\S+) \S+ \S+ \[(.*?)\] "(\S+) (\/.+)\s.*?" (\d+) \d+ "(.*?)" "(.*?)"/';
- /*
- * $maliciousPatterns[]
- */
- private static $maliciousPatterns = array(
- /*
- * detect (') ()
- */
- "/(\')|(\%27)|(\\)|(\#)|(\%23)/ix",
- /*
- * detect ('=')
- * login.jsp?username=bill&password=1234;select * from users
- */
- "/((\%3D)|(=))[^\n]*((\%27)|(\')|(\\)|(\%3B)|(;))/i",
- /*
- * // detect ('or')
- * 1' or '2'='2
- * 1' or 1<2
- */
- "/\w*((\%27)|(\'))(\s|\+|\%20)*((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix",
- /*
- * detect ('union') combinations
- */
- "/((\%27)|(\'))(select|union|insert|update|delete|replace|truncate)/ix",
- /*
- * XSS
- */
- "/(javascript|vbscript|expression|applet|script|embed|object|iframe|frame|frameset)/i"
- );
- public function __construct($logFile)
- {
- $this->logFile = $logFile;
- $this->init();
- }
- private function init()
- {
- $this->parseFile();
- }
- public function parseFile()
- {
- $handle = fopen($this->logFile,'r');
- if ($handle) {
- while (!feof($handle)) {
- $line = fgets($handle);
- $this->requestCounter++;
- if (preg_match(self::$lineRegex, $line, $matches)) {
- array_push(
- $this->lines,
- array(
- 'ip' => $matches[1],
- 'time' => $matches[2],
- 'method' => $matches[3],
- 'uri' => $matches[4],
- 'status' => $matches[5],
- 'referer' => $matches[6],
- 'user-agent' => $matches[7],
- )
- );
- }
- }
- fclose($handle);
- }
- return $this->lines;
- }
- public function getLines()
- {
- return $this->lines;
- }
- public function getRequestCounter()
- {
- return $this->requestCounter;
- }
- public static function getFilteredUri($logArray)
- {
- $maliciousUri = array();
- $fineUri = array();
- foreach ($logArray as $log) {
- $uri = $log['uri'];
- foreach (self::$maliciousPatterns as $regex) {
- if (preg_match($regex, $uri, $matches)) {
- $maliciousUri[] = $uri;
- continue 2;
- }
- }
- $fineUri[] = $log['uri'];
- }
- return array('fine_uri' => $fineUri, 'malicious_uri' => $maliciousUri);
- }
- public static function asscArrayCountValues($array, $key)
- {
- $newArray = array();
- foreach($array as $row) {
- $newArray[] = $row[$key];
- }
- $newArray = array_count_values($newArray);
- arsort($newArray);
- return $newArray;
- }
- }
- $logger = new Logger('https://pastebin.com/raw/4TN69ktZ');
- print '<pre>';
- print_r(sprintf('%u requests found', $logger->getRequestCounter()));
- print '</pre>';
- print '<hr/>';
- print '</br>';
- print 'Status';
- print '<pre>';
- print_r(Logger::asscArrayCountValues($logger->getLines(), 'status'));
- print '</pre>';
- print '<hr/>';
- print '</br>';
- print 'Referer';
- print '<pre>';
- print_r(Logger::asscArrayCountValues($logger->getLines(), 'referer'));
- print '</pre>';
- print '<hr/>';
- print '</br>';
- print 'User-Agent';
- print '<pre>';
- print_r(Logger::asscArrayCountValues($logger->getLines(), 'user-agent'));
- print '</pre>';
- print '<hr/>';
- print '</br>';
- print 'URI';
- print '<pre>';
- print_r(Logger::asscArrayCountValues($logger->getLines(), 'uri'));
- print '</pre>';
- print '<hr/>';
- print '</br>';
- print 'Malicious URI\'s';
- print '<pre>';
- print_r(Logger::getFilteredUri($logger->getLines())['malicious_uri']);
- print '</pre>';
- print '</br>';
- print 'Fine URI\'s';
- print '<pre>';
- print_r(Logger::getFilteredUri($logger->getLines())['fine_uri']);
- print '</pre>';
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
