GithubHelp home page GithubHelp logo

a0s / access_log_fuzzing_detector Goto Github PK

View Code? Open in Web Editor NEW
2.0 3.0 0.0 14 KB

Scans access.log and detects fuzzing attempts.

Home Page: https://github.com/a0s/access_log_fuzzing_detector

License: MIT License

Ruby 100.00%
fuzzing nginx ruby

access_log_fuzzing_detector's Introduction

Access.log Fuzzing Detector

Very simple (and stupid) scanner that able to detect attempts of fuzzing.

Features

  • fast search in dictionary
  • unlimited size of dictionary

Prerequisites

  • ruby interpretator in PATH
  • access.log should be in default nginx format
  • downloaded fuzzing dictionary fuzz.txt (for example, you cat get it here, here, or here)

Usage

Send access.log to stdin, and scanner will return you suspicious requests to stdout. Use cat

cat access.log | ruby scanner fuzz.txt

or pv if you want to see overall progress/speed

pv access.log | ruby scanner fuzz.txt

How it works

Every input line in stdin will process by stages:

  1. Parse request with regular expression. In case of failure it returns RegexpSucks exception :)
  2. Check method of request. Allowed methods are GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH
  3. Check protocol of request. Allower protocols are HTTP/1.0 HTTP/1.1
  4. For every line/from/dictionary we will check:
    • request_uri not start with line/from/dictionary
    • request_uri not start with /line/from/dictionary
    • request_uri not end with line/from/dictionary

access_log_fuzzing_detector's People

Contributors

a0s avatar

Stargazers

avatar avatar

Watchers

avatar avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.