Apache Log File Analyzer - Perl Snipplr Social Repository

Revision: 37871

at December 18, 2010 21:17 by Affix

Initial Code

#!/usrb/bin/perl
#	    _     __  __ _        __  __ _____ 
#	   / \   / _|/ _(_)_  __ |  \/  | ____|
#	  / _ \ | |_| |_| \ \/ / | |\/| |  _|  
#	 / ___ \|  _|  _| |>  < _| |  | | |___ 
#	/_/   \_\_| |_| |_/_/\_(_)_|  |_|_____|
#
#	Title   	: Apache Log File Analyzer
#	Author  	: Affix <[email protected]>
#	Website		: http://Affix.ME
#	License 	: GNU/GPL V3
#	Description	: Analyzes Apache Log files
#	to determine possible vulnerabilities and
#	output a HTML log file highlighting the most
#	serious attempts.

#################################################
####	DO NOT EDIT BELOW THIS LINE	     ####
#################################################

open(FILE, $ARGV[0]) or die $!;

my @lines = <FILE>;

my $i = 0;
my $errors = 0;
my $fileError = 0;
my $phpError = 0;
my $forbidError = 0;
my $rlfi = 0;
my $sqli = 0;
my $xss = 0;
my @vuln;
my @php;
my @file;

while($i <= scalar(@lines))
{
	if(index($lines[$i], "[error]") != -1)
	{
		if(index($lines[$i], "File does not exist:") != -1)
		{
			push(@file, $lines[$i]);
			$fileError++
		}		
		if(index($lines[$i], "PHP ") != -1)
		{
			push(@php, $lines[$i]);
			$phpError++
		}

		if(index($lines[$i], "forbidden ") != -1)
		{
			push(@vuln, $lines[$i]);
			$forbidError++
		}
		$errors++
	}
	else
	{
		if(index($lines[$i], "../") != -1)
		{
			push(@vuln, $lines[$i]);
			$rlfi++
		}
		if(index($lines[$i], "union") != -1)
		{
			push(@vuln, $lines[$i]);
			$sqli++
		}
		if(index($lines[$i], "select") != -1)
		{
			push(@vuln, $lines[$i]);
			$sqli++
		}
		if(index($lines[$i], "from") != -1)
		{
			push(@vuln, $lines[$i]);
			$sqli++
		}
		if(index($lines[$i], "=http") != -1)
		{
			push(@vuln, $lines[$i]);
			$rlfi++
		}
		if(index($lines[$i], "%3Cscript%3E") != -1)
		{
			push(@vuln, $lines[$i]);
			$xss++
		}
	}
	$i++;
}

# Begin Writing Log File

$i = 0;
my $time = time();
open(VLOG, ">log-" . $time . ".html");

print(VLOG "<!--Force IE6 into quirks mode with this comment tag--><!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"><html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\"><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\" /><title>Affix.ME Apache Log File Analysis</title><style type=\"text/css\">body{margin: 0;padding: 0;border:0;overflow: hidden;height: 100%; max-height: 100%; }#framecontentLeft, #framecontentRight{position: absolute; top: 0; left: 0; width: 200px; /*Width of left frame div*/height: 100%;overflow: hidden; /*Disable scrollbars. Set to \"scroll\" to enable*/background-color: #515151;color: white;
}#framecontentRight{left: auto;right: 0; width: 150px; /*Width of right frame div*/overflow: hidden; /*Disable scrollbars. Set to \"scroll\" to enable*/background-color: #515151;color: white;}#framecontentBottom{position: absolute;bottom: 0; left: 0px; /*Set left value to WidthOfLeftFrameDiv*/right: 0px; /*Set right value to WidthOfRightFrameDiv*/width: auto;height: 120px; /*Height of bottom frame div*/overflow: hidden; /*Disable scrollbars. Set to \"scroll\" to enable*/background-color: #515151;color: white;}#maincontent{position: fixed; top: 0;bottom: 120px; /*Set bottom value to HeightOfBottomFrameDiv*/left: 0px; /*Set left value to WidthOfLeftFrameDiv*/right: 0px; /*Set right value to WidthOfRightFrameDiv*/overflow: auto;background: #fff; width=\"100%\"}.innertube{margin: 15px; /*Margins for inner DIV inside each DIV (to provide padding)*/}* html body{ /*IE6 hack*/padding: 0 150px 120px 200px; /*Set value to (0 WidthOfRightFrameDiv HeightOfTopFrameDiv WidthOfLeftFrameDiv)*/}* html #maincontent{ /*IE6 hack*/height: 100%; width: 100%; }/* html #framecontentBottom{ /*IE6 hack*/width: 100%;}</style>");
print(VLOG "</head><body><div id=\"framecontentBottom\"><div class=\"innertube\"><div align=\"center\"><h3>Log File Analysis on : " . $ARGV[0] . "</h3></div></div></div><div id=\"maincontent\"><div class=\"innertube\">");

print(VLOG "<table border=\"0\" cellpadding=\"5\">");
print(VLOG "<tr><td>Potential RFI/LFI</td><td>" . $rlfi . "</td><tr>");
print(VLOG "<tr><td>Potential SQL Injection</td><td>" . $sqli . "</td><tr>");
print(VLOG "<tr><td>Potential XSS</td><td>" . $xss . "</td><tr>");
print(VLOG "<tr><td>Potential Access Atempts</td><td>" . $forbidError . "</td><tr>");
print(VLOG "<tr><td>Total PHP Errors</td><td>" . $phpError . "</td><tr>");
print(VLOG "<tr><td>Total 404 Errors</td><td>" . $fileError . "</td><tr>");
print(VLOG "</table><br /><small>Please note these are only potential Vulnerabilities</small>");

print(VLOG "<br /><h1>Potential Vulnerabilities</h1><br />");
while($i <= @vuln)
{
	print(VLOG $vuln[$i] . "<br /><br />");
	$i++
}
$i = 0;

print(VLOG "<br /><h1>PHP Errors</h1><br />");
while($i <= @php)
{
	print(VLOG $php[$i] . "<br /><br />");
	$i++
}
$i = 0;

print(VLOG "<br /><h1>404 Errors</h1><br />");
while($i <= @php)
{
	print(VLOG $file[$i] . "<br /><br />");
	$i++
}
$i = 0;

print(VLOG "</div></div></body></html>");

close(VLOG);
close(FILE);

print("Analysis complete, Log file written to log-" . $time . ".html");

Initial URL

Initial Description

Initial Title

Apache Log File Analyzer

Initial Tags

apache

Initial Language

Perl

Choose a language for easy browsing: