new rule for agents
This commit is contained in:
n.diaz
11
waf.py
11
waf.py
@ -109,6 +109,11 @@ checklist = [
|
||||
'in': 'xmlrpc',
|
||||
'store': 'suspects',
|
||||
},
|
||||
{
|
||||
'where': 'agent',
|
||||
'in': 'PHP/6',
|
||||
'store': 'suspects',
|
||||
},
|
||||
{
|
||||
'where': 'url',
|
||||
'in': "shell",
|
||||
@ -176,9 +181,12 @@ async def scan(log):
|
||||
suspects_404 = {}
|
||||
for line in log.lines():
|
||||
splitted = line.split()
|
||||
dump(splitted)
|
||||
# dump(splitted[7].strip())
|
||||
ip = splitted[0].strip()
|
||||
method = splitted[5].strip()[1:]
|
||||
url = splitted[6].strip()
|
||||
agent = splitted[7].strip()
|
||||
status = splitted[8].strip()
|
||||
date_position = splitted[3][1:]
|
||||
host = log.splitall()[2]
|
||||
@ -187,10 +195,13 @@ async def scan(log):
|
||||
where = url
|
||||
if rule['where'] == 'url':
|
||||
where = url
|
||||
elif rule['where'] == 'agent':
|
||||
where = agent
|
||||
store = suspects
|
||||
if rule['store'] == 'suspects':
|
||||
store = suspects
|
||||
if 'in' in rule and rule['in'] in where:
|
||||
print(where)
|
||||
store.append(check(ip, host, date_position))
|
||||
break
|
||||
elif 'startswith' in rule and url.startswith(rule['startswith']) and 'notin' in rule and rule['notin'] not in url:
|
||||
|
||||
Reference in New Issue
Block a user