Nexos/waf
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new rule for agents

Browse Source
This commit is contained in:
n.diaz
2024-11-26 08:13:19 +01:00
parent 6d73d940bb
commit d638d8b2ab
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
waf.py
View File

@ -109,6 +109,11 @@ checklist = [
'in': 'xmlrpc', 'in': 'xmlrpc',
'store': 'suspects', 'store': 'suspects',
}, },
{
'where': 'agent',
'in': 'PHP/6',
'store': 'suspects',
},
{ {
'where': 'url', 'where': 'url',
'in': "shell", 'in': "shell",
@ -176,9 +181,12 @@ async def scan(log):
suspects_404 = {} suspects_404 = {}
for line in log.lines(): for line in log.lines():
splitted = line.split() splitted = line.split()
dump(splitted)
# dump(splitted[7].strip())
ip = splitted[0].strip() ip = splitted[0].strip()
method = splitted[5].strip()[1:] method = splitted[5].strip()[1:]
url = splitted[6].strip() url = splitted[6].strip()
agent = splitted[7].strip()
status = splitted[8].strip() status = splitted[8].strip()
date_position = splitted[3][1:] date_position = splitted[3][1:]
host = log.splitall()[2] host = log.splitall()[2]
@ -187,10 +195,13 @@ async def scan(log):
where = url where = url
if rule['where'] == 'url': if rule['where'] == 'url':
where = url where = url
elif rule['where'] == 'agent':
where = agent
store = suspects store = suspects
if rule['store'] == 'suspects': if rule['store'] == 'suspects':
store = suspects store = suspects
if 'in' in rule and rule['in'] in where: if 'in' in rule and rule['in'] in where:
print(where)
store.append(check(ip, host, date_position)) store.append(check(ip, host, date_position))
break break
elif 'startswith' in rule and url.startswith(rule['startswith']) and 'notin' in rule and rule['notin'] not in url: elif 'startswith' in rule and url.startswith(rule['startswith']) and 'notin' in rule and rule['notin'] not in url: