def __init__(self, debug=False):
"""
Initialize SpiderDetect.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = ServerLogger(
__name__,
debug=debug
)
# Path of file containing spider user agents payloads
self._PAYLOAD_FILE = "securetea/lib/log_monitor/server_log/rules/payloads/bad_ua.txt"
# Load spider user agents payloads
self.payloads = utils.open_file(self._PAYLOAD_FILE)
# Initialize threshold to 50 request / second
self._THRESHOLD = 50 # inter = 0.02
# List of IPs
self.logged_IP = list()
def __init__(self, debug=False, test=False):
"""
Initialize WebShell.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = ServerLogger(__name__, debug=debug)
if test:
# Path of file containing web_shell payloads
self.PAYLOAD_FILE = "securetea/lib/log_monitor/server_log/rules/payloads/web_shell.txt"
else:
# Path of file containing web_shell payloads
self.PAYLOAD_FILE = "/etc/securetea/log_monitor/server_log/payloads/web_shell.txt"
# Load web_shell payloads
self.payloads = utils.open_file(self.PAYLOAD_FILE)
# Logged IP list
self.logged_IP = list()
# Initialize OSINT object
self.osint_obj = OSINT(debug=debug)
def __init__(self, debug=False, path=None, window=30):
"""
Initialize NginxParser class.
Args:
debug (bool): Log on terminal or not
path (str): Path of the log file
window (int): Days old log file to process
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = ServerLogger(__name__, debug=debug)
if path is not None:
self.path = path
else:
self.logger.log("No log path specified, exiting.", logtype="error")
sys.exit(0)
# Convert window (in days) to seconds
self.window = int(window) * 24 * 3600 # days * hours * seconds
# Regex for parsing nginx log file
self.NGINX_RGX = r'(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).*\[([0-9]' \
r'+/[a-zA-Z]+/[0-9]+:[0-9]+:[0-9]+:[0-9]+).*"GET\s(.*)"\s(\d+).*"\s"([^"]+)'
# Initialize dict for containing parsed data
self.nginx_dict = dict()
def __init__(self, debug=False):
"""
Initialize SQLi.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = ServerLogger(
__name__,
debug=debug
)
# Path of file containing sqli payloads
self.PAYLOAD_FILE = "securetea/lib/log_monitor/server_log/rules/payloads/sqli.txt"
# Path of file containing sqli regex rules
self.REGEX_FILE = "securetea/lib/log_monitor/server_log/rules/regex/sqli.txt"
# Load sqli payloads
self.payloads = utils.open_file(self.PAYLOAD_FILE)
# Load sqli regex rules
self.regex = utils.open_file(self.REGEX_FILE)
# Logged IP list
self.logged_IP = list()
def __init__(self, debug=False):
"""
Initialize DDoS.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = ServerLogger(__name__, debug=debug)
# Initialize threshold to 1000 packets per second
self._SISP_THRESHOLD = 1000 # inter = 0.001
self._SIMP_THRESHOLD = 100 # 100 different IPs that trigger SISP DoS
# List of IPs
self.SISP_LIST = list()
# Initialize OSINT object
self.osint_obj = OSINT(debug=debug)
def __init__(self, debug=False):
"""
Initialize PortScan.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = ServerLogger(__name__, debug=debug)
# Path of file containing port_scan payloads
self.PAYLOAD_FILE = "securetea/lib/log_monitor/server_log/rules/payloads/port_scan_ua.txt"
# Load port_scan payloads
self.payloads = utils.open_file(self.PAYLOAD_FILE)
# List of IPs
self.logged_IP = list()
# Initialize OSINT object
self.osint_obj = OSINT(debug=debug)
def __init__(self, debug=False):
"""
Initialize CrossSite.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = ServerLogger(
__name__,
debug=debug
)
# Path of file containing XSS payloads
self.PAYLOAD_FILE = "securetea/lib/log_monitor/server_log/rules/payloads/xss.txt"
# Path of file containing XSS regex rules
self.REGEX_FILE = "securetea/lib/log_monitor/server_log/rules/regex/xss.txt"
# Load XSS payloads
self.payloads = utils.open_file(self.PAYLOAD_FILE)
# Load XSS regex rules
self.regex = utils.open_file(self.REGEX_FILE)
# Logged IP list
self.logged_IP = list()
# Initialize OSINT object
self.osint_obj = OSINT(debug=debug)
def __init__(self, debug=False, ip_list=None, status_code=None):
"""
Initialize UserFilter.
Args:
debug (bool): Log on terminal or not
ip_list (list): List of IPs to filter / grab of the log file
status_code (list): List of status code to filter / grab of the log file
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = ServerLogger(__name__, debug=debug)
if ip_list:
self.ip = ip_list
else:
self.ip = [] # Initialize as empty list
if status_code:
self.status_code = [int(status) for status in status_code]
else:
self.status_code = [] # Initialize as empty list
# List of logged IPs
self.logged_IP = list() # Don't log these IPs again
def __init__(self,test=False,debug=False):
"""
Initialize Ssrf
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = ServerLogger(
__name__,
debug=debug
)
if test:
# Path of file containing SSRF payloads
self.PAYLOAD_FILE = "securetea/lib/log_monitor/server_log/rules/payloads/ssrf.txt"
# Path of file containing SSRF regex rules
self.REGEX_FILE = "securetea/lib/log_monitor/server_log/rules/regex/ssrf.txt"
# Path of the IP Rules
self.IP_FILE = "securetea/lib/log_monitor/server_log/rules/payloads/ips.txt"
else:
# Path of file containing SSRF payloads
self.PAYLOAD_FILE = "/etc/securetea/log_monitor/server_log/payloads/ssrf.txt"
# Path of file containing SSRF regex rules
self.REGEX_FILE = "/etc/securetea/log_monitor/server_log/regex/ssrf.txt"
# Path of the IP Rules
self.IP_FILE = "/etc/securetea/log_monitor/server_log/payloads/ips.txt"
# Load SSRF payloads
self.payloads = utils.open_file(self.PAYLOAD_FILE)
# Load SSRF regex rules
self.regex = utils.open_file(self.REGEX_FILE)
# IPs
self.ips = utils.open_file(self.IP_FILE)
# Logged IP list
self.logged_IP = list()
# Initialize OSINT object
self.osint_obj = OSINT(debug=debug)
def __init__(self, debug=False):
"""
Initialize FuzzerDetect.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = ServerLogger(__name__, debug=debug)
# Set threshold to 25 failure attempts / second
self._THRESHOLD = 25 # inter = 0.04
# List of IPs
self.logged_IP = list()
def __init__(self,
debug=False,
log_type=None,
log_file=None,
window=30,
ip_list=None,
status_code=None):
"""
Initialize ServerLog Monitor Engine.
Args:
debug (bool): Log on terminal or not
log_type (str): Type of log file (Apache, Nginx)
log_file (str): Path of the log file
window (int): Days old log to process (default: 30 days)
ip_list (list): List of IPs to filter / grab of the log file
status_code (list): List of status code to filter / grab of the log file
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = ServerLogger(__name__, debug=debug)
if log_type is None:
self.logger.log("No server type selected, exiting.",
logtype="error")
sys.exit(0)
# Initialize log file path as None
self.log_file_path = None
# OS to log file path mapping
self.system_log_file_map = {
"apache": {
"debian": "/var/log/apache2/access.log",
"fedora": "/var/log/httpd/access_log",
"freebsd": "/var/log/httpd-access.log"
},
"nginx": {
"debian": "/var/log/nginx/access.log"
}
}
if log_file:
self.log_file_path = str(log_file)
else:
os_name = utils.categorize_os()
if os_name:
try:
self.log_file_path = self.system_log_file_map[log_type][
os_name]
except KeyError:
self.logger.log(
"Could not find a suitable log file path, exiting.",
logtype="error")
sys.exit(0)
else:
self.logger.log(
"OS not recognized, log file path not selected, exiting.",
logtype="error")
sys.exit(0)
# Create specific parser objects
if self.log_file_path: # if log file path is valid
if log_type == "apache": # if Apache log file
self.parser_obj = apache.ApacheParser(debug=debug,
window=window,
path=self.log_file_path)
elif log_type == "nginx": # if Nginx log file
self.parser_obj = nginx.NginxParser(debug=debug,
window=window,
path=self.log_file_path)
if self.log_file_path and self.parser_obj: # if log file path is valid
# Cross Site Scripting (XSS) Detection
self.xss_obj = xss.CrossSite(debug=True)
# SQL injection (SQLi) Detection
self.sqli_obj = sqli.SQLi(debug=debug)
# Local File Inclusion (LFI) Detection
self.lfi_obj = lfi.LFI(debug=debug)
# Web Shell Detection
self.web_shell_obj = web_shell.WebShell(debug=debug)
# Port Scan Detection
self.port_scan_obj = port_scan.PortScan(debug=debug)
# URL Fuzzer Detection
self.fuzzer_obj = fuzzer.FuzzerDetect(debug=debug)
# Spider / Web Crawler / Bad user agent
self.spider_obj = spider.SpiderDetect(debug=debug)
# DDoS Detection
self.ddos_obj = ddos.DDoS(debug=debug)
# UserFilter object
self.user_filter_obj = user_filter.UserFilter(
debug=debug, ip_list=ip_list, status_code=status_code)
def __init__(self,
debug=False,
log_type=None,
log_file=None,
window=30,
ip_list=None,
status_code=None):
"""
Initialize ServerLog Monitor Engine.
Args:
debug (bool): Log on terminal or not
type (str): Type of log file (Apache, Nginx)
log_file (str): Path of the log file
window (int): Days old log to process
ip_list (str): List of IPs to filter
status_code (str): List of status code to filter
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = ServerLogger(__name__, debug=debug)
# Check running as root or not
if not utils.check_root():
self.logger.log("Please start as root, exiting.", logtype="error")
sys.exit(0)
if ip_list:
ip_list = utils.get_list(ip_list)
if status_code:
status_code = utils.get_list(status_code)
# Check the variables
if log_file == "":
log_file = None
else:
log_file = log_file.strip(" ")
if log_type == "":
log_type = None
else:
log_type = log_type.strip(" ")
if window == "":
window = 30
else:
window = int(window)
# Create Engine
self.engine_obj = Engine(debug=debug,
log_type=log_type,
log_file=log_file,
window=window,
ip_list=ip_list,
status_code=status_code)