mirror of
https://github.com/The-Art-of-Hacking/h4cker.git
synced 2024-10-01 01:25:43 -04:00
Create logalyzer.py
This commit is contained in:
parent
da686ceba8
commit
f02c4383e1
139
python_ruby_and_bash/parsing_auth_log/logalyzer.py
Normal file
139
python_ruby_and_bash/parsing_auth_log/logalyzer.py
Normal file
@ -0,0 +1,139 @@
|
|||||||
|
import os
|
||||||
|
import sys
|
||||||
|
from optparse import OptionParser
|
||||||
|
|
||||||
|
import ParseLogs
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Logalyzer. Original: https://github.com/hatRiot/logalyzer
|
||||||
|
# Converted to python3.6 by @programmerchad
|
||||||
|
#
|
||||||
|
|
||||||
|
# callback for the user flag
|
||||||
|
def user_call(option, opt_str, value, parser):
|
||||||
|
if len(parser.rargs) is not 0:
|
||||||
|
value = parser.rargs[0]
|
||||||
|
else:
|
||||||
|
value = None
|
||||||
|
setattr(parser.values, option.dest, value)
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
|
||||||
|
# default location
|
||||||
|
log = '/var/log/auth.log'
|
||||||
|
|
||||||
|
# parsing options
|
||||||
|
parser = OptionParser(epilog=
|
||||||
|
"Combine flags to view user-specific information. \'-u test -i\' lists IP addresses "
|
||||||
|
"associated with user test")
|
||||||
|
parser.add_option("-u", help="Specify user. Blank lists all users.", action="callback",
|
||||||
|
callback=user_call, default=None, dest="user")
|
||||||
|
parser.add_option("--full", help="Full log dump for specified user", action="store_true",
|
||||||
|
default=False, dest="fullu")
|
||||||
|
parser.add_option("-l", help="Specify log file. Default is auth.log", default=None, dest="log")
|
||||||
|
parser.add_option("-f", help="List failures", action="store_true", default=False, dest="fail")
|
||||||
|
parser.add_option("-s", help="List success logs", action="store_true", default=False, dest="success")
|
||||||
|
parser.add_option("-c", help="List commands by user", action="store_true", default=False, dest="commands")
|
||||||
|
parser.add_option("-i", help="List IP Addresses", action="store_true", default=False, dest="ip")
|
||||||
|
|
||||||
|
# get arguments
|
||||||
|
(options, args) = parser.parse_args()
|
||||||
|
|
||||||
|
# if they're trying to access /var/log/auth.log without proper privs, bail
|
||||||
|
if not os.getuid() is 0 and options.log is None:
|
||||||
|
print("[-] Please run with SUDO")
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
# check if they specified another file
|
||||||
|
if options.log is not None:
|
||||||
|
log = options.log
|
||||||
|
|
||||||
|
# parse logs
|
||||||
|
LOGS = ParseLogs.ParseLogs(log)
|
||||||
|
if LOGS is None: sys.exit(1)
|
||||||
|
|
||||||
|
# validate the user
|
||||||
|
if options.user:
|
||||||
|
if not options.user in LOGS:
|
||||||
|
print(f"[-] User \'{options.user}\' is not present in the logs.")
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
# tag log location first
|
||||||
|
print('[!] Log file: ', log)
|
||||||
|
|
||||||
|
# output all commands
|
||||||
|
if options.commands and not options.user:
|
||||||
|
for i in LOGS:
|
||||||
|
for comms in LOGS[i].commands:
|
||||||
|
print(f"{i}:\t{comms}")
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
# output all failures
|
||||||
|
elif options.fail and not options.user:
|
||||||
|
for i in LOGS:
|
||||||
|
for fail in LOGS[i].fail_logs:
|
||||||
|
print(f"{i}:\t{fail}")
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
# output all logged IP addresses
|
||||||
|
elif options.ip and not options.user:
|
||||||
|
for i in LOGS:
|
||||||
|
for ip in LOGS[i].ips:
|
||||||
|
print(f"{i}:\t{ip}")
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
# output user-specific commands
|
||||||
|
if options.commands and options.user:
|
||||||
|
print(f"[+] Commands for user \'{options.user}\'")
|
||||||
|
for com in LOGS[options.user].commands:
|
||||||
|
print("\t", com)
|
||||||
|
|
||||||
|
# output user-specific success logs
|
||||||
|
elif options.success and options.user:
|
||||||
|
print(f"[+] Successes logs for user \'{options.user}\'")
|
||||||
|
for log in LOGS[options.user].succ_logs:
|
||||||
|
print("\t", log)
|
||||||
|
|
||||||
|
# output user-specific failures
|
||||||
|
elif options.fail and options.user:
|
||||||
|
print(f"[+] Failures for user \'{options.user}\'")
|
||||||
|
for fail in LOGS[options.user].fail_logs:
|
||||||
|
print("\t", fail)
|
||||||
|
|
||||||
|
# output user-specific ip addresses
|
||||||
|
elif options.ip and options.user:
|
||||||
|
print(f"[+] Logged IPs for user \'{options.user}\'")
|
||||||
|
for i in LOGS[options.user].ips:
|
||||||
|
print("\t", i)
|
||||||
|
|
||||||
|
# print out all information regarding specified user
|
||||||
|
elif options.user is not None:
|
||||||
|
print(f"[!] Logs associated with user \'{options.user}\'")
|
||||||
|
print('[+] First log: ', LOGS[options.user].first_date())
|
||||||
|
print('[+] Last log: ', LOGS[options.user].last_date())
|
||||||
|
print("[!] Failure Logs")
|
||||||
|
for fail in LOGS[options.user].fail_logs:
|
||||||
|
print("\t", fail)
|
||||||
|
print("[!] Success Logs")
|
||||||
|
for succ in LOGS[options.user].succ_logs:
|
||||||
|
print("\t", succ)
|
||||||
|
print("[!] Associated IPs")
|
||||||
|
for ip in LOGS[options.user].ips:
|
||||||
|
print("\t", ip)
|
||||||
|
print("[!] Commands")
|
||||||
|
for comm in LOGS[options.user].commands:
|
||||||
|
print("\t", comm)
|
||||||
|
|
||||||
|
# dump the full log for the user if specified
|
||||||
|
if options.fullu and options.user:
|
||||||
|
print("[!] Full Log")
|
||||||
|
for log in LOGS[options.user].logs:
|
||||||
|
print(log)
|
||||||
|
|
||||||
|
# if they supplied us with an empty user, dump all of the logged users
|
||||||
|
elif options.user is None:
|
||||||
|
if len(LOGS) > 0:
|
||||||
|
for i in LOGS:
|
||||||
|
print(i)
|
Loading…
Reference in New Issue
Block a user