-
Notifications
You must be signed in to change notification settings - Fork 29
/
nginxlog.py
25 lines (23 loc) · 1.16 KB
/
nginxlog.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# -*- coding: utf-8 -*-
import os, urllib, redis, time
from lib.config import *
NAME, VERSION, AUTHOR, LICENSE = "PublicSecScan", "V0.1", "咚咚呛", "Public (FREE)"
if __name__ == '__main__':
redis_r = redis.StrictRedis(host=REDIS_HOST, port=REDIS_PORT, password=REDIS_PASSWORD, db=REDIS_DB)
logPath = redis_r.hget('passive_config', 'ssrf_logpath')
if not os.path.exists(logPath):
print 'log file not exist'
file = open(logPath)
for line in file:
lines = line.strip().strip('\n').split(' ')
for s in lines:
if '/ssrf?data=' in s:
info = urllib.unquote(s.replace('/ssrf?data=', '')).split('ssrf?data=')
if len(info) > 1:
target = eval(info[1].replace(',+', ',').replace(':+', ':'))
if len(target) > 0:
target['time'] = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time()))
target['risk_type'] = 'SSRF'
target['data'] = ''
redis_r.hset('passive_scan_risk', 'SSRF_' + target['ng_request_url_short'], target)
os.system('cat /dev/null > %s' % logPath)