Safety analysis report:
The characteristics of the web log security analysis tool
1. Support to detect a variety of popular attack types, and automatically identify the physical location where the attacker IP is located
2. Support custom attack feature library, such as adding attack types and attack features
3. Generate humanized analysis reports to facilitate analyzing the invasion process of the attacker to support the log type:
IIS W3C, Apache/Tomcat/Nginx default log format
Support detection attack type:
The default can detect SQL injection/XSS attack/IIS writing permissions vulnerabilities. Various attack types such as vulnerabilities in the/struts remote command depends on the characteristics of the attack feature library.
Feature library description:
The default feature library (Attackrules.ini) defines a part of the common attack features and adopts regular expression matching; in the actual use process, users can modify or add attack features according to their actual needs.
Environment description:
This software uses the C#language and is developed with VS 2008. Normal operation needs .NET Framework 3.5 and above.
Use
Open the program, select the web log file and the corresponding log type to be analyzed, and click the "Analysis" button. After the analysis is completed, a safety analysis report will be automatically generated.
Related file description:
Web log security analysis tool v2.0.exe: main program
Attackrules.ini: Attack feature library, which defines part of the common attack features, can customize the type and attack characteristics in this file.
Newtemplet.tpl: Analysis report generate template.
QQwry.dat: Innocent IP database, the role is to automatically identify the physical location where the attacker IP is located when the attack log is detected.
it works
it works
it works