Last active
August 15, 2022 12:39
-
-
Save sauravtom/10000661 to your computer and use it in GitHub Desktop.
Analyzing a DDOS attack with python
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import sys | |
| import collections | |
| import urllib | |
| def main(date): | |
| log_file = open('/var/log/auth.log', "r") | |
| #creating an array of the ip of all items which contain date and the string "Failed password" | |
| arr = [line.split(" ")[-4] for line in log_file if date in line and "Failed password" in line] | |
| print "%d unauthorized attempts recorded for %s"%(len(arr),date) | |
| #creating a dictionary from the array of item and frequency | |
| z = collections.Counter(arr) | |
| for key, value in z.iteritems(): | |
| response = urllib.urlopen('http://api.hostip.info/get_html.php?ip=%s&position=true'%key).read() | |
| country = response.split('Country:')[-1].split('(')[0].strip() | |
| if not country: country = 'Unknown Country' | |
| percentage = (100*value/len(arr)) | |
| #we ignore the percentages < 1 and print the rest | |
| if percentage: | |
| print "| %d%% | %s | %s |"%(percentage,country,key) | |
| if __name__ == '__main__': | |
| if len(sys.argv) == 1: | |
| print 'Please specify date \nExample usage: python ddos.py \'Apr 5\' ' | |
| else: | |
| main(sys.argv[1]) | |
| ''' | |
| To view logs | |
| cat /var/log/auth.log | grep "Apr 4" | grep "Failed password" | wc -l | |
| To view number of logs | |
| cat /var/log/auth.log | grep "Apr 4" | grep "Failed password" | wc -l | |
| ''' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment