[Owasp-brazilian] Fwd: [WEB SECURITY] [Tool] Scalp - Apache log analyzer for security

Rodrigo Montoro(Sp0oKeR) spooker at gmail.com
Sat Sep 20 11:53:02 EDT 2008


Alguém chegou a ler algo mais ou testar ?

[]zz


---------- Forwarded message ----------
From: romain <r at fuckthespam.com>
Date: Tue, Sep 16, 2008 at 9:23 PM
Subject: [WEB SECURITY] [Tool] Scalp - Apache log analyzer for security
To: websecurity at webappsec.org


Hi all,
I remember reading here a couple of emails about how to analyze the apache
log in order to look for potential attacks.
Since I needed to do exactly the same few times ago, I did a simple python
script that does this using PHP-IDS' regular expression.

So you can find it here:
 http://code.google.com/p/apache-scalp

It includes a couple of options in order to accelerate the scan of the
files, such as specifying the time frame, the type of attack etc. It
produces basic output (HTML, XML or TEXT).

If you find false-negative/positive, please report them to me (if it
concerns Scalp) or to the PHP-IDS team if the regexp need to be tuned.

cheers,

--Romain
http://rgaucher.info


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA




-- 
===========================
Rodrigo Montoro (Sp0oKeR)
Security Analyst
SnortCP / RHCE / LPIC-I / MCSO
http://www.spooker.com.br
http://www.snort.org.br
http://www.linkedin.com/in/spooker
===========================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-brazilian/attachments/20080920/0dc87e72/attachment.html 


More information about the Owasp-brazilian mailing list