Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/a0s/access_log_fuzzing_detector

Scans access.log and detects fuzzing attempts.
https://github.com/a0s/access_log_fuzzing_detector

fuzzing nginx ruby

Last synced: 21 days ago
JSON representation

Scans access.log and detects fuzzing attempts.

Host: GitHub
URL: https://github.com/a0s/access_log_fuzzing_detector
Owner: a0s
License: mit
Created: 2020-05-18T11:19:44.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2020-05-21T08:52:22.000Z (over 4 years ago)
Last Synced: 2024-11-10T00:29:19.260Z (3 months ago)
Topics: fuzzing, nginx, ruby
Language: Ruby
Homepage: https://github.com/a0s/access_log_fuzzing_detector
Size: 13.7 KB
Stars: 2
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Access.log Fuzzing Detector
Very simple (and stupid) scanner that able to detect attempts of [fuzzing](https://en.wikipedia.org/wiki/Fuzzing).

![](https://user-images.githubusercontent.com/418868/82338139-31d06680-99f5-11ea-8c88-beb33b5ed97a.gif)

## Features

* fast search in dictionary
* unlimited size of dictionary

## Prerequisites

* ruby interpretator in PATH
* access.log should be in [default nginx format](https://nginx.org/en/docs/http/ngx_http_log_module.html)
* downloaded fuzzing dictionary `fuzz.txt` (for example, you cat get it [here](https://github.com/Bo0oM/fuzz.txt/blob/master/fuzz.txt),
[here](https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txt), or [here](https://github.com/daviddias/node-dirbuster/tree/master/lists))

## Usage

Send access.log to stdin, and scanner will return you suspicious requests to stdout. Use `cat`

```sh
cat access.log | ruby scanner fuzz.txt
```
or `pv` if you want to see overall progress/speed
```sh
pv access.log | ruby scanner fuzz.txt
```
## How it works
Every input line in stdin will process by stages:
1) Parse request with [regular expression](https://github.com/a0s/access_log_fuzzing_detector/commit/ebea2fad1cdc062aa770123098fd044d47f7de1b#diff-bbdaea376f500d25f6b0c1050311dd07R26). In case of failure it returns `RegexpSucks` exception :)
2) Check `method` of request. Allowed methods are `GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH`
3) Check `protocol` of request. Allower protocols are `HTTP/1.0 HTTP/1.1`
4) For every `line/from/dictionary` we will check:
* `request_uri` not start with `line/from/dictionary`
* `request_uri` not start with `/line/from/dictionary`
* `request_uri` not end with `line/from/dictionary`