Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/totekuh/bruteforce-sleuth
Linux tool that allowing you to track geolocation of IP addresses from the SSH access.log
https://github.com/totekuh/bruteforce-sleuth
Last synced: 1 day ago
JSON representation
Linux tool that allowing you to track geolocation of IP addresses from the SSH access.log
- Host: GitHub
- URL: https://github.com/totekuh/bruteforce-sleuth
- Owner: totekuh
- License: gpl-3.0
- Created: 2018-11-19T08:55:44.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2019-01-20T20:28:30.000Z (almost 6 years ago)
- Last Synced: 2024-11-05T09:26:07.735Z (about 2 months ago)
- Language: Python
- Homepage:
- Size: 55.7 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# bruteforce-sleuth
A Linux tool that can be used to analyze and locate failed preauth attempts found in system logs, thus potentially identifying security threats.
Use this tool to track your attackers until their Internet Service Provider.
bruteforce-sleuth is fully capable with ssh-bruteforcing trails. Use /var/log/auth.log (or you can provide any log file that you want)
Requirements: Python 3.7.*; pip, pip requests folium; any web-server to share the results page.
Extract a system log with IP addresses (e.g. it can be your ssh-server log: /var/log/auth.log)
Run start.sh as root to get the longitude and latitude of all disconnected IPs from the log.
You will see the list of coordinates with map.html generated:
Run any web server (i.e. apache2) and open the interactive map at http://0.0.0.0/map.html.
Track with details every failed attemp to bruteforce your server.
Generated results will be placed at /var/www/html/map.html and /var/www/html/map-clustered.html
If you are not interested in details and you just want to know which regions are more annoying than others - then you can use Clustered map.
