#!/usr/bin/python2.5 #Simple script for parsing web logs for RFIs and Webshells v1.2 #By Irongeek import re import cgi import urllib2 import socket import sys import string import datetime import zipfile import os socket.setdefaulttimeout(5) #Main setting below fni1 = "/home/irongeek/logs/irongeek.com/http/access.log" fni2 = "/home/irongeek/logs/irongeek.com/http/access.log.0" fno = "/home/irongeek/irongeek.com/uniquerfis.txt" deadfn = "/home/irongeek/irongeek.com/deadrfis.txt" fpagename = "/home/irongeek/irongeek.com/webshells-and-rfis.htm" #Make sure the path below exists. wscapdir ="/home/irongeek/irongeek.com/wscap/" wscapdirweb="/wscap/" debugon=False if "-d" in sys.argv: debugon=True #Grep function based on http://casa.colorado.edu/~ginsbura/pygrep.htm def grep(string,list): expr = re.compile(string, re.IGNORECASE) return filter(expr.search,list) #Based on http://stackoverflow.com/questions/12953253/searching-for-substring-in-element-in-a-list-an-deleting-the-element-python def rgrep(string,list): flist = [l for l in list if string not in l] return flist #Help from http://www.seehuhn.de/blog/52 parts = [ r'(?P\S+)', # host %h r'\S+', # indent %l (unused) r'(?P\S+)', # user %u r'\[(?P