Linux ip-172-26-2-223 5.4.0-1018-aws #18-Ubuntu SMP Wed Jun 24 01:15:00 UTC 2020 x86_64
Apache
: 172.26.2.223 | : 18.218.196.220
Cant Read [ /etc/named.conf ]
8.1.13
www
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
BLACK DEFEND!
README
+ Create Folder
+ Create File
/
www /
server /
panel /
class_v2 /
[ HOME SHELL ]
Name
Size
Permission
Action
__pycache__
[ DIR ]
drwxr-xr-x
btdockerModelV2
[ DIR ]
drwxr-xr-x
crontabModelV2
[ DIR ]
drwxr-xr-x
databaseModelV2
[ DIR ]
drwxr-xr-x
firewallModelV2
[ DIR ]
drwxr-xr-x
logsModelV2
[ DIR ]
drwxr-xr-x
monitorModelV2
[ DIR ]
drwxr-xr-x
panelModelV2
[ DIR ]
drwxr-xr-x
power_mta
[ DIR ]
drwxr-xr-x
projectModelV2
[ DIR ]
drwxr-xr-x
safeModelV2
[ DIR ]
drwxr-xr-x
safe_warning_v2
[ DIR ]
drwxr-xr-x
ssl_domainModelV2
[ DIR ]
drwxr-xr-x
virtualModelV2
[ DIR ]
drwxr-xr-x
wp_toolkit
[ DIR ]
drwxr-xr-x
acme_v3.py
133.98
KB
-rw-r--r--
ajax_v2.py
95.41
KB
-rw-r--r--
apache_v2.py
17.28
KB
-rw-r--r--
backup_bak_v2.py
24.86
KB
-rw-r--r--
breaking_through.py
47.94
KB
-rw-r--r--
cloud_stora_upload_v2.py
19.27
KB
-rw-r--r--
common_v2.py
12.45
KB
-rw-r--r--
config_v2.py
165.36
KB
-rw-r--r--
crontab_ssl_v2.py
1.85
KB
-rw-r--r--
crontab_v2.py
111.93
KB
-rw-r--r--
data_v2.py
36.54
KB
-rw-r--r--
database_v2.py
125.54
KB
-rw-r--r--
datatool_v2.py
5.83
KB
-rw-r--r--
db_mysql_v2.py
11.41
KB
-rw-r--r--
db_v2.py
11.04
KB
-rw-r--r--
dk_db.py
18.34
KB
-rw-r--r--
download_file_v2.py
2.54
KB
-rw-r--r--
fastcgi_client_two_v2.py
12.26
KB
-rw-r--r--
fastcgi_client_v2.py
6.89
KB
-rw-r--r--
file_execute_deny_v2.py
10.34
KB
-rw-r--r--
files_v2.py
149.12
KB
-rw-r--r--
firewall_new_v2.py
22.4
KB
-rw-r--r--
firewalld_v2.py
11.09
KB
-rw-r--r--
firewalls_v2.py
17.44
KB
-rw-r--r--
flask_compress_v2.py
5.12
KB
-rw-r--r--
flask_sockets_v2.py
3.75
KB
-rw-r--r--
ftp_log_v2.py
21.72
KB
-rw-r--r--
ftp_v2.py
16.17
KB
-rw-r--r--
http_requests_v2.py
24.25
KB
-rw-r--r--
jobs_v2.py
36.98
KB
-rw-r--r--
letsencrypt_v2.py
12.85
KB
-rw-r--r--
log_analysis_v2.py
12.23
KB
-rw-r--r--
monitor_v2.py
13.53
KB
-rw-r--r--
one_key_wp_v2.py
75.79
KB
-rw-r--r--
panelControllerV2.py
4.97
KB
-rw-r--r--
panelDatabaseControllerV2.py
5.76
KB
-rw-r--r--
panelDockerControllerV2.py
5.86
KB
-rw-r--r--
panelFireControllerV2.py
4.65
KB
-rw-r--r--
panelModControllerV2.py
5.13
KB
-rw-r--r--
panelProjectControllerV2.py
6.07
KB
-rw-r--r--
panelSafeControllerV2.py
4.65
KB
-rw-r--r--
panel_api_v2.py
10.43
KB
-rw-r--r--
panel_auth_v2.py
33.21
KB
-rw-r--r--
panel_backup_v2.py
102.56
KB
-rw-r--r--
panel_dns_api_v2.py
22.2
KB
-rw-r--r--
panel_http_proxy_v2.py
11.33
KB
-rw-r--r--
panel_lets_v2.py
43.61
KB
-rw-r--r--
panel_mssql_v2.py
4.48
KB
-rw-r--r--
panel_mysql_v2.py
7.55
KB
-rw-r--r--
panel_php_v2.py
24.78
KB
-rw-r--r--
panel_ping_v2.py
2.88
KB
-rw-r--r--
panel_plugin_v2.py
125.11
KB
-rw-r--r--
panel_push_v2.py
23.78
KB
-rw-r--r--
panel_redirect_v2.py
34.02
KB
-rw-r--r--
panel_restore_v2.py
11.04
KB
-rw-r--r--
panel_site_v2.py
343.73
KB
-rw-r--r--
panel_ssl_v2.py
75.34
KB
-rw-r--r--
panel_task_v2.py
28.7
KB
-rw-r--r--
panel_video_V2.py
1.88
KB
-rw-r--r--
panel_warning_v2.py
68.71
KB
-rw-r--r--
password_v2.py
8.09
KB
-rw-r--r--
plugin_auth_v2.py
3.14
KB
-rw-r--r--
plugin_deployment_v2.py
28.85
KB
-rw-r--r--
san_baseline_v2.py
51.13
KB
-rw-r--r--
site_dir_auth_v2.py
17.67
KB
-rw-r--r--
ssh_security_v2.py
45.66
KB
-rw-r--r--
ssh_terminal_v2.py
58.86
KB
-rw-r--r--
system_v2.py
44.77
KB
-rw-r--r--
userRegister_v2.py
6.74
KB
-rw-r--r--
user_login_v2.py
21.2
KB
-rw-r--r--
vilidate_v2.py
4.94
KB
-rw-r--r--
wxapp_v2.py
5.62
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : log_analysis_v2.py
# coding: utf-8 # +------------------------------------------------------------------- # | aaPanel # +------------------------------------------------------------------- # | Copyright (c) 2015-2099 aaPanel(www.aapanel.com) All rights reserved. # +------------------------------------------------------------------- # | Author: lkq <lkq@aapanel.com> # | # | 日志分析工具 # +------------------------------------------------------------------- import os import time import public from public.validate import Param class log_analysis: path = '/www/server/panel/script/' log_analysis_path = '/www/server/panel/script/log_analysis.sh' def __init__(self): if not os.path.exists(self.path + '/log/'): os.makedirs(self.path + '/log/') if not os.path.exists(self.log_analysis_path): log_analysis_data = r'''help(){ echo "Usage: ./action.sh [options] [FILE] [OUTFILE] " echo "Options:" echo "xxx.sh san_log [FILE] Get the log list with the keywords xss|sql|mingsense information|php code execution in the successful request [OUTFILE] 11" echo "xxx.sh san [FILE] Get list of logs with sql keyword in successful request [OUTFILE] 11 " } if [ $# == 0 ] then help exit fi if [ ! -e $2 ] then echo -e "$2: log file does not exist" exit fi if [ ! -d "log" ] then mkdir log fi echo "[*] Starting ..." if [ $1 == "san_log" ] then echo "1">./log/$3 echo "Start getting xss cross-site scripting attack logs..." grep -E ' (200|302|301|500|444|403|304) ' $2 | grep -i -E "(javascript|data:|alert\(|onerror=|%3Cimg%20src=x%20on.+=|%3Cscript|%3Csvg/|%3Ciframe/|%3Cscript%3E).*?HTTP/1.1" >./log/$3xss.log echo "Analysis logs have been saved to./log/$3xss.log" echo "Scan to attack count: "`cat ./log/$3xss.log |wc -l` echo "20">./log/$3 echo "Start getting sql injection attack logs..." echo "Analysis logs have been saved to./log/$3sql.log" grep -E ' (200|302|301|500|444|403) ' $2 | grep -i -E "(from.+?information_schema.+|select.+(from|limit)|union(.*?)select|extractvalue\(|case when|extractvalue\(|updatexml\(|sleep\().*?HTTP/1.1" > ./log/$3sql.log echo "Scan to attack count: "`cat ./log/$3sql.log |wc -l` echo "40">./log/$3 echo -e "Start getting related logs such as file traversal/code execution/scanner information/configuration files" grep -E ' (200|302|301|500|444|403) ' $2 | grep -i -E "(\.\.|WEB-INF|/etc|\w\{1,6\}\.jsp |\w\{1,6\}\.php|\w+\.xml |\w+\.log |\w+\.swp |\w*\.git |\w*\.svn |\w+\.json |\w+\.ini |\w+\.inc |\w+\.rar |\w+\.gz |\w+\.tgz|\w+\.bak |/resin-doc).*?HTTP/1.1" >./log/$3san.log echo "Analysis logs have been saved to./log/$3san.log" echo "Scan to attack count: "`cat ./log/$3san.log |wc -l` echo "50">./log/$3 echo -e "Start getting the php code execution scan log" grep -E ' (200|302|301|500|444|403) ' $2 | grep -i -E "(gopher://|php://|file://|phar://|dict://data://|eval\(|file_get_contents\(|phpinfo\(|require_once\(|copy\(|\_POST\[|file_put_contents\(|system\(|base64_decode\(|passthru\(|\/invokefunction\&|=call_user_func_array).*?HTTP/1.1" >./log/$3php.log echo "Analysis logs have been saved to./log/$3php.log" echo "Scan to attack count: "`cat ./log/$3php.log |wc -l` echo "60">./log/$3 echo -e "The number and value of the most visited ip is being counted" # cat $2|awk -F" " '{print $1}'|sort|uniq -c|sort -nrk 1 -t' '|head -100 awk '{print $1}' $2 |sort|uniq -c |sort -nr |head -100 >./log/$3ip.log echo "80">./log/$3 echo -e "The number and value of the url of the most visited request interface is being counted" awk '{print $7}' $2 |sort|uniq -c |sort -nr |head -100 >./log/$3url.log echo "100">./log/$3 elif [ $1 == "san" ] then echo "1">./log/$3 echo "Start getting xss cross-site scripting attack logs..." grep -E ' (200|302|301|500|444|403|304) ' $2 | grep -i -E "(javascript|data:|alert\(|onerror=|%3Cimg%20src=x%20on.+=|%3Cscript|%3Csvg/|%3Ciframe/|%3Cscript%3E).*?HTTP/1.1" >./log/$3xss.log echo "Analysis logs have been saved to./log/$3xss.log" echo "Scan to attack count: "`cat ./log/$3xss.log |wc -l` echo "20">./log/$3 echo "Start getting sql injection attack logs..." echo "Analysis logs have been saved to./log/$3sql.log" grep -E ' (200|302|301|500|444|403) ' $2 | grep -i -E "(from.+?information_schema.+|select.+(from|limit)|union(.*?)select|extractvalue\(|case when|extractvalue\(|updatexml\(|sleep\().*?HTTP/1.1" > ./log/$3sql.log echo "Scan to attack count: "`cat ./log/$3sql.log |wc -l` echo "40">./log/$3 echo -e "Start getting related logs such as file traversal/code execution/scanner information/configuration files" grep -E ' (200|302|301|500|444|403) ' $2 | grep -i -E "(\.\.|WEB-INF|/etc|\w\{1,6\}\.jsp |\w\{1,6\}\.php|\w+\.xml |\w+\.log |\w+\.swp |\w*\.git |\w*\.svn |\w+\.json |\w+\.ini |\w+\.inc |\w+\.rar |\w+\.gz |\w+\.tgz|\w+\.bak |/resin-doc).*?HTTP/1.1" >./log/$3san.log echo "Analysis logs have been saved to./log/$3san.log" echo "Scan to attack count: "`cat ./log/$3san.log |wc -l` echo "60">./log/$3 echo -e "Start getting the php code execution scan log" grep -E ' (200|302|301|500|444|403) ' $2 | grep -i -E "(gopher://|php://|file://|phar://|dict://data://|eval\(|file_get_contents\(|phpinfo\(|require_once\(|copy\(|\_POST\[|file_put_contents\(|system\(|base64_decode\(|passthru\(|\/invokefunction\&|=call_user_func_array).*?HTTP/1.1" >./log/$3php.log echo "Analysis logs have been saved to./log/$3php.log" echo "Scan to attack count: "`cat ./log/$3php.log |wc -l` echo "100">./log/$3 else help fi echo "[*] shut down" ''' public.WriteFile(self.log_analysis_path, log_analysis_data) def get_log_format(self, path): ''' @获取日志格式 ''' f = open(path, 'r') data = None for i in f: data = i.split() break f.close() if not data: return False if not public.check_ip(data[0]): return False if len(data) < 6: return False return True def log_analysis(self, get): ''' 分析日志 @param path:需要分析的日志 @return 返回具体的分析结果 @ 需要使用异步的方式进行扫描 ''' # 校验参数 try: get.validate([ Param('action').String(), Param('path').String(), ], [ public.validate.trim_filter(), ]) except Exception as ex: public.print_log("error info: {}".format(ex)) return public.return_message(-1, 0, str(ex)) path = get.path log_path = public.Md5(path) serverType = public.get_webserver() if serverType == "nginx": pass elif serverType == 'apache': #path = path.strip("-access_log") + '-access_log' pass elif serverType == 'openlitespeed': # path = path.strip("_ols.access_log") + '_ols.access_log' # return public.ReturnMsg(False, 'openlitespeed is not supported yet') return public.fail_v2('openlitespeed is not supported yet') # public.print_log("path1:{}".format(path)) # public.print_log("serverType:{}".format(serverType)) if not os.path.exists(path): return public.return_message(-1, 0, public.lang("No log file")) if os.path.getsize(path) > 9433107294: return public.return_message(-1, 0, public.lang("The log file is too large!")) if os.path.getsize(path) < 10: return public.return_message(-1, 0, public.lang("log is empty")) # public.print_log("log_path{}".format(log_path)) # public.print_log("self.log_analysis_path{}".format(self.log_analysis_path)) # public.print_log("path{}".format(path)) if self.get_log_format(path): public.ExecShell( "cd %s && bash %s san_log %s %s &" % (self.path, self.log_analysis_path, path, log_path)) else: public.ExecShell("cd %s && bash %s san %s %s &" % (self.path, self.log_analysis_path, path, log_path)) speed = self.path + '/log/' + log_path+".time" public.WriteFile(speed,str(time.time())+"[]"+time.strftime('%Y-%m-%d %X',time.localtime())+"[]"+"0") return public.return_message(0, 0, public.lang("Start scan successful")) def speed_log(self, get): ''' 扫描进度 @param path:扫描的日志文件 @return 返回进度 ''' # 校验参数 try: get.validate([ Param('path').String(), ], [ public.validate.trim_filter(), ]) except Exception as ex: public.print_log("error info: {}".format(ex)) return public.return_message(-1, 0, str(ex)) path = get.path.strip() log_path = public.Md5(path) speed = self.path + '/log/' + log_path if os.path.getsize(speed) < 1: return public.return_message(-1, 0, public.lang("log is empty")) if not os.path.exists(speed): return public.return_message(-1, 0, public.lang("The directory was not scanned")) try: data = public.ReadFile(speed) data = int(data) if data==100: time_data,start_time,status=public.ReadFile(self.path + '/log/' + log_path+".time").split("[]") public.WriteFile(speed+".time",str(time.time()-float(time_data)) + "[]" + start_time + "[]" + "1") return public.return_message(0,0, data) except: return public.return_message(0, 0, 0) def get_log_count(self, path, is_body=False): count = 0 if is_body: if not os.path.exists(path): return '' data = '' with open(path, 'r') as f: for i in f: count += 1 data = data.replace('<', '<').replace('>', '>') + i.replace('<', '<').replace('>', '>') if count >= 300: break return data else: if not os.path.exists(path): return count with open(path, 'rb') as f: for i in f: count += 1 return count def get_result(self, get): ''' 扫描结果 @param path:扫描的日志文件 @return 返回结果 ''' path = get.path.strip() log_path = public.Md5(path) speed = self.path + '/log/' + log_path result = {} if os.path.exists(speed): result['is_status'] = True else: result['is_status'] = False if os.path.exists(speed+".time"): time_data, start_time, status = public.ReadFile(self.path + '/log/' + log_path + ".time").split("[]") if status == '1' or start_time==1: result['time']=time_data result['start_time']=start_time else: result['time'] = "0" result['start_time'] = "2022/2/22 22:22:22" if 'time' not in result: result['time'] = "0" result['start_time'] = "2022/2/22 22:22:22" result['xss'] = self.get_log_count(speed + 'xss.log') result['sql'] = self.get_log_count(speed + 'sql.log') result['san'] = self.get_log_count(speed + 'san.log') result['php'] = self.get_log_count(speed + 'php.log') result['ip'] = self.get_log_count(speed + 'ip.log') result['url'] = self.get_log_count(speed + 'url.log') return public.return_message(0,0,result) def get_detailed(self, get): # 校验参数 try: get.validate([ Param('path').String(), Param('type').String(), ], [ public.validate.trim_filter(), ]) except Exception as ex: public.print_log("error info: {}".format(ex)) return public.return_message(-1, 0, str(ex)) path = get.path.strip() log_path = public.Md5(path) speed = self.path + '/log/' + log_path type_list = ['xss', 'sql', 'san', 'php', 'ip', 'url'] if get.type not in type_list: return public.return_message(-1, 0, public.lang("Type mismatch")) if not os.path.exists(speed + get.type + '.log'): return public.return_message(-1, 0, public.lang("Record does not exist")) return public.return_message(0,0,self.get_log_count(speed + get.type + '.log', is_body=True))
Close
