## https://sploitus.com/exploit?id=158DF90B-E6C6-5560-AE00-C499B6DD4D07
# network-intrusion-detector
A Python tool that analyses web server access logs and flags suspicious activity. It looks for patterns that typically indicate an attack or someone probing the network.
I built this after going through some cybersecurity material on common attack vectors and wanted to see if I could detect them from raw log data.
## What it detects
- Brute force / repeated authentication failures from the same IP
- Reconnaissance โ IPs making an unusually high number of requests
- Known attack tools in the user agent string (sqlmap, Nikto, Nmap, Hydra, etc.)
- SQL injection attempts in request paths
- Directory traversal attempts (`../`, `etc/passwd`, etc.)
- Access attempts to sensitive ports and services
## How to run
No external libraries needed.
```
python detector.py
```
Press Enter to use the default log file (`access.log`), or provide a path to your own. If no log file exists it generates a sample one so you can see the output straight away.
## Log format
Expects standard Apache/Nginx combined log format:
```
IP - - [timestamp] "METHOD /path HTTP/1.x" status bytes "referrer" "user-agent"
```
## Output
Results print to the terminal and are saved to `intrusion_report.txt`. Each section covers a different threat category with the source IPs and details.
## Thresholds
You can adjust detection sensitivity at the top of the script:
```python
BRUTE_FORCE_THRESHOLD = 5
RECON_THRESHOLD = 20
```
## Author
Onah Joshua โ [GitHub](https://github.com/chibs3529)