## https://sploitus.com/exploit?id=4ABFEAAD-9BA8-5C3E-B9DA-AD82B84C6CAA
# log_analyzer
A streaming access-log analyzer that detects classic web-pentest artifacts
and turns them into actionable output: structured JSON alerts, a Markdown
incident report, and a ready-to-run `ufw` mitigation script.
## What it catches
| Category | Logic |
|---|---|
| Directory Traversal / LFI | Regex on decoded path: `../../`, `/etc/passwd`, `php://filter`, etc. |
| SQL Injection | Regex: `' OR 1=1`, `--`, `UNION SELECT`, `SLEEP()`, `information_schema` |
| XSS | Regex: ``). The parser anchors on the
trailing `HTTP/x.x` token instead, so the full payload survives intact
for regex matching.
## Extending it
- Add a new attack signature: add a pattern under `detection:` in
`config.yaml` โ no code change needed.
- Add a new scanner signature: append to
`user_agent_classification.scanners`.
- Add a new sensitive directory to watch for brute-forcing: append to
`bruteforce.sensitive_dirs`.
- Tighten/loosen brute-force or credential-stuffing sensitivity: edit
`window_seconds` / `threshold_404` / `threshold_401`.
- Change the mitigation command (e.g. to `iptables` or a cloud WAF API
call instead of `ufw`): edit `mitigation.command_template`.
## Files
- `log_analyzer.py` โ the engine (parsing, detection, reporting, CLI)
- `config.yaml` โ externalized regex/thresholds/whitelist
- `sample_access.log` โ mock log with one example of every detection
category mixed into benign traffic, plus a few malformed lines, so you
can run the tool immediately without a real server log