mirror of
https://github.com/The-Art-of-Hacking/h4cker
synced 2024-11-21 10:23:02 +00:00
Create find_malicious_ip.py
This commit is contained in:
parent
eb02e336c2
commit
90aac169a6
1 changed files with 23 additions and 0 deletions
23
threat_hunting/find_malicious_ip.py
Normal file
23
threat_hunting/find_malicious_ip.py
Normal file
|
@ -0,0 +1,23 @@
|
|||
import re
|
||||
|
||||
# Define a list of known malicious IPs
|
||||
malicious_ips = ['192.168.1.10', '10.0.0.5']
|
||||
|
||||
# Function to search through a log file
|
||||
def search_log(file_path):
|
||||
with open(file_path, 'r') as file:
|
||||
logs = file.readlines()
|
||||
|
||||
for log in logs:
|
||||
# Extract IP using regex (assuming a standard Apache log format)
|
||||
ip = re.findall(r'\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b', log)
|
||||
|
||||
# Check if the IP exists in the malicious IPs list
|
||||
if ip and ip[0] in malicious_ips:
|
||||
print(f"Potential threat found! IP address {ip[0]} found in log.")
|
||||
|
||||
# Path to the log file
|
||||
log_file_path = 'path/to/your/logfile.log'
|
||||
|
||||
# Start the search
|
||||
search_log(log_file_path)
|
Loading…
Reference in a new issue