mirror of
https://github.com/The-Art-of-Hacking/h4cker
synced 2024-11-21 18:33:03 +00:00
Create find_malicious_ip.py
This commit is contained in:
parent
eb02e336c2
commit
90aac169a6
1 changed files with 23 additions and 0 deletions
23
threat_hunting/find_malicious_ip.py
Normal file
23
threat_hunting/find_malicious_ip.py
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
import re
|
||||||
|
|
||||||
|
# Define a list of known malicious IPs
|
||||||
|
malicious_ips = ['192.168.1.10', '10.0.0.5']
|
||||||
|
|
||||||
|
# Function to search through a log file
|
||||||
|
def search_log(file_path):
|
||||||
|
with open(file_path, 'r') as file:
|
||||||
|
logs = file.readlines()
|
||||||
|
|
||||||
|
for log in logs:
|
||||||
|
# Extract IP using regex (assuming a standard Apache log format)
|
||||||
|
ip = re.findall(r'\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b', log)
|
||||||
|
|
||||||
|
# Check if the IP exists in the malicious IPs list
|
||||||
|
if ip and ip[0] in malicious_ips:
|
||||||
|
print(f"Potential threat found! IP address {ip[0]} found in log.")
|
||||||
|
|
||||||
|
# Path to the log file
|
||||||
|
log_file_path = 'path/to/your/logfile.log'
|
||||||
|
|
||||||
|
# Start the search
|
||||||
|
search_log(log_file_path)
|
Loading…
Reference in a new issue