Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Apache Log Extractor [Alpha]

4 Comments Posted by on July 27, 2011

Just a quick post to give some info on a PoC script I threw together for extracting information from Apache Access logs.

Apache Log Extractor is a quick script to export URL information from Apache access logs. The thought behind this script was to provide a list of known URL’s on a remote server by analysing the logs. This list could then be used as the input for further testing tools (e.g Burp Suite – Intruder)

The script accepts an Apache access file as the input and creates an output file containing one URL per line. The list is unique and should only contain the URL without parameters (incomplete directory names are not extracted). It also takes these URLs and creates a wordlist output of all valid directoy names for use with brute-forcing etc…

Update: I’ve added support for extracting basic auth usernames as of version 0.4

Usage example .:

./apache_log_extractor.py access.log.1


Output Example .:

[ ] Extracting URLs from logfile : access.log.1

 [ ] Extracted URL :  /
 [ ] Extracted URL :  /Signed_Update.jar
 [ ] Extracted URL :  /ajax/bottomnavinfo.ashx
 [ ] Extracted URL :  /MetaAdServer/MAS.aspx?cp=seite1&ct=contentview_ressort&f=0
 [ ] Extracted URL :  /favicon.ico
 [ ] Extracted URL :  /EB3YKJjcJ5YvJ
 [ ] Extracted URL :  /MetaAdServer/MAS.aspx?cp=seite1&ct=contentview_ressort&f=1
 [ ] Extracted URL :  /AdServer/SponsorButtonC.aspx?ids=16965
 [ ] Extracted URL :  /Mail
 [ ] Extracted URL :  /css/layout.css

[ ] Extracting directory names from logfile

 [ ] Extracted Word :  ajax
 [ ] Extracted Word :  MetaAdServer
 [ ] Extracted Word :  AdServer
 [ ] Extracted Word :  css
 [ ] Extracted Word :  mail

You can find a download link for the Apache Log Extractor Python script through the links below.

Feedback is always gratefully received…

LINKS:

Advertisement
Penetration Test, Security ,

4 Responses to Apache Log Extractor [Alpha]

  1. Robin July 27, 2011 at 13:30

    What about pulling out referrers as well? May as well while you are at it.

  2. ChrisJohnRiley July 27, 2011 at 15:32

    It’s a thought…. was going to maybe look at the user agent strings too ;)

    Added support for extracting basic auth usernames in 0.4

  3. Robin July 27, 2011 at 15:39

    If you pull out the time and date it happened and the response code you could probably create a set of Apache logs :)

  4. ChrisJohnRiley July 27, 2011 at 15:46

    OMG… you’re so right…

    I could just open the logfile…. and print out each line to the screen, Maybe throw some colours in for good measure ;)

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.