Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Tag Archives: Apache Logs

Apache Log Extractor [Alpha]

Just a quick post to give some info on a PoC script I threw together for extracting information from Apache Access logs.

Apache Log Extractor is a quick script to export URL information from Apache access logs. The thought behind this script was to provide a list of known URL’s on a remote server by analysing the logs. This list could then be used as the input for further testing tools (e.g Burp Suite – Intruder)

The script accepts an Apache access file as the input and creates an output file containing one URL per line. The list is unique and should only contain the URL without parameters (incomplete directory names are not extracted). It also takes these URLs and creates a wordlist output of all valid directoy names for use with brute-forcing etc…

Update: I’ve added support for extracting basic auth usernames as of version 0.4

Usage example .:

./apache_log_extractor.py access.log.1


Output Example .:

[ ] Extracting URLs from logfile : access.log.1

 [ ] Extracted URL :  /
 [ ] Extracted URL :  /Signed_Update.jar
 [ ] Extracted URL :  /ajax/bottomnavinfo.ashx
 [ ] Extracted URL :  /MetaAdServer/MAS.aspx?cp=seite1&ct=contentview_ressort&f=0
 [ ] Extracted URL :  /favicon.ico
 [ ] Extracted URL :  /EB3YKJjcJ5YvJ
 [ ] Extracted URL :  /MetaAdServer/MAS.aspx?cp=seite1&ct=contentview_ressort&f=1
 [ ] Extracted URL :  /AdServer/SponsorButtonC.aspx?ids=16965
 [ ] Extracted URL :  /Mail
 [ ] Extracted URL :  /css/layout.css

[ ] Extracting directory names from logfile

 [ ] Extracted Word :  ajax
 [ ] Extracted Word :  MetaAdServer
 [ ] Extracted Word :  AdServer
 [ ] Extracted Word :  css
 [ ] Extracted Word :  mail

You can find a download link for the Apache Log Extractor Python script through the links below.

Feedback is always gratefully received…

LINKS:

Advertisements