StatLog v0.1 - exploiting publicly accessible Apache mod_status pages
Description: StatLog continuously queries a target Apache server with mod_status enabled gaining information about the clients connecting, which vhost they're using, and what URL they are attempting to access. This can be used to discover hidden admin/debug portals, ongoing attacks in remote sites, botnet C&C, sessionIDs in URLs, and some other fun tricks.
Author: Matt Howard (themdhoward[at]gmail[dot]com)
Features: -internal client detection - RFC 1918 address space checks -"neighbor" client detection -- looks up CIDR for their netblock, matches clients -catch mode - feed a link to a victim from the vulnerable site, log their IP based on the string given -log all the things -- easily grep'able format.
Usage: python status.py -t [target domain] (-d --debug) (-r --reverse-lookup) (-c [catch string] --catch)
- Press Ctrl+C to save results to ./status_log Todo: -threads! -regex apply to requests (Search for /admin, /cgi-bin/myphpsecretsauce, etc) -better log format..