A python based security analyse tool that can find various injection payloads from web server and application logs
The blog : https://blog.csdn.net/qq_29277155/article/details/107236416
The tool can be used to find various web injection payloads from any webserver logs when fed into its input,welcome to add or improve more accurate payloads.
- SQL Injection
- Cross-Site-Scripting
- sensitive file download
- LDAP Injection
- Directory Traversal
- Command Injection
- XPATH Injection
- CRLF Injection
- Abnormal HTTP request
- local File Inclusion
- web vulnerable scanner
- zero day vulnerable
- webshell invasion detection
- sudo yum install python3.
- python wlaa.py or ./wlaw on linux or wlaw.exe on windows.
- type the path where your web access log file locates.
- do web-log-attack-analysis and wait for the result.
- see top 100 of the most frequently attack IP address. 2)Search the Payloads to locate,here are some tips for find the location. 3)Windows: Ctrl+ F,type:SQL injection to locate more details, where it's attacked. 4)Linux: more report-202101221717-07895239.txt| grep SQL injection.
The most frequently attack IP address and attack Count are:
[('10.10.4.88', 2919), ('10.20.4.88', 8), ('10.10.4.80', 2), ('10.20.4.89', 1), ('10.10.4.87', 1)]
**** Summary of Inspection ****
The Report name: report-202105281155.txt
The file directory: E:\code\web-log-attack-analysis
Number of SQL injection Payloads Found: 358