Tools: Scalp - Apache log analyzer for security
Romain Gaucher posted the following email to The Web Security Mailing List today announcing a handy tool he authored.
"I remember reading here a couple of emails about how to analyze the
apache log in order to look for potential attacks.
Since I needed to do exactly the same few times ago, I did a simple
python script that does this using PHP-IDS' regular expression.
So you can find it here:
http://code.google.com/p/apache-scalp/
It includes a couple of options in order to accelerate the scan of the
files, such as specifying the time frame, the type of attack etc. It
produces basic output (HTML, XML or TEXT)."
loool the tool detects this "/application/view.php?appli=189%20union%20select%20all%20from%20utilisateurs%20--" as an XSS attack... seriously!!
Posted by: Anonymous | Jul 2, 2010 1:59:31 AM