From 2e4252500dd11b3bc42de306d2a09f891f4860e7 Mon Sep 17 00:00:00 2001 From: Emile Date: Thu, 14 Feb 2019 15:45:09 +0100 Subject: added a basic analyzer and a readme --- analyze.py | 147 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 147 insertions(+) create mode 100644 analyze.py (limited to 'analyze.py') diff --git a/analyze.py b/analyze.py new file mode 100644 index 0000000..9d151c0 --- /dev/null +++ b/analyze.py @@ -0,0 +1,147 @@ +#!/usr/bin/env python3 +import matplotlib.pyplot as plt +import re +import operator +import sys + +username_metrics = {} +ip_metrics = {} +port_metrics = {} +password_metrics = {} + +counter = 0 + +with open("password_list.txt", "a") as passwordfile: + with open(sys.argv[1]) as data: + content = data.readlines() + + for line in content[3:]: + username_ip_port_password = line[43:] + + # Get the username, print it and add it into the username_metrics dict + + username = username_ip_port_password.split("@")[0] + + if username in username_metrics: + username_metrics[username] += 1 + else: + username_metrics[username] = 1 + + # Get the ip, print it and add it into the ip_metrics dict + + ip_port_password = username_ip_port_password.strip(username + "@") + ip = ip_port_password.split(":")[0] + + if ip in ip_metrics: + ip_metrics[ip] += 1 + else: + ip_metrics[ip] = 1 + + # Get the port, print it and add it into the port_metrics dict + + port = ip_port_password.split(":")[1] + + if port in port_metrics: + port_metrics[port] += 1 + else: + port_metrics[port] = 1 + + # Get the password, print it and add it into the password_metrics dict + + password = ip_port_password.strip(ip + ":" + port + ": ").split("\'")[1] + + if password in password_metrics: + password_metrics[password] += 1 + else: + password_metrics[password] = 1 + + # append the password to the passwordfile + passwordfile.write(password + "\n") + + counter += 1 + +print("Amount of hits processed: " + str(counter)) + +plt.tight_layout() + +# plot the most used usernames +print("-----------------") +print("Most tried usernames:") +sorted_username_metrics = sorted(username_metrics.items(), key=operator.itemgetter(1)) + +username = [] +username_count = [] + +for item in sorted_username_metrics[-20:]: + print("{:<20}{:<10}".format(item[0], item[1])) + username.append(item[0]) + username_count.append(item[1]) + +plt.bar(username, username_count) +plt.title("usernames") +plt.xlabel('username used to login') +plt.xticks(rotation=90) +plt.ylabel('amount of attempts') +plt.savefig("usernames.png", dpi=400, orientation="landscape") +plt.clf() + +# plot the most used passwords +print("-----------------") +print("Most tried passwords:") +sorted_password_metrics = sorted(password_metrics.items(), key=operator.itemgetter(1)) +password = [] +password_count = [] + +for item in sorted_password_metrics[-15:]: + print("{:<20}{:<10}".format(item[0], item[1])) + password.append(item[0]) + password_count.append(item[1]) + +plt.bar(password, password_count) +plt.title("passwords") +plt.xlabel('passwords used to login') +plt.xticks(rotation=90) +plt.ylabel('amount of attempts') +plt.savefig("passwords.png", dpi=400, orientation='landscape') +plt.clf() + +# plot the most frequent ips +print("-----------------") +print("Most frequent ips:") +sorted_ip_metrics = sorted(ip_metrics.items(), key=operator.itemgetter(1)) +ip = [] +ip_count = [] + +for item in sorted_ip_metrics[-15:]: + print("{:<20}{:<10}".format(item[0], item[1])) + ip.append(item[0]) + ip_count.append(item[1]) + + +plt.bar(ip, ip_count) +plt.title("ips") +plt.xlabel('ip used to login') +plt.xticks(rotation=90) +plt.ylabel('amount of attempts') +plt.savefig("ip.png", dpi=400, orientation='landscape') +plt.clf() + +# plot the most frequent ports +print("-----------------") +print("Most frequent ports:") +sorted_port_metrics = sorted(port_metrics.items(), key=operator.itemgetter(1)) +port = [] +port_count = [] + +for item in sorted_port_metrics[-15:]: + print("{:<20}{:<10}".format(item[0], item[1])) + port.append(item[0]) + port_count.append(item[1]) + +plt.bar(port, port_count) +plt.title("ports") +plt.xlabel('port used to login') +plt.xticks(rotation=90) +plt.ylabel('amount of attempts') +plt.savefig("port.png", dpi=400, orientation='landscape') +plt.clf() -- cgit 1.4.1