Auditing NT and UNIX Webserver Logfiles

From: Cdowns (cdownsat_private)
Date: Tue Oct 30 2001 - 18:56:41 PST

  • Next message: Guile cool: "Ipv6 Port scanner - Ipv6 DoS by Guilecool and Nyo - The ImperialS"

    Good Evening,
        Ive written a Perl script called Riplog-v4.pl which will check for a
    slew of known http based exploits in your logfiles and report back with
    a dump.out file while printing requests to the local term. What makes
    this program nice is that it will mount the smb C$ share and check your
    NT webserver logfiles, which could be run by a little cron job nightly
    off a network bsd / linux box, You also can check a local set of
    Logfiles by issueing the argument in the command line. The
    vulnerabilties are defined inside the local array which can be modified.
    Add or Remove exploit strings from it.
    
        I hope you find this tool useful. If you have any questions please
    feel free to email me at cdownsat_private
    
    http://www.nhinfosec.com/dsbelile/downloads/security/riplog-v4.pl
    http://cdowns.angrypacket.com
    
    ->under 'Monitoring Logfiles on an NT Server'
    
    Enjoy ~!
    
        Sincerely,
            ~>D
    
    
    



    This archive was generated by hypermail 2b30 : Fri Nov 02 2001 - 10:13:35 PST