This project hosts a short python script I used for analysing the Zeek logs provided for the Objective 12 of KringleCon II of the SANS Holiday Hack Challenge in 2019.
Zeek logs to download: https://downloads.elfu.org/http.log.gz
SRF website: srf.elfu.org
- SQLi: username OR uri OR user_agent contains " ' "
- XSSL: uri OR host contains "<"
- LFI: uri contains "pass"
- Shell: user_agent contains ":;" or "};"
python3 parse_logs.py
This will output a bunch of IP addresses separated by comma, which can be pasted directly into the FW input field for creating a DENY.