Squid Access Log analysis with simple python command
What is SquidMagic Master?
squidmagic is a tool which is designed to analyze a web-based network traffic to detect central command and control (C&C) servers and Malicious site, using Squid proxy server and Spamhaus.
Who is Spamhaus?
The Spamhaus Project is an international nonprofit organization that tracks spam and related cyber threats such as phishing, malware and botnets, provides realtime actionable and highly accurate threat intelligence to the Internet’s major networks, corporations and security vendors, and works with law enforcement agencies to identify and pursue spam and malware sources worldwid
You Could get many post regarding squid log analyse in a sort way which are not in depth, However, while you are doing in practice scenario, i’m sure you would get many error to run a tool.
sh, termcolor, configparser, pyzmq.
So here is the step by step configuration.
Install Python 3.6 from PPA
Install the following requirements.
apt-get install software-properties-common python-software-properties
sudo add-apt-repository ppa:jonathonf/python-3.6
sudo apt-get update
sudo apt-get install python3.6
# python3 -V
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.5 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.6 2
sudo update-alternatives --config python3
sudo apt-get install python-zmq
pip install sh
sudo apt-get install python-pip
pip install termcolor
sudo pip install configparser
python squidmagic.py /path of your access.log
_ _ _ (_) | | (_) ___ __ _ _ _ _ __| |_ __ ___ __ _ __ _ _ ___ / __|/ _` | | | | |/ _` | '_ ` _ \ / _` |/ _` | |/ __| \__ \ (_| | |_| | | (_| | | | | | | (_| | (_| | | (__ |___/\__, |\__,_|_|\__,_|_| |_| |_|\__,_|\__, |_|\___| | | __/ | |_| |___/ Analyzing... Analyzing by SBL Advisory... Spam server detected, ip is 184.108.40.206 Analyzing by SBL_CSS Advisory... safe server detected, host or ip is 220.127.116.11 Analyzing by PBL Advisory... safe server detected, host or ip is 18.104.22.168