shell反爬虫脚本手动版,分析web日志找出访问量异常高的IP。
kickleech手动版
wget -O kickleech_manual.sh https://gitee.com/c1g/kickleech/raw/master/kickleech/kickleech_manual.sh
chmod +x ./kickleech_manual.sh
#脚本会自动创建临时目录和日志目录,也可以手动创建
mkdir -p /opt/nginx/logs/
mkdir ./log./kickleech_manual.sh
Example: ./kickleech_manual.sh -f /var/log/nginx/access.log -n 500000 -t 1000 -c 3000 -m 100 -s -i
OPTION:
-f apache log file,default=/var/log/nginx/access.log
-n output the last K lines {full|500000},default=full
-t threshold for the number of requests from same IP address,default=1000
-c threshold for the number of requests from same class C IP address,default=3000
-m show number of IP,default=100
-s show IP allow list
-i show IP location
-v show this information
RESULT:
IP Count: ./log/kickleech_manual_ip_count.log
Class C IP Count: ./log/kickleech_manual_ipc_count.log
IP Detail: ./log/kickleech_manual_ip_info.log
IP Result: ./log/kickleech_manual_ip_bad.log
也可以直接编辑脚本将常用参数写在变量里。
./kickleech_manual.sh -f /var/log/nginx/bbs.c1gstudio.com.log -n 50000 -t 100 -c 300 -m 100 -s -i
=====start:20230706 18:04:46=====
LOAD nginx safe ip
SAFE IP:
127.0.0.1/32 192.168.0.0/24
LINE number:50000
364 64.62.252.163
241 173.208.200.2
139 182.148.222.121
115 110.188.45.251
101 183.146.253.6
KICKLEECH BAD 64.62.252.163
KICKLEECH BAD 173.208.200.2
KICKLEECH BAD 182.148.222.121
KICKLEECH BAD 110.188.45.251
KICKLEECH BAD 183.146.253.6
skip reload nginx!
=====end:20230706 18:04:50=====
cat log/kickleech_manual_ip_info.log
get head line:
220.185.30.0 – – [27/Jun/2023:13:08:06 +0800] “GET /forum.php?mod=forumdisplay&fid=56&filter=digest&digest=1&typeid=25&specialtype=trade&orderby=views HTTP/1.1” 200 7925 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.873.3 Safari/537.36”
364 64.62.252.163
get status layout:5
364 200
get page layout:7
199 /space
125 /thread
40 /forum.php?mod=forumdisplay
get sample:3
64.62.252.163 – – [27/Jun/2023:13:08:16 +0800] “GET /space-uid-735.html HTTP/1.1” 200 4182 “-” “The Knowledge AI” 64.62.252.163 – – [27/Jun/2023:13:08:16 +0800] “GET /space-username-a.html HTTP/1.1” 200 4203 “-” “The Knowledge AI” 64.62.252.163 – – [27/Jun/2023:13:08:17 +0800] “GET /thread-935-1-1.html HTTP/1.1” 200 4959 “-” “The Knowledge AI” get host:
Host 163.252.62.64.in-addr.arpa. not found: 3(NXDOMAIN)
get ip location:
{“ip”:”64.62.252.163″,”beginip”:”64.62.244.152″,”endip”:”64.62.255.255″,”country”:”美国”,”area”:”加利福尼亚州弗里蒙特市Hurricane Electric公司”}
241 173.208.200.2
get status layout:5
241 200
get page layout:7
91 /forum.php?mod=forumdisplay
38 /connect.php?mod=login
6 /forum.php?mod=viewthread
3 /forum.php?mod=post
1 /forum.php?mod=redirect
get sample:3
173.208.200.2 – – [27/Jun/2023:13:09:32 +0800] “GET /forum.php?mod=forumdisplay&fid=94&orderby=lastpost HTTP/1.1” 200 7989 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2545.102 Safari/537.36”
173.208.200.2 – – [27/Jun/2023:13:09:34 +0800] “GET /forum.php?mod=forumdisplay&fid=34&filter=author HTTP/1.1” 200 8210 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.1717.77 Safari/537.36”
173.208.200.2 – – [27/Jun/2023:13:09:35 +0800] “GET /forum.php?mod=forumdisplay&fid=39&filter=author HTTP/1.1” 200 8250 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.1349.50 Safari/537.36”
get host:
2.200.208.173.in-addr.arpa domain name pointer smtp101.florybeauty.com.
get ip location:
{“ip”:”173.208.200.2″,”beginip”:”173.208.128.0″,”endip”:”173.208.255.255″,”country”:”美国”,”area”:”密苏里州堪萨斯城WholeSale互联网股份有限公司”}
.
├── kickleech_manual.sh
├── kickleechsafeip.conf
└── log├── kickleech_manual_ip_bad.log
├── kickleech_manual_ipc_count.log
├── kickleech_manual_ip_count.log
├── kickleech_manual_ip_info.log
└── kickleech_manual_log_2023.log
The post 存货重新发布shell反爬虫脚本手动版 first appeared on C1G军火库.