squidmagic – Analyze a Web-Based Network Traffic to Detect Central Command and Control (C&C) Servers and Malicious Site

squidmagic is a tool designed to analyze a web-based network traffic to detect central command and control (C&C) servers and Malicious site, using Squid proxy server and Spamhaus.

usage

squidmagic # python squidmagic.py /var/log/squid3/access.log

_ _ _
(_) | | (_)
___ __ _ _ _ _ __| |_ __ ___ __ _ __ _ _ ___
/ __|/ _` | | | | |/ _` | '_ ` _ \ / _` |/ _` | |/ __|
\__ \ (_| | |_| | | (_| | | | | | | (_| | (_| | | (__
|___/\__, |\__,_|_|\__,_|_| |_| |_|\__,_|\__, |_|\___|
| | __/ |
|_| |___/
Analyzing...

Analyzing by SBL Advisory...
Spam server detected, ip is 65.182.101.221
Analyzing by SBL_CSS Advisory...
safe server detected, host or ip is 65.182.101.221
Analyzing by PBL Advisory...
safe server detected, host or ip is 65.182.101.221

Run server


<?php
namespace SquidApp\Core;

require dirname(__DIR__) . '/lib/vendor/autoload.php';

$banner = new \SquidApp\Squid();
$squidmagic = new FileSystem();

// output banner
echo $banner->bannerAction();

// Scans a directory for files
$squidmagic->scandirs('squidmagic/Collector path');

// Checks if file exists in certain location
$squidmagic->fileExists('Collector Path/server.php');

// run server
$squidmagic->openInBackground('Collector Path/lib/bin/');
squidmagic/lib # php squidmagic.php 


| |
___ __ _ _ _ _ __| |_ __ ___ __ _ __ _ _ ___
/ __|/ _` | | | | |/ _` | '_ ` _ \ / _` |/ _` | |/ __|
\__ \ (_| | |_| | | (_| | | | | | | (_| | (_| | | (__
|___/\__, |\__,_|_|\__,_|_| |_| |_|\__,_|\__, |_|\___|
| | __/ |
|_| |___/
squidmagic collector started

Be the first to comment on "squidmagic – Analyze a Web-Based Network Traffic to Detect Central Command and Control (C&C) Servers and Malicious Site"

Leave a comment

Your email address will not be published.


*