Create squid-analysis-report-generator.yaml

2021-05-06 21:54:27 +00:00 · 2021-05-06 21:54:27 +00:00 · ed6ab66037
parent 8e09dc3061
commit ed6ab66037
1 changed files with 33 additions and 0 deletions
--- a/exposures/logs/squid-analysis-report-generator.yaml
+++ b/exposures/logs/squid-analysis-report-generator.yaml
@ -0,0 +1,33 @@
+id: squid-analysis-report-generator
+info:
+  name: Squid Analysis Report Generator
+  author: geeknik
+  description: SARG is an open source tool that allows you to analyse the squid log files and generates beautiful reports in HTML format with informations about users, IP addresses, top accessed sites, total bandwidth usage, elapsed time, downloads, access denied websites, daily reports, weekly reports and monthly reports.
+  reference: https://sourceforge.net/projects/sarg/
+  severity: high
+  tags: sarg,exposure,logs
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "Squid User Access Report"
+          - "Squid User's Access Report"
+        condition: or
+      - type: word
+        part: body
+        words:
+          - "<td>Daily reports"
+          - "FILE/PERIOD"
+        condition: or
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - sarg-[0-99].[0-99].[0-99]