/usr/share/httpry/plugins/search_terms.pm is in httpry-tools 0.1.7-3.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 | #
# ----------------------------------------------------
# httpry - HTTP logging and information retrieval tool
# ----------------------------------------------------
#
# Copyright (c) 2005-2012 Jason Bittel <jason.bittel@gmail.com>
#
package search_terms;
use warnings;
# -----------------------------------------------------------------------------
# GLOBAL VARIABLES
# -----------------------------------------------------------------------------
my %search_terms = ();
my $num_terms = 0;
my $num_queries = 0;
# -----------------------------------------------------------------------------
# Plugin core
# -----------------------------------------------------------------------------
main::register_plugin();
sub new {
return bless {};
}
sub init {
my $self = shift;
my $cfg_dir = shift;
_load_config($cfg_dir);
return;
}
sub list {
return qw(direction host request-uri source-ip);
}
sub main {
my $self = shift;
my $record = shift;
my $search_term;
my $domain;
my $name;
my $pattern;
return unless $record->{"direction"} eq '>';
# These results can end up being a little messy, but it seems
# most useful to simply dump out all search terms and let the user
# sift through what they deem interesting
foreach $domain (keys %domains) {
if (rindex($record->{"host"}, $domain) > -1) {
$name = $domains{$domain};
return unless $record->{"request-uri"} =~ /[\?\&]$name=([^\&]+)/;
$search_term = $1;
last;
}
}
return unless $search_term;
# Decode hex characters in the search term
$search_term =~ s/%(?:25)+/%/g;
$search_term =~ s/%(?:0A|0D)/\./ig;
$search_term =~ s/%([a-fA-F0-9][a-fA-F0-9])/chr(hex($1))/eg;
# Clean up spaces in search term
$search_term =~ s/\+/ /g;
$search_term =~ s/^\s+//;
$search_term =~ s/\s+$//;
$search_term =~ s/\s+/ /g;
# Apply rules to ignore unwanted hits
foreach $domain (keys %ignore) {
if (rindex($record->{"host"}, $domain) > -1) {
foreach $pattern (@{ $ignore{$domain} }) {
return if $search_term =~ /$pattern/;
}
}
}
$search_terms{$record->{"source-ip"}}->{$record->{"host"}}->{$search_term}++;
# Count the number of terms in the query, treating quoted strings as a single term
$num_terms += ($search_term =~ s/\".*?\"//g);
$search_term =~ s/^\s+//; # Strip leading/trailing spaces potentially introduced above
$search_term =~ s/\s+$//; # ...
$num_terms += ($search_term =~ s/\s+//g);
$num_terms++ if ($search_term);
$num_queries++;
return;
}
sub end {
_write_output_file();
return;
}
# -----------------------------------------------------------------------------
# Load config file and check for required options
# -----------------------------------------------------------------------------
sub _load_config {
my $cfg_dir = shift;
# Load config file; by default in same directory as plugin
if (-e "$cfg_dir/" . __PACKAGE__ . ".cfg") {
require "$cfg_dir/" . __PACKAGE__ . ".cfg";
} else {
die "Error: No config file found\n";
}
# Check for required options and combinations
if (!$output_file) {
die "No output file provided\n";
}
return;
}
# -----------------------------------------------------------------------------
# Write collected information to specified output file
# -----------------------------------------------------------------------------
sub _write_output_file {
my $ip;
my $hostname;
my $term;
open OUTFILE, ">$output_file" or die "Cannot open $output_file: $!\n";
print OUTFILE "\n\nSEARCH TERMS SUMMARY\n\n";
print OUTFILE "Generated: " . localtime() . "\n";
if ((keys %search_terms) == 0) {
print OUTFILE "\n\n*** No search terms found\n";
close OUTFILE or die "Cannot close $output_file: $!\n";
return;
}
print OUTFILE "Terms: $num_terms\n";
print OUTFILE "Queries: $num_queries\n";
print OUTFILE "Avg terms/query: " . sprintf("%.1f", ($num_terms / $num_queries)) . "\n\n\n";
foreach $ip (sort keys %search_terms) {
print OUTFILE "$ip\n";
foreach $hostname (keys %{ $search_terms{$ip} }) {
print OUTFILE "\t$hostname\n";
foreach $term (sort keys %{ $search_terms{$ip}->{$hostname} }) {
print OUTFILE "\t\t$search_terms{$ip}->{$hostname}->{$term}\t$term\n";
}
print OUTFILE "\n";
}
}
close OUTFILE or die "Cannot close $output_file: $!\n";
return;
}
1;
|