ap_log
183.57.50.20 - - [02/Jun/2019:00:13:39 +0800] "GET /wp-login.php?reauth=1&redirect_to=http://129.28.164.99/wp-admin/ HTTP/1.1" 500 242 "simba_test_post" "http://129.28.164.99@10.229.131.15/ssrf/im.png?dXJpPTEyOS4yOC4xNjQuOTk6ODAvd3AtbG9naW4ucGhwJmtleT1VQSZtZXRob2Q9R0VU"
183.57.50.20 - - [02/Jun/2019:00:13:39 +0800] "GET /wp-login.php?reauth=1&redirect_to=http://129.28.164.99/wp-admin/ HTTP/1.1" 500 242 "simba_test_post" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.27 Safari/537.36 TST(Tencent_Security_Team) f0fc"
183.57.50.20 - - [02/Jun/2019:00:13:39 +0800] "GET /wp-login.php?redirect_to=http://129.28.164.99/wp-admin/&reauth=10.229.131.15/302_redirect.php?url=http://10.229.131.15/Tst_SsrF.html%252f@http://129.28.164.99 HTTP/1.1" 500 242 "simba_test_post" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.27 Safari/537.36 TST(Tencent_Security_Team) f0fc"
183.57.50.20 - - [02/Jun/2019:00:13:39 +0800] "GET /wp-login.php?reauth=1&redirect_to=http://129.28.164.99/wp-admin/ HTTP/1.1" 500 242 "simba_test_post" "Mozilla%2F5.0%20%28Windows%20NT%206.1%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F33.0.1750.27%20Safari%2F537.36%20TST%28Tencent_Security_Team%29tstc.mauu.org%2Fssrf.jpg%3F%25252f%40http%3A%2F%2F129.28.164.99dXJpPTEyOS4yOC4xNjQuOTk6ODAvd3AtbG9naW4ucGhwJmtleT1VQSZtZXRob2Q9R0VU"
183.57.50.20 - - [02/Jun/2019:00:13:39 +0800] "GET /wp-login.php?reauth=1&redirect_to=http://129.28.164.99/wp-admin/ HTTP/1.1" 500 242 "simba_test_posthttp://129.28.164.99@10.229.131.15/ssrf/ssrf.ico?dXJpPTEyOS4yOC4xNjQuOTk6ODAvd3AtbG9naW4ucGhwJmtleT1SRUZFUiZtZXRob2Q9R0VU" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.27 Safari/537.36 TST(Tencent_Security_Team) f0fc"
183.57.50.20 - - [02/Jun/2019:00:13:39 +0800] "GET /wp-login.php?redirect_to=http://129.28.164.99/wp-admin/&reauth=1'"><script%20src="http://t.cn/RUD5JLn"></script> HTTP/1.1" 500 242 "simba_test_post" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.27 Safari/537.36 TST(Tencent_Security_Team) f0fc"
183.57.50.20 - - [02/Jun/2019:00:13:39 +0800] "POST /wp-login.php?reauth=1&redirect_to=http://129.28.164.99/wp-admin/ HTTP/1.1" 500 242 "simba_test_post" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.27 Safari/537.36 TST(Tencent_Security_Team)"
183.57.50.20 - - [02/Jun/2019:00:13:39 +0800] "GET /wp-login.php?redirect_to=http://129.28.164.99/wp-admin/http://129.28.164.99@10.229.131.15/ssrf/im.png?dXJpPTEyOS4yOC4xNjQuOTk6ODAvd3AtbG9naW4ucGhwJmtleT1yZWRpcmVjdF90byZtZXRob2Q9R0VU&reauth=1 HTTP/1.1" 500 242 "simba_test_post" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.27 Safari/537.36 TST(Tencent_Security_Team) f0fc"
...
统计IP
awk '{a[$1]++} END{for(i in a){print i,a[i]}}' log/httpd/ap_log
104.155.225.86 1
192.223.66.146 1
80.234.101.86 1
183.57.54.45 4
139.162.119.197 1
113.44.220.184 255
162.243.149.151 1
14.17.21.58 3
排序 第二行 数字 倒序
参数: -t 指定分隔符 -k 指定列 -g 按照常规数值排序 -n 根据字符串数值比较
awk '{a[$1]++} END{for(i in a){print i,a[i]}}' log/httpd/ap_log | sort -k2 -n -r
183.57.50.20 18055
111.47.24.69 703
113.46.241.111 469
113.44.220.184 255
127.0.0.1 223
123.151.144.38 52
117.184.250.100 30
取前10行
awk '{a[$1]++} END{for(i in a){print i,a[i]}}' log/httpd/ap_log | sort -k2 -n -r |head -10
183.57.50.20 18055
111.47.24.69 703
113.46.241.111 469
113.44.220.184 255
127.0.0.1 223
123.151.144.38 52
117.184.250.100 30
183.57.53.51 26
61.151.206.221 20
180.163.220.4 20
网友评论