Closed phryk closed 6 years ago
Thanks for the heads up on this. I can certainly add them. BTW, do you have a few sample user agent lines for all of them?
Nmap: "Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)" sqlmap: "sqlmap/1.2.3#pip (http://sqlmap.org)" Jorgee: "Mozilla/5.0 Jorgee"
Only got one of each. I'm not exactly running a huge site. :)
Thanks. This has been added. It will be pushed in the upcoming release. You can always build from development if needed.
Heya, really like goaccess, but a few (at times rather aggressive) bots/crawlers that goaccess doesn't know skew statistics for me when using --ignore-crawlers.
The three main offenders I have noticed are identifiable by containing the strings "Nmap", "sqlmap" and "Jorgee", respectively.
As these are dual-use tools usable for (preparation of) attacks, maybe they shouldn't even get into the "crawlers" category but deserve their own "potential attacker" category.
PS: I noticed goaccess knows about Mastodon, good on you for that. :)