search

allinurl / goaccess

GoAccess is a real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.
https://goaccess.io
MIT License
18.41k stars 1.11k forks source link

Nmap, sqlmap and Jorgee missing from browsers.c #1221

Closed phryk closed 6 years ago

phryk commented 6 years ago

Heya, really like goaccess, but a few (at times rather aggressive) bots/crawlers that goaccess doesn't know skew statistics for me when using --ignore-crawlers.

The three main offenders I have noticed are identifiable by containing the strings "Nmap", "sqlmap" and "Jorgee", respectively.

As these are dual-use tools usable for (preparation of) attacks, maybe they shouldn't even get into the "crawlers" category but deserve their own "potential attacker" category.

PS: I noticed goaccess knows about Mastodon, good on you for that. :)

allinurl commented 6 years ago

Thanks for the heads up on this. I can certainly add them. BTW, do you have a few sample user agent lines for all of them?

phryk commented 6 years ago

Nmap: "Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)" sqlmap: "sqlmap/1.2.3#pip (http://sqlmap.org)" Jorgee: "Mozilla/5.0 Jorgee"

Only got one of each. I'm not exactly running a huge site. :)

allinurl commented 6 years ago

Thanks. This has been added. It will be pushed in the upcoming release. You can always build from development if needed.