Windows 10のWindows Subsystem for Linux(WSL)でKali Linuxをインストールして遊んでいます。
今回はkali-linux Metapackageをインストールしてapache2があるので、GoAccessをインストールしてみました。
GoAccess
https://goaccess.io/
What is it?
GoAccess is an open source real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.
パッケージがあったので簡単です。
1 2 3 4 5 6 7 |
rootlinks@Win10:~$ apt search goaccess Sorting... Done Full Text Search... Done goaccess/kali-rolling,now 1:1.2-3 amd64 [installed] log analyzer and interactive viewer for the Apache Webserver rootlinks@Win10:~$ sudo apt -y install goaccess |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 |
rootlinks@Win10:~$ goaccess -h GoAccess - 1.2 Usage: goaccess [filename] [ options ... ] [-c][-M][-H][-q][-d][...] The following options can also be supplied to the command: Log & Date Format Options --date-format=<dateformat> - Specify log date format. e.g., %d/%b/%Y --log-format=<logformat> - Specify log format. Inner quotes need to be escaped, or use single quotes. --time-format=<timeformat> - Specify log time format. e.g., %H:%M:%S User Interface Options -c --config-dialog - Prompt log/date/time configuration window. -i --hl-header - Color highlight active panel. -m --with-mouse - Enable mouse support on main dashboard. --color=<fg:bg[attrs, PANEL]> - Specify custom colors. See manpage for more details and options. --color-scheme=<1|2|3> - Schemes: 1 => Grey, 2 => Green, 3 => Monokai. --html-custom-css=<path.css> - Specify a custom CSS file in the HTML report. --html-custom-js=<path.js> - Specify a custom JS file in the HTML report. --html-prefs=<json_obj> - Set default HTML report preferences. --html-report-title=<title> - Set HTML report page title and header. --json-pretty-print - Format JSON output w/ tabs & newlines. --max-items - Maximum number of items to show per panel. See man page for limits. --no-color - Disable colored output. --no-column-names - Don't write column names in term output. --no-csv-summary - Disable summary metrics on the CSV output. --no-progress - Disable progress metrics. --no-tab-scroll - Disable scrolling through panels on TAB. --no-html-last-updated - Hide HTML last updated field. Server Options --addr=<addr> - Specify IP address to bind server to. --daemonize - Run as daemon (if --real-time-html enabled). --fifo-in=<path> - Path to read named pipe (FIFO). --fifo-out=<path> - Path to write named pipe (FIFO). --origin=<addr> - Ensure clients send the specified origin header upon the WebSocket handshake. --port=<port> - Specify the port to use. --real-time-html - Enable real-time HTML output. --ssl-cert=<cert.crt> - Path to TLS/SSL certificate. --ssl-key=<priv.key> - Path to TLS/SSL private key. --ws-url=<url> - URL to which the WebSocket server responds. File Options - - The log file to parse is read from stdin. -f --log-file=<filename> - Path to input log file. -l --debug-file=<filename> - Send all debug messages to the specified file. -p --config-file=<filename> - Custom configuration file. --invalid-requests=<filename> - Log invalid requests to the specified file. --no-global-config - Don't load global configuration file. Parse Options -a --agent-list - Enable a list of user-agents by host. -d --with-output-resolver - Enable IP resolver on HTML|JSON output. -e --exclude-ip=<IP> - Exclude one or multiple IPv4/6. Allows IP ranges e.g. 192.168.0.1-192.168.0.10 -H --http-protocol=<yes|no> - Set/unset HTTP request protocol if found. -M --http-method=<yes|no> - Set/unser HTTP request method if found. -o --output=file.html|json|csv - Output either an HTML, JSON or a CSV file. -q --no-query-string - Ignore request's query string. Removing the query string can greatly decrease memory consumption. -r --no-term-resolver - Disable IP resolver on terminal output. --444-as-404 - Treat non-standard status code 444 as 404. --4xx-to-unique-count - Add 4xx client errors to the unique visitors count. --all-static-files - Include static files with a query string. --crawlers-only - Parse and display only crawlers. --date-spec=<date|hr> - Date specificity. Possible values: `date` (default), or `hr`. --double-decode - Decode double-encoded values. --enable-panel=<PANEL> - Enable parsing/displaying the given panel. --hour-spec=<hr|min> - Hour specificity. Possible values: `hr` (default), or `min` (tenth of a min). --ignore-crawlers - Ignore crawlers. --ignore-panel=<PANEL> - Ignore parsing/displaying the given panel. --ignore-referer=<NEEDLE> - Ignore a referer from being counted. Wild cards are allowed. i.e., *.bing.com --ignore-status=<CODE> - Ignore parsing the given status code. --num-tests=<number> - Number of lines to test. >= 0 (10 default) --process-and-exit - Parse log and exit without outputting data. --real-os - Display real OS names. e.g, Windows XP, Snow Leopard. --sort-panel=PANEL,METRIC,ORDER - Sort panel on initial load. For example: --sort-panel=VISITORS,BY_HITS,ASC. See manpage for a list of panels/fields. --static-file=<extension> - Add static file extension. e.g.: .mp3. Extensions are case sensitive. GeoIP Options -g --std-geoip - Standard GeoIP database for less memory consumption. --geoip-database=<path> - Specify path to GeoIP database file. i.e., GeoLiteCity.dat, GeoIPv6.dat ... On-Disk Database Options --keep-db-files - Persist parsed data into disk. --load-from-disk - Load previously stored data from disk. --db-path=<path> - Path of the database file. Default [/tmp/] --cache-lcnum=<number> - Max number of leaf nodes to be cached. Default [0] --cache-ncnum=<number> - Max number of non-leaf nodes to be cached. Default [1024] --tune-bnum=<number> - Number of elements of the bucket array. Default [512] --tune-lmemb=<number> - Number of members in each leaf page. Default [128] --tune-nmemb=<number> - Number of members in each non-leaf page. Default [256] --xmmap=<number> - Set the size in bytes of the extra mapped memory. Default [32749] --compression=<zlib|bz2> - Specifies that each page is compressed with ZLIB|BZ2 encoding. Other Options -h --help - This help. -V --version - Display version information and exit. -s --storage - Display current storage method. e.g., B+ Tree, Hash. --dcf - Display the path of the default config file when `-p` is not used. Examples can be found by running `man goaccess`. For more details visit: http://goaccess.io GoAccess Copyright (C) 2009-2016 by Gerardo Orellana |
試しにapache2を起動してアクセスしてみます。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
rootlinks@Win10:~$ sudo /etc/init.d/apache2 start [....] Starting Apache httpd web server: apache2[Fri Mar 15 10:06:22.927706 2018] [core:warn] [pid 17737] (92)Protocol not available: AH00076: Failed to enable APR_TCP_DEFER_ACCEPT . ok rootlinks@Win10:~$ ps ax PID TTY STAT TIME COMMAND 1 ? Ss 0:00 /init 2 tty1 Ss 0:00 -bash 17738 ? Ss 0:00 /usr/sbin/apache2 -k start 17741 ? S 0:00 /usr/sbin/apache2 -k start 17742 ? S 0:00 /usr/sbin/apache2 -k start 17743 ? S 0:00 /usr/sbin/apache2 -k start 17744 ? S 0:00 /usr/sbin/apache2 -k start 17745 ? S 0:00 /usr/sbin/apache2 -k start 17765 tty1 R 0:00 ps ax |
AH00076: Failed to enable APR_TCP_DEFER_ACCEPTが表示されていますが、動作には支障は無いようです。
APR_TCP_DEFER_ACCEPT error when starting Apache2 #1953
https://github.com/Microsoft/WSL/issues/1953
気になるなら/etc/apache2/apache2.confに下記2行を追加すれば表示しなくなります。
1 2 |
AcceptFilter https none AcceptFilter http none |
apache アクセスログを指定してgoaccessを起動します。
1 |
rootlinks@Win10:~$ goaccess -f /var/log/apache2/access.log |
ところでペネトレーションテストツールはどうした(笑