CPAN::Groonga

Group
Extension

Matches 14

ThreatDetector ( J/JH/JHALL/ThreatDetector-0.04.tar.gz, JHALL, 2025; MetaCPAN )
ThreatDetector/bin/detect.pl ( view source; MetaCPAN ) 
e::HiRes qw(gettimeofday);
use JSON;
use File::Slurp;

# ----- CONFIG -----
my $config_file = 'config/config.json';
my $config_data = -e $config_file ? decode_json(scalar read_file($config_file)
ThreatDetector ( J/JH/JHALL/ThreatDetector-0.04.tar.gz, JHALL, 2025; MetaCPAN )
ThreatDetector/lib/ThreatDetector/Handlers/EncodedPayload.pm ( view source; MetaCPAN ) 
eatDetector::Handlers::EncodedPayload;

use strict;
use warnings;
use Exporter 'import';
use JSON;
use Time::HiRes qw(gettimeofday);

our $VERBOSE = 0;
our @EXPORT_OK = qw(handle_encoded get_
ent => $entry->{user_agent},
    };
    push @ENCODED_PAYLOAD_EVENTS, $alert;
    print encode_json($alert) . "\n" if $VERBOSE;
}

sub get_encoded_payload_events {
  return @ENCODED_PAYLOAD_EVE
EncodedPayload qw(handle_encoded);

  handle_encoded($entry);

=head1 DESCRIPTION

Prints a JSON alert for requests that contain suspiciously encoded characters (e.g. %2e, %3c) which may indicat
ThreatDetector ( J/JH/JHALL/ThreatDetector-0.04.tar.gz, JHALL, 2025; MetaCPAN )
ThreatDetector/lib/ThreatDetector/Handlers/RateLimiter.pm ( view source; MetaCPAN ) 
ThreatDetector::Handlers::RateLimiter;

use strict;
use warnings;
use Exporter 'import';
use JSON;
use Time::HiRes qw(gettimeofday);

our $VERBOSE = 0;
our @EXPORT_OK = qw(handle_rate_burst g
try->{referer} || '',
        };
        push @RATE_BURST_EVENTS, $alert;
        print encode_json($alert) . "\n" if $VERBOSE;
        $ip_activity{$ip} = [];
    }
}

sub get_rate_burst_even
ThreatDetector ( J/JH/JHALL/ThreatDetector-0.04.tar.gz, JHALL, 2025; MetaCPAN )
ThreatDetector/lib/ThreatDetector/Handlers/ClientError.pm ( view source; MetaCPAN ) 
ThreatDetector::Handlers::ClientError;

use strict;
use warnings;
use Exporter 'import';
use JSON;
use Time::HiRes qw(gettimeofday);

our $VERBOSE = 0;
our @EXPORT_OK = qw(handle_client_error
gent => $entry->{user_agent},
    };

    push @CLIENT_ERROR_EVENTS, $alert;
    print encode_json($alert) . "\n" if $VERBOSE;
}

sub get_client_error_events {
  return @CLIENT_ERROR_EVENTS;

rror qw(handle_client_error);

  handle_client_error($entry);

=head1 DESCRIPTION

Prints a JSON alert for any Apache log entry resulting in a 4xx client error.
Useful for tracking broken links
ThreatDetector ( J/JH/JHALL/ThreatDetector-0.04.tar.gz, JHALL, 2025; MetaCPAN )
ThreatDetector/lib/ThreatDetector/Dispatcher.pm ( view source; MetaCPAN ) 
package ThreatDetector::Dispatcher;

use strict;
use warnings;
use JSON;
use File::Basename;
use Time::HiRes qw(gettimeofday);

use ThreatDetector::Handlers::SQLInjection qw(handle_sql_injecti
pes. Each handler is responsible for processing or logging the alert in its own way (typically as JSON output).

The dispatch system uses a mapping of known threat types to handler subroutine refere
ThreatDetector ( J/JH/JHALL/ThreatDetector-0.04.tar.gz, JHALL, 2025; MetaCPAN )
ThreatDetector/lib/ThreatDetector/Handlers/BotFingerprint.pm ( view source; MetaCPAN ) 
eatDetector::Handlers::BotFingerprint;

use strict;
use warnings;
use Exporter 'import';
use JSON;
use Time::HiRes qw(gettimeofday);

our $VERBOSE = 0;
our @EXPORT_OK = qw(handle_scanner get_
=> $entry->{user_agent},
    };
    push @SCANNER_FINGERPRINT_EVENTS, $alert;
    print encode_json($alert) . "\n" if $VERBOSE;
}

sub get_scanner_fingerprint_events {
  return @SCANNER_FINGERP
BotFingerprint qw(handle_scanner);

  handle_scanner($entry);

=head1 DESCRIPTION

Prints a JSON alert for any request that matches a known bad scanner or bot fingerprint in the user-agent strin
ThreatDetector ( J/JH/JHALL/ThreatDetector-0.04.tar.gz, JHALL, 2025; MetaCPAN )
ThreatDetector/lib/ThreatDetector/Handlers/DirectoryTraversal.pm ( view source; MetaCPAN ) 
etector::Handlers::DirectoryTraversal;

use strict;
use warnings;
use Exporter 'import';
use JSON;
use Time::HiRes qw(gettimeofday);

our $VERBOSE = 0;
our @EXPORT_OK = qw(handle_directory_tr
=> $entry->{user_agent},
    };
    push @DIRECTORY_TRAVERSAL_EVENTS, $alert;
    print encode_json($alert) . "\n" if $VERBOSE;
}

sub get_directory_traversal_events {
  return @DIRECTORY_TRAVE
_directory_traversal);

  handle_directory_traversal($entry);

=head1 DESCRIPTION

Prints a JSON alert for requests containing suspected directory traversal patterns such as `../`, URL-encoded t
ThreatDetector ( J/JH/JHALL/ThreatDetector-0.04.tar.gz, JHALL, 2025; MetaCPAN )
ThreatDetector/lib/ThreatDetector/Handlers/LoginBruteForce.pm ( view source; MetaCPAN ) 
atDetector::Handlers::LoginBruteForce;

use strict;
use warnings;
use Exporter 'import';
use JSON;
use Time::HiRes qw(gettimeofday);

our $VERBOSE = 0;
our @EXPORT_OK = qw(handle_login_brutef
r    => $entry->{referer} || '',
    };
    push @BRUTE_FORCE_EVENTS, $alert;
    print encode_json($alert) . "\n" if $VERBOSE;
}

sub get_login_brute_force_events {
  return @BRUTE_FORCE_EVENT
handle_login_bruteforce);

  handle_login_bruteforce($entry);

=head1 DESCRIPTION

Prints a JSON alert for suspected brute-force login attempts. Typically used in conjunction with logic that det
ThreatDetector ( J/JH/JHALL/ThreatDetector-0.04.tar.gz, JHALL, 2025; MetaCPAN )
ThreatDetector/lib/ThreatDetector/Handlers/MethodAbuse.pm ( view source; MetaCPAN ) 
ThreatDetector::Handlers::MethodAbuse;

use strict;
use warnings;
use Exporter 'import';
use JSON;
use Time::HiRes qw(gettimeofday);

our $VERBOSE = 0;
our @EXPORT_OK = qw(handle_http_method 
erer => $entry->{referer} || '',
    };
    push @HTTP_METHOD_EVENTS, $alert;
    print encode_json($alert) . "\n" if $VERBOSE;
}

sub get_http_method_abuse_events {
  return @HTTP_METHOD_EVENT
dAbuse qw(handle_http_method);

  handle_http_method($entry);

=head1 DESCRIPTION

Prints a JSON alert when a request uses suspicious HTTP methods such as PUT, DELETE, TRACE, or CONNECT. These m
ThreatDetector ( J/JH/JHALL/ThreatDetector-0.04.tar.gz, JHALL, 2025; MetaCPAN )
ThreatDetector/lib/ThreatDetector/Handlers/HeaderAbuse.pm ( view source; MetaCPAN ) 
ThreatDetector::Handlers::HeaderAbuse;

use strict;
use warnings;
use Exporter 'import';
use JSON;
use Time::HiRes qw(gettimeofday);

our $VERBOSE = 0;
our @EXPORT_OK = qw(handle_header_abuse
rer => $entry->{referer} || '',
    };
    push @HEADER_ABUSE_EVENTS, $alert;
    print encode_json($alert) . "\n" if $VERBOSE;
}

sub get_header_abuse_events {
  return @HEADER_ABUSE_EVENTS;

buse qw(handle_header_abuse);

  handle_header_abuse($entry);

=head1 DESCRIPTION

Prints a JSON alert when a log entry contains suspicious or abusive header values — typically malformed, spoo
ThreatDetector ( J/JH/JHALL/ThreatDetector-0.04.tar.gz, JHALL, 2025; MetaCPAN )
ThreatDetector/lib/ThreatDetector/Handlers/XSS.pm ( view source; MetaCPAN ) 
package ThreatDetector::Handlers::XSS;

use strict;
use warnings;
use Exporter 'import';
use JSON;
use Time::HiRes qw(gettimeofday);

our $VERBOSE = 0;
our @EXPORT_OK = qw(handle_xss get_xss_
referer    => $entry->{referer} || '',
    };

    push @XSS_EVENTS, $alert;
    print encode_json($alert) . "\n" if $VERBOSE;
}

sub get_xss_events {
  return @XSS_EVENTS;
}

1;

=head1 
Detector::Handlers::XSS qw(handle_xss);

  handle_xss($entry);

=head1 DESCRIPTION

Emits a JSON alert when a log entry indicates a potential cross-site scripting (XSS) attack based on common pa
ThreatDetector ( J/JH/JHALL/ThreatDetector-0.04.tar.gz, JHALL, 2025; MetaCPAN )
ThreatDetector/lib/ThreatDetector/Handlers/SQLInjection.pm ( view source; MetaCPAN ) 
hreatDetector::Handlers::SQLInjection;

use strict;
use warnings;
use Exporter 'import';
use JSON;
use Time::HiRes qw(gettimeofday);

our $VERBOSE = 0;
our @EXPORT_OK = qw(handle_sql_injectio
eferer    => $entry->{referer} || '',
    };

    push @SQLI_EVENTS, $alert;
    print encode_json($alert) . "\n" if $VERBOSE;
}

sub get_sqli_events {
  return @SQLI_EVENTS;
}

1;

=head
ion qw(handle_sql_injection);

  handle_sql_injection($entry);

=head1 DESCRIPTION

Emits a JSON-formatted alert when a request appears to contain SQL injection payloads. Common indicators inclu
ThreatDetector ( J/JH/JHALL/ThreatDetector-0.04.tar.gz, JHALL, 2025; MetaCPAN )
ThreatDetector/lib/ThreatDetector/Handlers/CommandInjection.pm ( view source; MetaCPAN ) 
tDetector::Handlers::CommandInjection;

use strict;
use warnings;
use Exporter 'import';
use JSON;
use Time::HiRes qw(gettimeofday);

our $VERBOSE = 0;
our @EXPORT_OK = qw(handle_command_inje
t => $entry->{user_agent},
    };
    push @COMMAND_INJECTION_EVENTS, $alert;
    print encode_json($alert) . "\n" if $VERBOSE;
}

sub get_command_injection_events {
  return @COMMAND_INJECTION
ndle_command_injection);

  handle_command_injection($entry);

=head1 DESCRIPTION

Prints a JSON alert for requests that appear to contain command injection or remote/local file inclusion attemp
ThreatDetector ( J/JH/JHALL/ThreatDetector-0.04.tar.gz, JHALL, 2025; MetaCPAN )
ThreatDetector/utils/remote_detect_launcher.pl ( view source; MetaCPAN ) 
 qw(make_path);
use File::Slurp;
use IPC::System::Simple qw(system);
use Term::ANSIColor;
use JSON;

# NOT finished

my $key_path     = "$ENV{HOME}/.ssh/id_rsa.pub";
my $private_key  = "$ENV{
Powered by Groonga
Maintained by Kenichi Ishigaki <ishigaki@cpan.org>. If you find anything, submit it on GitHub.