Skip to content

quantasci/logrip

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

44 Commits
.vscode
.vscode
 
 
assets
assets
 
 
docs
docs
 
 
CMakeLists.txt
CMakeLists.txt
 
 
LICENSE
LICENSE
 
 
NOTICE.txt
NOTICE.txt
 
 
README.md
README.md
 
 
app_logrip.cpp
app_logrip.cpp
 
 
block_ips.sh
block_ips.sh
 
 
build.sh
build.sh
 
 
fixup.py
fixup.py
 
 
run.sh
run.sh
 
 

Repository files navigation

Logrip

Defend against AI crawlers & bots with server log analysis.

Presented at Blackhat USA 2025, this is the official repository for:
Protecting Small Organizations in the Era of AI Bots, R. Hoetzlein, 2025

Manual: Logrip Manual ver 1

How to Build

Updated Nov 2025
Build with cmake is now simpler and faster.
Libmin dependent code is directly compiled into the project (no shared or static libs).
Steps:

  1. Clone this logrip repo
  2. Clone libmin as a sibling folder
\codes
 ├── \logrip
 └── \libmin
  1. Run cmake or cmake-gui on the logrip cmake.

See libmin for more details.

Running Logrip

Running logrip requires two arguments as input:

> logrip {access_log} {config_file.conf}

The access_log must be either .txt or .log
The config_file must be .conf
An example log and config file are provided.
After installation you can quickly test logrip by doing: ./run.sh

Generating logs

Logrip takes a historic server access log as input.
To generate these you would typically use journalctl, or others server tools that output logs.
Here are examples of how to generate logs for apache2 or ruby-on-rails.
How to generate Apache2 logs:

> cd /var/log/apache2
> ls -l -a
> zcat access.log.*.gz > apache.log
> cat access.log.1 access.log >> apache.log

Now run logrip with the apache.log input file along with the apache2.conf config file.

How to generate Ruby-on-Rails logs:

> journalctl | grep {project} | grep 'Started GET' > ruby.log

Now run logrip with the ruby.log input file along with the ruby.conf config file.

Config File & Policy Settings

A config file (.conf) controls the log parsing and the policy settings for blocking. One would typically use, copy or modify an existing .conf file provided in /assets and then customize.
The full list of config settingscan be found in the manual here:
Manual: Logrip Manual ver 1.0

Complete Demo

This is the complete example used in the video example at Blackhat 2025:

git clone https://github.com/quantasci/libmin
git clone https://github.com/quantasci/logrip
cd libmin
./build.sh
cd ..
cd logrip
./build.sh
cat assets/example_log.txt
cat assets/ruby.conf
../build/logrip/logrip example_log.txt ruby.conf
ls
xdg-open out_fig1.orig.png
xdg-open out_fig2_blocked.png
xdg-open out_fig3_filtered.png
cat out_ips.csv

License

Copyright (c) Quanta Sciences, 2024-2025
Rama Karl Hoetzlein, https://ramakarl.com

Apache 2.0 License
https://www.apache.org/licenses/LICENSE-2.0.txt

About

Defend against against AI crawlers & bots with server log analysis

Resources

Readme

License

View license
Activity

Stars

4 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages