Metadata-Version: 2.4
Name: webnetwork
Version: 1.1.4
Summary: Automatic web server monitoring and defensive DoS/DDoS detection with blocking
Home-page: https://github.com/bytebreach/webnetwork
Author: hackinglab
Author-email: mrfidal@proton.me
License: MIT
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Operating System :: OS Independent
Classifier: Topic :: Security
Classifier: Topic :: System :: Monitoring
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Topic :: Software Development :: Libraries
Requires-Python: >=3.8
Description-Content-Type: text/markdown
Requires-Dist: requests>=2.28.0
Requires-Dist: scapy>=2.5.0
Dynamic: author
Dynamic: author-email
Dynamic: classifier
Dynamic: description
Dynamic: description-content-type
Dynamic: home-page
Dynamic: license
Dynamic: requires-dist
Dynamic: requires-python
Dynamic: summary

# webnetwork

**webnetwork** is a Python package that automatically monitors your web server traffic, detects DoS/DDoS attacks, and blocks malicious IPs in real-time. It supports Linux, Windows, and macOS servers.

## Features

- Automatic host IP detection
- Web server log monitoring (Nginx, Apache)
- Live packet sniffing for TCP/SYN floods
- Automatic IP blocking (iptables on Linux/macOS, Windows firewall)
- Cross-platform support
- Minimal configuration required

## Installation

```bash
pip install webnetwork
```

## Usage

### Fully Automatic

Automatically detects logs and interfaces:

```python
import webnetwork

webnetwork.start()
```

### Specify Logfile or Network Interface

```python
import webnetwork

# Only monitor log file
webnetwork.start(logfile="/var/log/nginx/access.log")

# Only monitor network interface
webnetwork.start(iface="eth0")

# Monitor both
webnetwork.start(logfile="/var/log/nginx/access.log", iface="eth0")
```

### Notes

* Local blocking requires admin/root privileges.
* Automatically tries to detect common log files (`/var/log/nginx/access.log`, `/var/log/apache2/access.log`, `/var/log/httpd/access_log`).
* Live packet sniffing requires `scapy` and may need root/admin privileges.
* Monitors traffic continuously and logs alerts to `alerts.csv`.

## Configuration

Thresholds for detection can be tuned by modifying `detector.py`:

```python
LOG_CHECK_INTERVAL = 1.0
WINDOW_SECONDS = 10
REQS_PER_IP_THRESHOLD = 50
TOTAL_RPS_THRESHOLD = 200
UNIQUE_IP_ENTROPY_THRESHOLD = 0.5
SYN_RATE_THRESHOLD = 100
SYN_TO_ACK_RATIO = 5.0
```

## License

MIT License

