import re
import numpy as np
from datetime import datetime

# Fonction pour scanner plusieurs entrées
def scan_entries(entries):
    results = []
    for entry in entries:
        scan_result = scan_entry(entry)
        results.append(scan_result)
    return results

# Fonction pour scanner une seule entrée
def scan_entry(entry):
    scam_patterns = [
        re.compile(r'scam_offer'),
        re.compile(r'login\.php\?username=admin&password=admin'),
        re.compile(r'transfer\.php')
    ]
    scam_activities = detect_scams(entry, scam_patterns)
    return scam_activities

# Fonction pour détecter des scams dans les logs
def detect_scams(log_data, patterns):
    lines = log_data.split('\n')
    scam_lines = []
    for line in lines:
        for pattern in patterns:
            if pattern.search(line):
                scam_lines.append(line)
                break
    return scam_lines

# Fonction pour calculer les dérivées
def calculate_derivatives(data):
    data = np.array(data)
    derivatives = np.diff(data)
    return derivatives

# Exemple d'utilisation
log_entries = [
    """
    192.168.1.1 - - [28/May/2024:10:32:55 +0000] "GET /index.html HTTP/1.1" 200 2326
    192.168.1.2 - - [28/May/2024:10:33:12 +0000] "GET /login.php?username=admin&password=admin HTTP/1.1" 200 1420
    192.168.1.3 - - [28/May/2024:10:34:23 +0000] "POST /transfer.php HTTP/1.1" 200 5320
    192.168.1.4 - - [28/May/2024:10:35:00 +0000] "GET /scam_offer HTTP/1.1" 200 221
    """,
    # Ajoutez d'autres entrées ici
]

scanned_results = scan_entries(log_entries)

# Supposons que chaque scan_result contient le nombre d'activités suspectes détectées
activity_counts = [len(result) for result in scanned_results]

# Calculer les dérivées des activités suspectes détectées
activity_derivatives = calculate_derivatives(activity_counts)

# Afficher les résultats
print("Scanned Results:", scanned_results)
print("Activity Counts:", activity_counts)
print("Activity Derivatives:", activity_derivatives)

# Sauvegarder les résultats dans un fichier
timestamp = datetime.now().strftime("%Y-%m-%d_%H-%M-%S")
output_filename = f"scan_results_{timestamp}.txt"
with open(output_filename, 'w', encoding='utf-8') as file:
    file.write(f"Scanned Results: {scanned_results}\n")
    file.write(f"Activity Counts: {activity_counts}\n")
    file.write(f"Activity Derivatives: {activity_derivatives}\n")

print(f"Results saved to {output_filename}")