You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33 lines
1.7 KiB
33 lines
1.7 KiB
2 years ago
|
# set: defscore=15
|
||
|
# h4x0rs
|
||
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/(shell|cmd|x)\.(php|cgi)
|
||
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/w00tw00t
|
||
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+Ringing\.at\.your\.dorbell
|
||
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/.*(wget|curl)(\\x|%)20https?://
|
||
|
<HOST> .* "(GET|HEAD|POST) .*/bin/(ba|c|z)?sh( |\\x20|%20)-c
|
||
|
<HOST> .* "(\\x[0-9a-z]{2,6})+" 400
|
||
|
# set: defscore=10
|
||
|
# phpmyadmin and variations
|
||
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+(php|sqlite)-?(manager)?
|
||
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+(php|pg|sql)-?my-?admin
|
||
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+pma[0-9]*
|
||
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+((my|pg)(sql)?|db|msd?)-?(admin|dumper|dump|manager)
|
||
|
# set: defscore=5
|
||
|
# open proxy search
|
||
|
<HOST> .* "(GET|HEAD|POST) https?://[a-z-\.]+proxyradar\.com
|
||
|
<HOST> .* "CONNECT [a-z-\.]*proxyradar\.com
|
||
|
<HOST> .* "CONNECT [a-z-\.]*proxytest\.zmap\.io
|
||
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+testproxy\.php
|
||
|
# set: defscore=2
|
||
|
# search bots
|
||
|
<HOST> .* "(GET|HEAD|POST) .* "python-(requests|urllib)/[0-9\.]+
|
||
|
<HOST> .* "(GET|HEAD|POST) .* "AhrefsBot/[0-9a-z\.]+
|
||
|
<HOST> .* "(GET|HEAD|POST) .* "DotBot/[0-9a-z\.]+
|
||
|
<HOST> .* "(GET|HEAD|POST) .* "MauiBot
|
||
|
<HOST> .* "(GET|HEAD|POST) .* SiteExplorer/[0-9a-z\.]+
|
||
|
<HOST> .* "(GET|HEAD|POST) .* MJ12bot
|
||
|
<HOST> .* "(GET|HEAD|POST) .* WebIndex
|
||
|
# shit-coded php cms
|
||
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/.*/wp-login.php
|
||
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+(joomla|cms)/administrator
|