|
|
|
@ -1,11 +1,4 @@
|
|
|
|
|
# phpmyadmin and variations |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+(php|sqlite)-?(manager)? |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+(php|pg|sql)-?my-?admin |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+pma[0-9]* |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+((my|pg)(sql)?|db|msd?)-?(admin|dumper|dump|manager) |
|
|
|
|
# shit-coded php cms |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/.*/wp-login.php |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+(joomla|cms)/administrator |
|
|
|
|
# set: defscore=15 |
|
|
|
|
# h4x0rs |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/(shell|cmd|x)\.(php|cgi) |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/w00tw00t |
|
|
|
@ -13,11 +6,19 @@
|
|
|
|
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/.*(wget|curl)(\\x|%)20https?:// |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) .*/bin/(ba|c|z)?sh( |\\x20|%20)-c |
|
|
|
|
<HOST> .* "(\\x[0-9a-z]{2,6})+" 400 |
|
|
|
|
# set: defscore=10 |
|
|
|
|
# phpmyadmin and variations |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+(php|sqlite)-?(manager)? |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+(php|pg|sql)-?my-?admin |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+pma[0-9]* |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+((my|pg)(sql)?|db|msd?)-?(admin|dumper|dump|manager) |
|
|
|
|
# set: defscore=5 |
|
|
|
|
# open proxy search |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) https?://[a-z-\.]+proxyradar\.com |
|
|
|
|
<HOST> .* "CONNECT [a-z-\.]*proxyradar\.com |
|
|
|
|
<HOST> .* "CONNECT [a-z-\.]*proxytest\.zmap\.io |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+testproxy\.php |
|
|
|
|
# set: defscore=2 |
|
|
|
|
# search bots |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) .* "python-(requests|urllib)/[0-9\.]+ |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) .* "AhrefsBot/[0-9a-z\.]+ |
|
|
|
@ -26,3 +27,6 @@
|
|
|
|
|
<HOST> .* "(GET|HEAD|POST) .* SiteExplorer/[0-9a-z\.]+ |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) .* MJ12bot |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) .* WebIndex |
|
|
|
|
# shit-coded php cms |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/.*/wp-login.php |
|
|
|
|
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+(joomla|cms)/administrator |
|
|
|
|