ddtrace 1.14.0 → 1.15.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +178 -2
- data/ext/ddtrace_profiling_native_extension/NativeExtensionDesign.md +3 -5
- data/ext/ddtrace_profiling_native_extension/clock_id.h +0 -3
- data/ext/ddtrace_profiling_native_extension/clock_id_from_pthread.c +0 -22
- data/ext/ddtrace_profiling_native_extension/clock_id_noop.c +0 -1
- data/ext/ddtrace_profiling_native_extension/collectors_cpu_and_wall_time_worker.c +41 -6
- data/ext/ddtrace_profiling_native_extension/collectors_idle_sampling_helper.c +3 -0
- data/ext/ddtrace_profiling_native_extension/collectors_stack.c +76 -24
- data/ext/ddtrace_profiling_native_extension/collectors_stack.h +1 -1
- data/ext/ddtrace_profiling_native_extension/collectors_thread_context.c +207 -32
- data/ext/ddtrace_profiling_native_extension/collectors_thread_context.h +1 -1
- data/ext/ddtrace_profiling_native_extension/extconf.rb +8 -2
- data/ext/ddtrace_profiling_native_extension/http_transport.c +26 -10
- data/ext/ddtrace_profiling_native_extension/libdatadog_helpers.c +42 -0
- data/ext/ddtrace_profiling_native_extension/libdatadog_helpers.h +6 -0
- data/ext/ddtrace_profiling_native_extension/native_extension_helpers.rb +1 -16
- data/ext/ddtrace_profiling_native_extension/pid_controller.c +57 -0
- data/ext/ddtrace_profiling_native_extension/pid_controller.h +45 -0
- data/ext/ddtrace_profiling_native_extension/private_vm_api_access.c +17 -12
- data/ext/ddtrace_profiling_native_extension/profiling.c +0 -2
- data/ext/ddtrace_profiling_native_extension/stack_recorder.c +74 -37
- data/ext/ddtrace_profiling_native_extension/stack_recorder.h +13 -3
- data/lib/datadog/appsec/assets/waf_rules/processors.json +92 -0
- data/lib/datadog/appsec/assets/waf_rules/recommended.json +698 -75
- data/lib/datadog/appsec/assets/waf_rules/scanners.json +114 -0
- data/lib/datadog/appsec/assets/waf_rules/strict.json +98 -8
- data/lib/datadog/appsec/assets.rb +8 -0
- data/lib/datadog/appsec/component.rb +9 -2
- data/lib/datadog/appsec/configuration/settings.rb +61 -2
- data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +8 -6
- data/lib/datadog/appsec/contrib/rack/reactive/request.rb +2 -7
- data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +2 -5
- data/lib/datadog/appsec/contrib/rack/reactive/response.rb +2 -5
- data/lib/datadog/appsec/contrib/rack/request_body_middleware.rb +3 -2
- data/lib/datadog/appsec/contrib/rack/request_middleware.rb +23 -9
- data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +3 -2
- data/lib/datadog/appsec/contrib/rails/patcher.rb +9 -3
- data/lib/datadog/appsec/contrib/rails/reactive/action.rb +2 -5
- data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +6 -4
- data/lib/datadog/appsec/contrib/sinatra/patcher.rb +13 -7
- data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +2 -5
- data/lib/datadog/appsec/event.rb +106 -50
- data/lib/datadog/appsec/monitor/gateway/watcher.rb +3 -3
- data/lib/datadog/appsec/monitor/reactive/set_user.rb +2 -5
- data/lib/datadog/appsec/processor/actions.rb +49 -0
- data/lib/datadog/appsec/processor/rule_merger.rb +22 -2
- data/lib/datadog/appsec/processor.rb +34 -6
- data/lib/datadog/appsec/remote.rb +4 -1
- data/lib/datadog/appsec/response.rb +82 -4
- data/lib/datadog/appsec/sample_rate.rb +21 -0
- data/lib/datadog/appsec.rb +2 -2
- data/lib/datadog/core/configuration/agent_settings_resolver.rb +29 -24
- data/lib/datadog/core/configuration/base.rb +1 -11
- data/lib/datadog/core/configuration/components.rb +7 -2
- data/lib/datadog/core/configuration/ext.rb +21 -0
- data/lib/datadog/core/configuration/option.rb +2 -4
- data/lib/datadog/core/configuration/option_definition.rb +17 -41
- data/lib/datadog/core/configuration/options.rb +5 -5
- data/lib/datadog/core/configuration/settings.rb +47 -45
- data/lib/datadog/core/environment/execution.rb +47 -9
- data/lib/datadog/core/environment/variable_helpers.rb +0 -69
- data/lib/datadog/core/error.rb +1 -0
- data/lib/datadog/core/git/ext.rb +2 -0
- data/lib/datadog/core/remote/client/capabilities.rb +1 -1
- data/lib/datadog/core/remote/component.rb +2 -2
- data/lib/datadog/core/remote/negotiation.rb +2 -2
- data/lib/datadog/core/remote/transport/config.rb +60 -0
- data/lib/datadog/core/remote/transport/http/api/instance.rb +39 -0
- data/lib/datadog/core/remote/transport/http/api/spec.rb +21 -0
- data/lib/datadog/core/remote/transport/http/api.rb +58 -0
- data/lib/datadog/core/remote/transport/http/builder.rb +219 -0
- data/lib/datadog/core/remote/transport/http/client.rb +48 -0
- data/lib/datadog/core/remote/transport/http/config.rb +280 -0
- data/lib/datadog/core/remote/transport/http/negotiation.rb +146 -0
- data/lib/datadog/core/remote/transport/http.rb +179 -0
- data/lib/datadog/core/{transport → remote/transport}/negotiation.rb +25 -23
- data/lib/datadog/core/telemetry/collector.rb +3 -2
- data/lib/datadog/core/telemetry/http/transport.rb +2 -1
- data/lib/datadog/core/transport/ext.rb +47 -0
- data/lib/datadog/core/transport/http/adapters/net.rb +168 -0
- data/lib/datadog/core/transport/http/adapters/registry.rb +29 -0
- data/lib/datadog/core/transport/http/adapters/test.rb +89 -0
- data/lib/datadog/core/transport/http/adapters/unix_socket.rb +83 -0
- data/lib/datadog/core/transport/http/api/endpoint.rb +31 -0
- data/lib/datadog/core/transport/http/api/fallbacks.rb +26 -0
- data/lib/datadog/core/transport/http/api/map.rb +18 -0
- data/lib/datadog/core/transport/http/env.rb +62 -0
- data/lib/datadog/core/transport/http/response.rb +60 -0
- data/lib/datadog/core/transport/parcel.rb +22 -0
- data/lib/datadog/core/transport/request.rb +17 -0
- data/lib/datadog/core/transport/response.rb +64 -0
- data/lib/datadog/core/workers/polling.rb +2 -2
- data/lib/datadog/opentelemetry/api/context.rb +10 -3
- data/lib/datadog/opentelemetry/sdk/propagator.rb +2 -1
- data/lib/datadog/opentelemetry/sdk/span_processor.rb +14 -2
- data/lib/datadog/opentelemetry/sdk/trace/span.rb +68 -0
- data/lib/datadog/opentelemetry/trace.rb +58 -0
- data/lib/datadog/opentelemetry.rb +1 -0
- data/lib/datadog/opentracer.rb +9 -0
- data/lib/datadog/profiling/collectors/cpu_and_wall_time_worker.rb +12 -18
- data/lib/datadog/profiling/collectors/idle_sampling_helper.rb +1 -1
- data/lib/datadog/profiling/collectors/thread_context.rb +9 -1
- data/lib/datadog/profiling/component.rb +24 -99
- data/lib/datadog/profiling/ext.rb +0 -12
- data/lib/datadog/profiling/flush.rb +0 -3
- data/lib/datadog/profiling/http_transport.rb +6 -3
- data/lib/datadog/profiling/native_extension.rb +0 -21
- data/lib/datadog/profiling/profiler.rb +11 -12
- data/lib/datadog/profiling.rb +8 -81
- data/lib/datadog/tracing/component.rb +10 -4
- data/lib/datadog/tracing/configuration/agent_settings_resolver.rb +13 -0
- data/lib/datadog/tracing/configuration/ext.rb +4 -2
- data/lib/datadog/tracing/configuration/settings.rb +14 -7
- data/lib/datadog/tracing/contrib/action_pack/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/active_record/events/sql.rb +4 -0
- data/lib/datadog/tracing/contrib/active_support/cache/instrumentation.rb +104 -197
- data/lib/datadog/tracing/contrib/active_support/cache/patcher.rb +3 -0
- data/lib/datadog/tracing/contrib/aws/instrumentation.rb +7 -0
- data/lib/datadog/tracing/contrib/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/dalli/configuration/settings.rb +6 -0
- data/lib/datadog/tracing/contrib/dalli/ext.rb +7 -0
- data/lib/datadog/tracing/contrib/dalli/instrumentation.rb +9 -2
- data/lib/datadog/tracing/contrib/delayed_job/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/elasticsearch/patcher.rb +5 -0
- data/lib/datadog/tracing/contrib/ethon/easy_patch.rb +5 -0
- data/lib/datadog/tracing/contrib/ethon/multi_patch.rb +8 -0
- data/lib/datadog/tracing/contrib/excon/middleware.rb +5 -0
- data/lib/datadog/tracing/contrib/ext.rb +3 -0
- data/lib/datadog/tracing/contrib/faraday/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/faraday/middleware.rb +5 -0
- data/lib/datadog/tracing/contrib/grpc/configuration/settings.rb +21 -1
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/client.rb +11 -1
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/server.rb +18 -0
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor.rb +0 -4
- data/lib/datadog/tracing/contrib/http/circuit_breaker.rb +3 -3
- data/lib/datadog/tracing/contrib/http/instrumentation.rb +5 -0
- data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +5 -0
- data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +5 -0
- data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +7 -0
- data/lib/datadog/tracing/contrib/mysql2/instrumentation.rb +13 -3
- data/lib/datadog/tracing/contrib/opensearch/integration.rb +2 -2
- data/lib/datadog/tracing/contrib/opensearch/patcher.rb +7 -0
- data/lib/datadog/tracing/contrib/pg/instrumentation.rb +5 -0
- data/lib/datadog/tracing/contrib/presto/instrumentation.rb +5 -0
- data/lib/datadog/tracing/contrib/propagation/sql_comment.rb +1 -1
- data/lib/datadog/tracing/contrib/que/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/racecar/event.rb +5 -0
- data/lib/datadog/tracing/contrib/rack/header_tagging.rb +14 -4
- data/lib/datadog/tracing/contrib/rails/configuration/settings.rb +4 -4
- data/lib/datadog/tracing/contrib/rake/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/redis/tags.rb +5 -0
- data/lib/datadog/tracing/contrib/resque/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/rest_client/request_patch.rb +5 -0
- data/lib/datadog/tracing/contrib/sequel/utils.rb +5 -0
- data/lib/datadog/tracing/contrib/shoryuken/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/sidekiq/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/sneakers/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/utils/quantization/http.rb +2 -2
- data/lib/datadog/tracing/distributed/propagation.rb +13 -33
- data/lib/datadog/tracing/metadata/tagging.rb +3 -3
- data/lib/datadog/tracing/sync_writer.rb +3 -3
- data/lib/datadog/tracing/tracer.rb +2 -0
- data/lib/datadog/{core → tracing}/transport/http/api/instance.rb +1 -1
- data/lib/datadog/{core → tracing}/transport/http/api/spec.rb +1 -1
- data/lib/datadog/tracing/transport/http/api.rb +43 -0
- data/lib/datadog/{core → tracing}/transport/http/builder.rb +13 -68
- data/lib/datadog/tracing/transport/http/client.rb +57 -0
- data/lib/datadog/tracing/transport/http/statistics.rb +47 -0
- data/lib/datadog/tracing/transport/http/traces.rb +152 -0
- data/lib/datadog/tracing/transport/http.rb +124 -0
- data/lib/datadog/tracing/transport/io/client.rb +89 -0
- data/lib/datadog/tracing/transport/io/response.rb +27 -0
- data/lib/datadog/tracing/transport/io/traces.rb +101 -0
- data/lib/datadog/tracing/transport/io.rb +30 -0
- data/lib/datadog/tracing/transport/serializable_trace.rb +126 -0
- data/lib/datadog/tracing/transport/statistics.rb +77 -0
- data/lib/datadog/tracing/transport/trace_formatter.rb +209 -0
- data/lib/datadog/tracing/transport/traces.rb +224 -0
- data/lib/datadog/tracing/workers/trace_writer.rb +5 -3
- data/lib/datadog/tracing/workers.rb +3 -2
- data/lib/datadog/tracing/writer.rb +5 -2
- data/lib/ddtrace/transport/ext.rb +17 -15
- data/lib/ddtrace/version.rb +1 -1
- data/lib/ddtrace.rb +1 -1
- metadata +72 -96
- data/lib/datadog/ci/configuration/components.rb +0 -32
- data/lib/datadog/ci/configuration/settings.rb +0 -51
- data/lib/datadog/ci/contrib/cucumber/configuration/settings.rb +0 -35
- data/lib/datadog/ci/contrib/cucumber/ext.rb +0 -22
- data/lib/datadog/ci/contrib/cucumber/formatter.rb +0 -94
- data/lib/datadog/ci/contrib/cucumber/instrumentation.rb +0 -28
- data/lib/datadog/ci/contrib/cucumber/integration.rb +0 -47
- data/lib/datadog/ci/contrib/cucumber/patcher.rb +0 -27
- data/lib/datadog/ci/contrib/minitest/configuration/settings.rb +0 -35
- data/lib/datadog/ci/contrib/minitest/ext.rb +0 -21
- data/lib/datadog/ci/contrib/minitest/integration.rb +0 -49
- data/lib/datadog/ci/contrib/minitest/patcher.rb +0 -27
- data/lib/datadog/ci/contrib/minitest/test_helper.rb +0 -68
- data/lib/datadog/ci/contrib/rspec/configuration/settings.rb +0 -35
- data/lib/datadog/ci/contrib/rspec/example.rb +0 -68
- data/lib/datadog/ci/contrib/rspec/ext.rb +0 -21
- data/lib/datadog/ci/contrib/rspec/integration.rb +0 -48
- data/lib/datadog/ci/contrib/rspec/patcher.rb +0 -27
- data/lib/datadog/ci/ext/app_types.rb +0 -9
- data/lib/datadog/ci/ext/environment.rb +0 -575
- data/lib/datadog/ci/ext/settings.rb +0 -10
- data/lib/datadog/ci/ext/test.rb +0 -35
- data/lib/datadog/ci/extensions.rb +0 -19
- data/lib/datadog/ci/flush.rb +0 -38
- data/lib/datadog/ci/test.rb +0 -81
- data/lib/datadog/ci.rb +0 -21
- data/lib/datadog/core/configuration/dependency_resolver.rb +0 -28
- data/lib/datadog/core/configuration/option_definition_set.rb +0 -22
- data/lib/datadog/core/configuration/option_set.rb +0 -10
- data/lib/datadog/core/transport/config.rb +0 -58
- data/lib/datadog/core/transport/http/api.rb +0 -57
- data/lib/datadog/core/transport/http/client.rb +0 -45
- data/lib/datadog/core/transport/http/config.rb +0 -278
- data/lib/datadog/core/transport/http/negotiation.rb +0 -144
- data/lib/datadog/core/transport/http.rb +0 -169
- data/lib/datadog/core/utils/object_set.rb +0 -43
- data/lib/datadog/core/utils/string_table.rb +0 -47
- data/lib/datadog/profiling/backtrace_location.rb +0 -34
- data/lib/datadog/profiling/buffer.rb +0 -43
- data/lib/datadog/profiling/collectors/old_stack.rb +0 -301
- data/lib/datadog/profiling/encoding/profile.rb +0 -41
- data/lib/datadog/profiling/event.rb +0 -15
- data/lib/datadog/profiling/events/stack.rb +0 -82
- data/lib/datadog/profiling/old_recorder.rb +0 -107
- data/lib/datadog/profiling/pprof/builder.rb +0 -125
- data/lib/datadog/profiling/pprof/converter.rb +0 -102
- data/lib/datadog/profiling/pprof/message_set.rb +0 -16
- data/lib/datadog/profiling/pprof/payload.rb +0 -20
- data/lib/datadog/profiling/pprof/pprof.proto +0 -212
- data/lib/datadog/profiling/pprof/pprof_pb.rb +0 -81
- data/lib/datadog/profiling/pprof/stack_sample.rb +0 -139
- data/lib/datadog/profiling/pprof/string_table.rb +0 -12
- data/lib/datadog/profiling/pprof/template.rb +0 -118
- data/lib/datadog/profiling/trace_identifiers/ddtrace.rb +0 -43
- data/lib/datadog/profiling/trace_identifiers/helper.rb +0 -45
- data/lib/ddtrace/transport/http/adapters/net.rb +0 -168
- data/lib/ddtrace/transport/http/adapters/registry.rb +0 -27
- data/lib/ddtrace/transport/http/adapters/test.rb +0 -85
- data/lib/ddtrace/transport/http/adapters/unix_socket.rb +0 -77
- data/lib/ddtrace/transport/http/api/endpoint.rb +0 -29
- data/lib/ddtrace/transport/http/api/fallbacks.rb +0 -24
- data/lib/ddtrace/transport/http/api/instance.rb +0 -35
- data/lib/ddtrace/transport/http/api/map.rb +0 -16
- data/lib/ddtrace/transport/http/api/spec.rb +0 -17
- data/lib/ddtrace/transport/http/api.rb +0 -39
- data/lib/ddtrace/transport/http/builder.rb +0 -176
- data/lib/ddtrace/transport/http/client.rb +0 -52
- data/lib/ddtrace/transport/http/env.rb +0 -58
- data/lib/ddtrace/transport/http/response.rb +0 -58
- data/lib/ddtrace/transport/http/statistics.rb +0 -43
- data/lib/ddtrace/transport/http/traces.rb +0 -144
- data/lib/ddtrace/transport/http.rb +0 -117
- data/lib/ddtrace/transport/io/client.rb +0 -85
- data/lib/ddtrace/transport/io/response.rb +0 -25
- data/lib/ddtrace/transport/io/traces.rb +0 -99
- data/lib/ddtrace/transport/io.rb +0 -28
- data/lib/ddtrace/transport/parcel.rb +0 -20
- data/lib/ddtrace/transport/request.rb +0 -15
- data/lib/ddtrace/transport/response.rb +0 -60
- data/lib/ddtrace/transport/serializable_trace.rb +0 -122
- data/lib/ddtrace/transport/statistics.rb +0 -75
- data/lib/ddtrace/transport/trace_formatter.rb +0 -207
- data/lib/ddtrace/transport/traces.rb +0 -216
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": "2.2",
|
|
3
3
|
"metadata": {
|
|
4
|
-
"rules_version": "1.
|
|
4
|
+
"rules_version": "1.8.0"
|
|
5
5
|
},
|
|
6
6
|
"rules": [
|
|
7
7
|
{
|
|
@@ -62,6 +62,8 @@
|
|
|
62
62
|
"crs_id": "913110",
|
|
63
63
|
"category": "attack_attempt",
|
|
64
64
|
"tool_name": "Acunetix",
|
|
65
|
+
"cwe": "200",
|
|
66
|
+
"capec": "1000/118/169",
|
|
65
67
|
"confidence": "0"
|
|
66
68
|
},
|
|
67
69
|
"conditions": [
|
|
@@ -94,6 +96,8 @@
|
|
|
94
96
|
"type": "security_scanner",
|
|
95
97
|
"crs_id": "913120",
|
|
96
98
|
"category": "attack_attempt",
|
|
99
|
+
"cwe": "200",
|
|
100
|
+
"capec": "1000/118/169",
|
|
97
101
|
"confidence": "1"
|
|
98
102
|
},
|
|
99
103
|
"conditions": [
|
|
@@ -108,6 +112,12 @@
|
|
|
108
112
|
},
|
|
109
113
|
{
|
|
110
114
|
"address": "server.request.path_params"
|
|
115
|
+
},
|
|
116
|
+
{
|
|
117
|
+
"address": "grpc.server.request.message"
|
|
118
|
+
},
|
|
119
|
+
{
|
|
120
|
+
"address": "graphql.server.all_resolvers"
|
|
111
121
|
}
|
|
112
122
|
],
|
|
113
123
|
"list": [
|
|
@@ -144,6 +154,8 @@
|
|
|
144
154
|
"type": "http_protocol_violation",
|
|
145
155
|
"crs_id": "920260",
|
|
146
156
|
"category": "attack_attempt",
|
|
157
|
+
"cwe": "176",
|
|
158
|
+
"capec": "1000/255/153/267/71",
|
|
147
159
|
"confidence": "0"
|
|
148
160
|
},
|
|
149
161
|
"conditions": [
|
|
@@ -171,7 +183,9 @@
|
|
|
171
183
|
"tags": {
|
|
172
184
|
"type": "http_protocol_violation",
|
|
173
185
|
"crs_id": "921110",
|
|
174
|
-
"category": "attack_attempt"
|
|
186
|
+
"category": "attack_attempt",
|
|
187
|
+
"cwe": "444",
|
|
188
|
+
"capec": "1000/210/272/220/33"
|
|
175
189
|
},
|
|
176
190
|
"conditions": [
|
|
177
191
|
{
|
|
@@ -206,7 +220,9 @@
|
|
|
206
220
|
"tags": {
|
|
207
221
|
"type": "http_protocol_violation",
|
|
208
222
|
"crs_id": "921160",
|
|
209
|
-
"category": "attack_attempt"
|
|
223
|
+
"category": "attack_attempt",
|
|
224
|
+
"cwe": "113",
|
|
225
|
+
"capec": "1000/210/272/220/105"
|
|
210
226
|
},
|
|
211
227
|
"conditions": [
|
|
212
228
|
{
|
|
@@ -239,6 +255,8 @@
|
|
|
239
255
|
"type": "lfi",
|
|
240
256
|
"crs_id": "930100",
|
|
241
257
|
"category": "attack_attempt",
|
|
258
|
+
"cwe": "22",
|
|
259
|
+
"capec": "1000/255/153/126",
|
|
242
260
|
"confidence": "1"
|
|
243
261
|
},
|
|
244
262
|
"conditions": [
|
|
@@ -271,6 +289,8 @@
|
|
|
271
289
|
"type": "lfi",
|
|
272
290
|
"crs_id": "930110",
|
|
273
291
|
"category": "attack_attempt",
|
|
292
|
+
"cwe": "22",
|
|
293
|
+
"capec": "1000/255/153/126",
|
|
274
294
|
"confidence": "1"
|
|
275
295
|
},
|
|
276
296
|
"conditions": [
|
|
@@ -304,6 +324,8 @@
|
|
|
304
324
|
"type": "lfi",
|
|
305
325
|
"crs_id": "930120",
|
|
306
326
|
"category": "attack_attempt",
|
|
327
|
+
"cwe": "22",
|
|
328
|
+
"capec": "1000/255/153/126",
|
|
307
329
|
"confidence": "1"
|
|
308
330
|
},
|
|
309
331
|
"conditions": [
|
|
@@ -321,6 +343,9 @@
|
|
|
321
343
|
},
|
|
322
344
|
{
|
|
323
345
|
"address": "grpc.server.request.message"
|
|
346
|
+
},
|
|
347
|
+
{
|
|
348
|
+
"address": "graphql.server.all_resolvers"
|
|
324
349
|
}
|
|
325
350
|
],
|
|
326
351
|
"list": [
|
|
@@ -1743,7 +1768,10 @@
|
|
|
1743
1768
|
"sys/hypervisor",
|
|
1744
1769
|
"sys/kernel",
|
|
1745
1770
|
"sys/module",
|
|
1746
|
-
"sys/power"
|
|
1771
|
+
"sys/power",
|
|
1772
|
+
"windows\\win.ini",
|
|
1773
|
+
"default\\ntuser.dat",
|
|
1774
|
+
"/var/run/secrets/kubernetes.io/serviceaccount"
|
|
1747
1775
|
]
|
|
1748
1776
|
},
|
|
1749
1777
|
"operator": "phrase_match"
|
|
@@ -1761,6 +1789,8 @@
|
|
|
1761
1789
|
"type": "rfi",
|
|
1762
1790
|
"crs_id": "931110",
|
|
1763
1791
|
"category": "attack_attempt",
|
|
1792
|
+
"cwe": "98",
|
|
1793
|
+
"capec": "1000/152/175/253/193",
|
|
1764
1794
|
"confidence": "1"
|
|
1765
1795
|
},
|
|
1766
1796
|
"conditions": [
|
|
@@ -1787,7 +1817,9 @@
|
|
|
1787
1817
|
"tags": {
|
|
1788
1818
|
"type": "rfi",
|
|
1789
1819
|
"crs_id": "931120",
|
|
1790
|
-
"category": "attack_attempt"
|
|
1820
|
+
"category": "attack_attempt",
|
|
1821
|
+
"cwe": "98",
|
|
1822
|
+
"capec": "1000/152/175/253/193"
|
|
1791
1823
|
},
|
|
1792
1824
|
"conditions": [
|
|
1793
1825
|
{
|
|
@@ -1801,6 +1833,12 @@
|
|
|
1801
1833
|
},
|
|
1802
1834
|
{
|
|
1803
1835
|
"address": "server.request.path_params"
|
|
1836
|
+
},
|
|
1837
|
+
{
|
|
1838
|
+
"address": "grpc.server.request.message"
|
|
1839
|
+
},
|
|
1840
|
+
{
|
|
1841
|
+
"address": "graphql.server.all_resolvers"
|
|
1804
1842
|
}
|
|
1805
1843
|
],
|
|
1806
1844
|
"regex": "^(?i:file|ftps?)://.*?\\?+$",
|
|
@@ -1821,6 +1859,8 @@
|
|
|
1821
1859
|
"type": "command_injection",
|
|
1822
1860
|
"crs_id": "932160",
|
|
1823
1861
|
"category": "attack_attempt",
|
|
1862
|
+
"cwe": "77",
|
|
1863
|
+
"capec": "1000/152/248/88",
|
|
1824
1864
|
"confidence": "1"
|
|
1825
1865
|
},
|
|
1826
1866
|
"conditions": [
|
|
@@ -1838,6 +1878,9 @@
|
|
|
1838
1878
|
},
|
|
1839
1879
|
{
|
|
1840
1880
|
"address": "grpc.server.request.message"
|
|
1881
|
+
},
|
|
1882
|
+
{
|
|
1883
|
+
"address": "graphql.server.all_resolvers"
|
|
1841
1884
|
}
|
|
1842
1885
|
],
|
|
1843
1886
|
"list": [
|
|
@@ -2312,7 +2355,8 @@
|
|
|
2312
2355
|
}
|
|
2313
2356
|
],
|
|
2314
2357
|
"transformers": [
|
|
2315
|
-
"lowercase"
|
|
2358
|
+
"lowercase",
|
|
2359
|
+
"cmdLine"
|
|
2316
2360
|
]
|
|
2317
2361
|
},
|
|
2318
2362
|
{
|
|
@@ -2322,6 +2366,8 @@
|
|
|
2322
2366
|
"type": "command_injection",
|
|
2323
2367
|
"crs_id": "932171",
|
|
2324
2368
|
"category": "attack_attempt",
|
|
2369
|
+
"cwe": "77",
|
|
2370
|
+
"capec": "1000/152/248/88",
|
|
2325
2371
|
"confidence": "1"
|
|
2326
2372
|
},
|
|
2327
2373
|
"conditions": [
|
|
@@ -2342,6 +2388,9 @@
|
|
|
2342
2388
|
},
|
|
2343
2389
|
{
|
|
2344
2390
|
"address": "grpc.server.request.message"
|
|
2391
|
+
},
|
|
2392
|
+
{
|
|
2393
|
+
"address": "graphql.server.all_resolvers"
|
|
2345
2394
|
}
|
|
2346
2395
|
],
|
|
2347
2396
|
"regex": "^\\(\\s*\\)\\s+{",
|
|
@@ -2362,6 +2411,8 @@
|
|
|
2362
2411
|
"type": "command_injection",
|
|
2363
2412
|
"crs_id": "932180",
|
|
2364
2413
|
"category": "attack_attempt",
|
|
2414
|
+
"cwe": "706",
|
|
2415
|
+
"capec": "1000/225/122/17/177",
|
|
2365
2416
|
"confidence": "1"
|
|
2366
2417
|
},
|
|
2367
2418
|
"conditions": [
|
|
@@ -2421,6 +2472,8 @@
|
|
|
2421
2472
|
"type": "unrestricted_file_upload",
|
|
2422
2473
|
"crs_id": "933111",
|
|
2423
2474
|
"category": "attack_attempt",
|
|
2475
|
+
"cwe": "434",
|
|
2476
|
+
"capec": "1000/225/122/17/650",
|
|
2424
2477
|
"confidence": "1"
|
|
2425
2478
|
},
|
|
2426
2479
|
"conditions": [
|
|
@@ -2472,6 +2525,8 @@
|
|
|
2472
2525
|
"type": "php_code_injection",
|
|
2473
2526
|
"crs_id": "933130",
|
|
2474
2527
|
"category": "attack_attempt",
|
|
2528
|
+
"cwe": "94",
|
|
2529
|
+
"capec": "1000/225/122/17/650",
|
|
2475
2530
|
"confidence": "1"
|
|
2476
2531
|
},
|
|
2477
2532
|
"conditions": [
|
|
@@ -2489,6 +2544,9 @@
|
|
|
2489
2544
|
},
|
|
2490
2545
|
{
|
|
2491
2546
|
"address": "grpc.server.request.message"
|
|
2547
|
+
},
|
|
2548
|
+
{
|
|
2549
|
+
"address": "graphql.server.all_resolvers"
|
|
2492
2550
|
}
|
|
2493
2551
|
],
|
|
2494
2552
|
"list": [
|
|
@@ -2528,7 +2586,9 @@
|
|
|
2528
2586
|
"tags": {
|
|
2529
2587
|
"type": "php_code_injection",
|
|
2530
2588
|
"crs_id": "933131",
|
|
2531
|
-
"category": "attack_attempt"
|
|
2589
|
+
"category": "attack_attempt",
|
|
2590
|
+
"cwe": "94",
|
|
2591
|
+
"capec": "1000/225/122/17/650"
|
|
2532
2592
|
},
|
|
2533
2593
|
"conditions": [
|
|
2534
2594
|
{
|
|
@@ -2545,6 +2605,9 @@
|
|
|
2545
2605
|
},
|
|
2546
2606
|
{
|
|
2547
2607
|
"address": "grpc.server.request.message"
|
|
2608
|
+
},
|
|
2609
|
+
{
|
|
2610
|
+
"address": "graphql.server.all_resolvers"
|
|
2548
2611
|
}
|
|
2549
2612
|
],
|
|
2550
2613
|
"regex": "(?:HTTP_(?:ACCEPT(?:_(?:ENCODING|LANGUAGE|CHARSET))?|(?:X_FORWARDED_FO|REFERE)R|(?:USER_AGEN|HOS)T|CONNECTION|KEEP_ALIVE)|PATH_(?:TRANSLATED|INFO)|ORIG_PATH_INFO|QUERY_STRING|REQUEST_URI|AUTH_TYPE)",
|
|
@@ -2565,6 +2628,8 @@
|
|
|
2565
2628
|
"type": "php_code_injection",
|
|
2566
2629
|
"crs_id": "933140",
|
|
2567
2630
|
"category": "attack_attempt",
|
|
2631
|
+
"cwe": "94",
|
|
2632
|
+
"capec": "1000/225/122/17/650",
|
|
2568
2633
|
"confidence": "1"
|
|
2569
2634
|
},
|
|
2570
2635
|
"conditions": [
|
|
@@ -2582,6 +2647,9 @@
|
|
|
2582
2647
|
},
|
|
2583
2648
|
{
|
|
2584
2649
|
"address": "grpc.server.request.message"
|
|
2650
|
+
},
|
|
2651
|
+
{
|
|
2652
|
+
"address": "graphql.server.all_resolvers"
|
|
2585
2653
|
}
|
|
2586
2654
|
],
|
|
2587
2655
|
"regex": "php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)",
|
|
@@ -2601,6 +2669,8 @@
|
|
|
2601
2669
|
"type": "php_code_injection",
|
|
2602
2670
|
"crs_id": "933150",
|
|
2603
2671
|
"category": "attack_attempt",
|
|
2672
|
+
"cwe": "94",
|
|
2673
|
+
"capec": "1000/225/122/17/650",
|
|
2604
2674
|
"confidence": "1"
|
|
2605
2675
|
},
|
|
2606
2676
|
"conditions": [
|
|
@@ -2618,6 +2688,9 @@
|
|
|
2618
2688
|
},
|
|
2619
2689
|
{
|
|
2620
2690
|
"address": "grpc.server.request.message"
|
|
2691
|
+
},
|
|
2692
|
+
{
|
|
2693
|
+
"address": "graphql.server.all_resolvers"
|
|
2621
2694
|
}
|
|
2622
2695
|
],
|
|
2623
2696
|
"list": [
|
|
@@ -2680,7 +2753,9 @@
|
|
|
2680
2753
|
"tags": {
|
|
2681
2754
|
"type": "php_code_injection",
|
|
2682
2755
|
"crs_id": "933160",
|
|
2683
|
-
"category": "attack_attempt"
|
|
2756
|
+
"category": "attack_attempt",
|
|
2757
|
+
"cwe": "94",
|
|
2758
|
+
"capec": "1000/225/122/17/650"
|
|
2684
2759
|
},
|
|
2685
2760
|
"conditions": [
|
|
2686
2761
|
{
|
|
@@ -2697,6 +2772,9 @@
|
|
|
2697
2772
|
},
|
|
2698
2773
|
{
|
|
2699
2774
|
"address": "grpc.server.request.message"
|
|
2775
|
+
},
|
|
2776
|
+
{
|
|
2777
|
+
"address": "graphql.server.all_resolvers"
|
|
2700
2778
|
}
|
|
2701
2779
|
],
|
|
2702
2780
|
"regex": "\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?|tob)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|b(?:(?:son_(?:de|en)|ase64_en)code|zopen|toa)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|var_dump)(?:\\s|/\\*.*\\*/|//.*|#.*|\\\"|')*\\((?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?,)*(?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?)?\\)",
|
|
@@ -2717,6 +2795,8 @@
|
|
|
2717
2795
|
"type": "php_code_injection",
|
|
2718
2796
|
"crs_id": "933170",
|
|
2719
2797
|
"category": "attack_attempt",
|
|
2798
|
+
"cwe": "502",
|
|
2799
|
+
"capec": "1000/152/586",
|
|
2720
2800
|
"confidence": "1"
|
|
2721
2801
|
},
|
|
2722
2802
|
"conditions": [
|
|
@@ -2737,6 +2817,9 @@
|
|
|
2737
2817
|
},
|
|
2738
2818
|
{
|
|
2739
2819
|
"address": "grpc.server.request.message"
|
|
2820
|
+
},
|
|
2821
|
+
{
|
|
2822
|
+
"address": "graphql.server.all_resolvers"
|
|
2740
2823
|
}
|
|
2741
2824
|
],
|
|
2742
2825
|
"regex": "[oOcC]:\\d+:\\\".+?\\\":\\d+:{[\\W\\w]*}",
|
|
@@ -2756,7 +2839,9 @@
|
|
|
2756
2839
|
"tags": {
|
|
2757
2840
|
"type": "php_code_injection",
|
|
2758
2841
|
"crs_id": "933200",
|
|
2759
|
-
"category": "attack_attempt"
|
|
2842
|
+
"category": "attack_attempt",
|
|
2843
|
+
"cwe": "502",
|
|
2844
|
+
"capec": "1000/152/586"
|
|
2760
2845
|
},
|
|
2761
2846
|
"conditions": [
|
|
2762
2847
|
{
|
|
@@ -2773,6 +2858,9 @@
|
|
|
2773
2858
|
},
|
|
2774
2859
|
{
|
|
2775
2860
|
"address": "grpc.server.request.message"
|
|
2861
|
+
},
|
|
2862
|
+
{
|
|
2863
|
+
"address": "graphql.server.all_resolvers"
|
|
2776
2864
|
}
|
|
2777
2865
|
],
|
|
2778
2866
|
"regex": "(?:(?:bzip|ssh)2|z(?:lib|ip)|(?:ph|r)ar|expect|glob|ogg)://",
|
|
@@ -2794,7 +2882,9 @@
|
|
|
2794
2882
|
"tags": {
|
|
2795
2883
|
"type": "js_code_injection",
|
|
2796
2884
|
"crs_id": "934100",
|
|
2797
|
-
"category": "attack_attempt"
|
|
2885
|
+
"category": "attack_attempt",
|
|
2886
|
+
"cwe": "94",
|
|
2887
|
+
"capec": "1000/152/242"
|
|
2798
2888
|
},
|
|
2799
2889
|
"conditions": [
|
|
2800
2890
|
{
|
|
@@ -2811,6 +2901,9 @@
|
|
|
2811
2901
|
},
|
|
2812
2902
|
{
|
|
2813
2903
|
"address": "grpc.server.request.message"
|
|
2904
|
+
},
|
|
2905
|
+
{
|
|
2906
|
+
"address": "graphql.server.all_resolvers"
|
|
2814
2907
|
}
|
|
2815
2908
|
],
|
|
2816
2909
|
"regex": "\\b(?:(?:l(?:(?:utimes|chmod)(?:Sync)?|(?:stat|ink)Sync)|w(?:rite(?:(?:File|v)(?:Sync)?|Sync)|atchFile)|u(?:n(?:watchFile|linkSync)|times(?:Sync)?)|s(?:(?:ymlink|tat)Sync|pawn(?:File|Sync))|ex(?:ec(?:File(?:Sync)?|Sync)|istsSync)|a(?:ppendFile|ccess)(?:Sync)?|(?:Caveat|Inode)s|open(?:dir)?Sync|new\\s+Function|Availability|\\beval)\\s*\\(|m(?:ain(?:Module\\s*(?:\\W*\\s*(?:constructor|require)|\\[)|\\s*(?:\\W*\\s*(?:constructor|require)|\\[))|kd(?:temp(?:Sync)?|irSync)\\s*\\(|odule\\.exports\\s*=)|c(?:(?:(?:h(?:mod|own)|lose)Sync|reate(?:Write|Read)Stream|p(?:Sync)?)\\s*\\(|o(?:nstructor\\s*(?:\\W*\\s*_load|\\[)|pyFile(?:Sync)?\\s*\\())|f(?:(?:(?:s(?:(?:yncS)?|tatS)|datas(?:yncS)?)ync|ch(?:mod|own)(?:Sync)?)\\s*\\(|u(?:nction\\s*\\(\\s*\\)\\s*{|times(?:Sync)?\\s*\\())|r(?:e(?:(?:ad(?:(?:File|link|dir)?Sync|v(?:Sync)?)|nameSync)\\s*\\(|quire\\s*(?:\\W*\\s*main|\\[))|m(?:Sync)?\\s*\\()|process\\s*(?:\\W*\\s*(?:mainModule|binding)|\\[)|t(?:his\\.constructor|runcateSync\\s*\\()|_(?:\\$\\$ND_FUNC\\$\\$_|_js_function)|global\\s*(?:\\W*\\s*process|\\[)|String\\s*\\.\\s*fromCharCode|binding\\s*\\[)",
|
|
@@ -2831,7 +2924,9 @@
|
|
|
2831
2924
|
"type": "js_code_injection",
|
|
2832
2925
|
"crs_id": "934101",
|
|
2833
2926
|
"category": "attack_attempt",
|
|
2834
|
-
"confidence": "1"
|
|
2927
|
+
"confidence": "1",
|
|
2928
|
+
"cwe": "94",
|
|
2929
|
+
"capec": "1000/152/242"
|
|
2835
2930
|
},
|
|
2836
2931
|
"conditions": [
|
|
2837
2932
|
{
|
|
@@ -2848,6 +2943,9 @@
|
|
|
2848
2943
|
},
|
|
2849
2944
|
{
|
|
2850
2945
|
"address": "grpc.server.request.message"
|
|
2946
|
+
},
|
|
2947
|
+
{
|
|
2948
|
+
"address": "graphql.server.all_resolvers"
|
|
2851
2949
|
}
|
|
2852
2950
|
],
|
|
2853
2951
|
"regex": "\\b(?:w(?:atch|rite)|(?:spaw|ope)n|exists|close|fork|read)\\s*\\(",
|
|
@@ -2868,6 +2966,8 @@
|
|
|
2868
2966
|
"type": "xss",
|
|
2869
2967
|
"crs_id": "941110",
|
|
2870
2968
|
"category": "attack_attempt",
|
|
2969
|
+
"cwe": "80",
|
|
2970
|
+
"capec": "1000/152/242/63/591",
|
|
2871
2971
|
"confidence": "1"
|
|
2872
2972
|
},
|
|
2873
2973
|
"conditions": [
|
|
@@ -2897,6 +2997,9 @@
|
|
|
2897
2997
|
},
|
|
2898
2998
|
{
|
|
2899
2999
|
"address": "grpc.server.request.message"
|
|
3000
|
+
},
|
|
3001
|
+
{
|
|
3002
|
+
"address": "graphql.server.all_resolvers"
|
|
2900
3003
|
}
|
|
2901
3004
|
],
|
|
2902
3005
|
"regex": "<script[^>]*>[\\s\\S]*?",
|
|
@@ -2919,6 +3022,8 @@
|
|
|
2919
3022
|
"type": "xss",
|
|
2920
3023
|
"crs_id": "941120",
|
|
2921
3024
|
"category": "attack_attempt",
|
|
3025
|
+
"cwe": "83",
|
|
3026
|
+
"capec": "1000/152/242/63/591/243",
|
|
2922
3027
|
"confidence": "1"
|
|
2923
3028
|
},
|
|
2924
3029
|
"conditions": [
|
|
@@ -2948,9 +3053,12 @@
|
|
|
2948
3053
|
},
|
|
2949
3054
|
{
|
|
2950
3055
|
"address": "grpc.server.request.message"
|
|
3056
|
+
},
|
|
3057
|
+
{
|
|
3058
|
+
"address": "graphql.server.all_resolvers"
|
|
2951
3059
|
}
|
|
2952
3060
|
],
|
|
2953
|
-
"regex": "
|
|
3061
|
+
"regex": "\\bon(?:d(?:r(?:ag(?:en(?:ter|d)|leave|start|over)?|op)|urationchange|blclick)|s(?:e(?:ek(?:ing|ed)|arch|lect)|u(?:spend|bmit)|talled|croll|how)|m(?:ouse(?:(?:lea|mo)ve|o(?:ver|ut)|enter|down|up)|essage)|p(?:a(?:ge(?:hide|show)|(?:st|us)e)|lay(?:ing)?|rogress|aste|ointer(?:cancel|down|enter|leave|move|out|over|rawupdate|up))|c(?:anplay(?:through)?|o(?:ntextmenu|py)|hange|lick|ut)|a(?:nimation(?:iteration|start|end)|(?:fterprin|bor)t|uxclick|fterscriptexecute)|t(?:o(?:uch(?:cancel|start|move|end)|ggle)|imeupdate)|f(?:ullscreen(?:change|error)|ocus(?:out|in)?|inish)|(?:(?:volume|hash)chang|o(?:ff|n)lin)e|b(?:efore(?:unload|print)|lur)|load(?:ed(?:meta)?data|start|end)?|r(?:es(?:ize|et)|atechange)|key(?:press|down|up)|w(?:aiting|heel)|in(?:valid|put)|e(?:nded|rror)|unload)[\\s\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]*?=[^=]",
|
|
2954
3062
|
"options": {
|
|
2955
3063
|
"min_length": 8
|
|
2956
3064
|
}
|
|
@@ -2970,6 +3078,8 @@
|
|
|
2970
3078
|
"type": "xss",
|
|
2971
3079
|
"crs_id": "941140",
|
|
2972
3080
|
"category": "attack_attempt",
|
|
3081
|
+
"cwe": "84",
|
|
3082
|
+
"capec": "1000/152/242/63/591/244",
|
|
2973
3083
|
"confidence": "1"
|
|
2974
3084
|
},
|
|
2975
3085
|
"conditions": [
|
|
@@ -2999,6 +3109,9 @@
|
|
|
2999
3109
|
},
|
|
3000
3110
|
{
|
|
3001
3111
|
"address": "grpc.server.request.message"
|
|
3112
|
+
},
|
|
3113
|
+
{
|
|
3114
|
+
"address": "graphql.server.all_resolvers"
|
|
3002
3115
|
}
|
|
3003
3116
|
],
|
|
3004
3117
|
"regex": "[a-z]+=(?:[^:=]+:.+;)*?[^:=]+:url\\(javascript",
|
|
@@ -3021,6 +3134,8 @@
|
|
|
3021
3134
|
"type": "xss",
|
|
3022
3135
|
"crs_id": "941170",
|
|
3023
3136
|
"category": "attack_attempt",
|
|
3137
|
+
"cwe": "83",
|
|
3138
|
+
"capec": "1000/152/242/63/591/243",
|
|
3024
3139
|
"confidence": "1"
|
|
3025
3140
|
},
|
|
3026
3141
|
"conditions": [
|
|
@@ -3047,6 +3162,12 @@
|
|
|
3047
3162
|
},
|
|
3048
3163
|
{
|
|
3049
3164
|
"address": "server.request.path_params"
|
|
3165
|
+
},
|
|
3166
|
+
{
|
|
3167
|
+
"address": "grpc.server.request.message"
|
|
3168
|
+
},
|
|
3169
|
+
{
|
|
3170
|
+
"address": "graphql.server.all_resolvers"
|
|
3050
3171
|
}
|
|
3051
3172
|
],
|
|
3052
3173
|
"regex": "(?:\\W|^)(?:javascript:(?:[\\s\\S]+[=\\x5c\\(\\[\\.<]|[\\s\\S]*?(?:\\bname\\b|\\x5c[ux]\\d)))|@\\W*?i\\W*?m\\W*?p\\W*?o\\W*?r\\W*?t\\W*?(?:/\\*[\\s\\S]*?)?(?:[\\\"']|\\W*?u\\W*?r\\W*?l[\\s\\S]*?\\()|[^-]*?-\\W*?m\\W*?o\\W*?z\\W*?-\\W*?b\\W*?i\\W*?n\\W*?d\\W*?i\\W*?n\\W*?g[^:]*?:\\W*?u\\W*?r\\W*?l[\\s\\S]*?\\(",
|
|
@@ -3068,7 +3189,9 @@
|
|
|
3068
3189
|
"tags": {
|
|
3069
3190
|
"type": "xss",
|
|
3070
3191
|
"crs_id": "941180",
|
|
3071
|
-
"category": "attack_attempt"
|
|
3192
|
+
"category": "attack_attempt",
|
|
3193
|
+
"cwe": "79",
|
|
3194
|
+
"capec": "1000/152/242/63/591"
|
|
3072
3195
|
},
|
|
3073
3196
|
"conditions": [
|
|
3074
3197
|
{
|
|
@@ -3085,6 +3208,9 @@
|
|
|
3085
3208
|
},
|
|
3086
3209
|
{
|
|
3087
3210
|
"address": "grpc.server.request.message"
|
|
3211
|
+
},
|
|
3212
|
+
{
|
|
3213
|
+
"address": "graphql.server.all_resolvers"
|
|
3088
3214
|
}
|
|
3089
3215
|
],
|
|
3090
3216
|
"list": [
|
|
@@ -3111,6 +3237,8 @@
|
|
|
3111
3237
|
"type": "xss",
|
|
3112
3238
|
"crs_id": "941200",
|
|
3113
3239
|
"category": "attack_attempt",
|
|
3240
|
+
"cwe": "80",
|
|
3241
|
+
"capec": "1000/152/242/63/591",
|
|
3114
3242
|
"confidence": "1"
|
|
3115
3243
|
},
|
|
3116
3244
|
"conditions": [
|
|
@@ -3128,6 +3256,9 @@
|
|
|
3128
3256
|
},
|
|
3129
3257
|
{
|
|
3130
3258
|
"address": "grpc.server.request.message"
|
|
3259
|
+
},
|
|
3260
|
+
{
|
|
3261
|
+
"address": "graphql.server.all_resolvers"
|
|
3131
3262
|
}
|
|
3132
3263
|
],
|
|
3133
3264
|
"regex": "(?i:<.*[:]?vmlframe.*?[\\s/+]*?src[\\s/+]*=)",
|
|
@@ -3150,6 +3281,8 @@
|
|
|
3150
3281
|
"type": "xss",
|
|
3151
3282
|
"crs_id": "941210",
|
|
3152
3283
|
"category": "attack_attempt",
|
|
3284
|
+
"cwe": "80",
|
|
3285
|
+
"capec": "1000/152/242/63/591",
|
|
3153
3286
|
"confidence": "1"
|
|
3154
3287
|
},
|
|
3155
3288
|
"conditions": [
|
|
@@ -3167,6 +3300,9 @@
|
|
|
3167
3300
|
},
|
|
3168
3301
|
{
|
|
3169
3302
|
"address": "grpc.server.request.message"
|
|
3303
|
+
},
|
|
3304
|
+
{
|
|
3305
|
+
"address": "graphql.server.all_resolvers"
|
|
3170
3306
|
}
|
|
3171
3307
|
],
|
|
3172
3308
|
"regex": "(?i:(?:j|&#x?0*(?:74|4A|106|6A);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:v|&#x?0*(?:86|56|118|76);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)",
|
|
@@ -3189,6 +3325,8 @@
|
|
|
3189
3325
|
"type": "xss",
|
|
3190
3326
|
"crs_id": "941220",
|
|
3191
3327
|
"category": "attack_attempt",
|
|
3328
|
+
"cwe": "80",
|
|
3329
|
+
"capec": "1000/152/242/63/591",
|
|
3192
3330
|
"confidence": "1"
|
|
3193
3331
|
},
|
|
3194
3332
|
"conditions": [
|
|
@@ -3206,6 +3344,9 @@
|
|
|
3206
3344
|
},
|
|
3207
3345
|
{
|
|
3208
3346
|
"address": "grpc.server.request.message"
|
|
3347
|
+
},
|
|
3348
|
+
{
|
|
3349
|
+
"address": "graphql.server.all_resolvers"
|
|
3209
3350
|
}
|
|
3210
3351
|
],
|
|
3211
3352
|
"regex": "(?i:(?:v|&#x?0*(?:86|56|118|76);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:b|&#x?0*(?:66|42|98|62);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)",
|
|
@@ -3228,6 +3369,8 @@
|
|
|
3228
3369
|
"type": "xss",
|
|
3229
3370
|
"crs_id": "941230",
|
|
3230
3371
|
"category": "attack_attempt",
|
|
3372
|
+
"cwe": "83",
|
|
3373
|
+
"capec": "1000/152/242/63/591/243",
|
|
3231
3374
|
"confidence": "1"
|
|
3232
3375
|
},
|
|
3233
3376
|
"conditions": [
|
|
@@ -3245,6 +3388,9 @@
|
|
|
3245
3388
|
},
|
|
3246
3389
|
{
|
|
3247
3390
|
"address": "grpc.server.request.message"
|
|
3391
|
+
},
|
|
3392
|
+
{
|
|
3393
|
+
"address": "graphql.server.all_resolvers"
|
|
3248
3394
|
}
|
|
3249
3395
|
],
|
|
3250
3396
|
"regex": "<EMBED[\\s/+].*?(?:src|type).*?=",
|
|
@@ -3266,6 +3412,8 @@
|
|
|
3266
3412
|
"type": "xss",
|
|
3267
3413
|
"crs_id": "941240",
|
|
3268
3414
|
"category": "attack_attempt",
|
|
3415
|
+
"cwe": "83",
|
|
3416
|
+
"capec": "1000/152/242/63/591/243",
|
|
3269
3417
|
"confidence": "1"
|
|
3270
3418
|
},
|
|
3271
3419
|
"conditions": [
|
|
@@ -3283,6 +3431,9 @@
|
|
|
3283
3431
|
},
|
|
3284
3432
|
{
|
|
3285
3433
|
"address": "grpc.server.request.message"
|
|
3434
|
+
},
|
|
3435
|
+
{
|
|
3436
|
+
"address": "graphql.server.all_resolvers"
|
|
3286
3437
|
}
|
|
3287
3438
|
],
|
|
3288
3439
|
"regex": "<[?]?import[\\s/+\\S]*?implementation[\\s/+]*?=",
|
|
@@ -3305,7 +3456,9 @@
|
|
|
3305
3456
|
"tags": {
|
|
3306
3457
|
"type": "xss",
|
|
3307
3458
|
"crs_id": "941270",
|
|
3308
|
-
"category": "attack_attempt"
|
|
3459
|
+
"category": "attack_attempt",
|
|
3460
|
+
"cwe": "83",
|
|
3461
|
+
"capec": "1000/152/242/63/591/243"
|
|
3309
3462
|
},
|
|
3310
3463
|
"conditions": [
|
|
3311
3464
|
{
|
|
@@ -3322,6 +3475,9 @@
|
|
|
3322
3475
|
},
|
|
3323
3476
|
{
|
|
3324
3477
|
"address": "grpc.server.request.message"
|
|
3478
|
+
},
|
|
3479
|
+
{
|
|
3480
|
+
"address": "graphql.server.all_resolvers"
|
|
3325
3481
|
}
|
|
3326
3482
|
],
|
|
3327
3483
|
"regex": "<LINK[\\s/+].*?href[\\s/+]*=",
|
|
@@ -3343,6 +3499,8 @@
|
|
|
3343
3499
|
"type": "xss",
|
|
3344
3500
|
"crs_id": "941280",
|
|
3345
3501
|
"category": "attack_attempt",
|
|
3502
|
+
"cwe": "83",
|
|
3503
|
+
"capec": "1000/152/242/63/591/243",
|
|
3346
3504
|
"confidence": "1"
|
|
3347
3505
|
},
|
|
3348
3506
|
"conditions": [
|
|
@@ -3360,6 +3518,9 @@
|
|
|
3360
3518
|
},
|
|
3361
3519
|
{
|
|
3362
3520
|
"address": "grpc.server.request.message"
|
|
3521
|
+
},
|
|
3522
|
+
{
|
|
3523
|
+
"address": "graphql.server.all_resolvers"
|
|
3363
3524
|
}
|
|
3364
3525
|
],
|
|
3365
3526
|
"regex": "<BASE[\\s/+].*?href[\\s/+]*=",
|
|
@@ -3381,6 +3542,8 @@
|
|
|
3381
3542
|
"type": "xss",
|
|
3382
3543
|
"crs_id": "941290",
|
|
3383
3544
|
"category": "attack_attempt",
|
|
3545
|
+
"cwe": "83",
|
|
3546
|
+
"capec": "1000/152/242/63/591/243",
|
|
3384
3547
|
"confidence": "1"
|
|
3385
3548
|
},
|
|
3386
3549
|
"conditions": [
|
|
@@ -3398,6 +3561,9 @@
|
|
|
3398
3561
|
},
|
|
3399
3562
|
{
|
|
3400
3563
|
"address": "grpc.server.request.message"
|
|
3564
|
+
},
|
|
3565
|
+
{
|
|
3566
|
+
"address": "graphql.server.all_resolvers"
|
|
3401
3567
|
}
|
|
3402
3568
|
],
|
|
3403
3569
|
"regex": "<APPLET[\\s/+>]",
|
|
@@ -3419,6 +3585,8 @@
|
|
|
3419
3585
|
"type": "xss",
|
|
3420
3586
|
"crs_id": "941300",
|
|
3421
3587
|
"category": "attack_attempt",
|
|
3588
|
+
"cwe": "83",
|
|
3589
|
+
"capec": "1000/152/242/63/591/243",
|
|
3422
3590
|
"confidence": "1"
|
|
3423
3591
|
},
|
|
3424
3592
|
"conditions": [
|
|
@@ -3436,6 +3604,9 @@
|
|
|
3436
3604
|
},
|
|
3437
3605
|
{
|
|
3438
3606
|
"address": "grpc.server.request.message"
|
|
3607
|
+
},
|
|
3608
|
+
{
|
|
3609
|
+
"address": "graphql.server.all_resolvers"
|
|
3439
3610
|
}
|
|
3440
3611
|
],
|
|
3441
3612
|
"regex": "<OBJECT[\\s/+].*?(?:type|codetype|classid|code|data)[\\s/+]*=",
|
|
@@ -3457,6 +3628,8 @@
|
|
|
3457
3628
|
"type": "xss",
|
|
3458
3629
|
"crs_id": "941350",
|
|
3459
3630
|
"category": "attack_attempt",
|
|
3631
|
+
"cwe": "87",
|
|
3632
|
+
"capec": "1000/152/242/63/591/199",
|
|
3460
3633
|
"confidence": "1"
|
|
3461
3634
|
},
|
|
3462
3635
|
"conditions": [
|
|
@@ -3474,6 +3647,9 @@
|
|
|
3474
3647
|
},
|
|
3475
3648
|
{
|
|
3476
3649
|
"address": "grpc.server.request.message"
|
|
3650
|
+
},
|
|
3651
|
+
{
|
|
3652
|
+
"address": "graphql.server.all_resolvers"
|
|
3477
3653
|
}
|
|
3478
3654
|
],
|
|
3479
3655
|
"regex": "\\+ADw-.*(?:\\+AD4-|>)|<.*\\+AD4-",
|
|
@@ -3493,7 +3669,9 @@
|
|
|
3493
3669
|
"tags": {
|
|
3494
3670
|
"type": "xss",
|
|
3495
3671
|
"crs_id": "941360",
|
|
3496
|
-
"category": "attack_attempt"
|
|
3672
|
+
"category": "attack_attempt",
|
|
3673
|
+
"cwe": "87",
|
|
3674
|
+
"capec": "1000/152/242/63/591/199"
|
|
3497
3675
|
},
|
|
3498
3676
|
"conditions": [
|
|
3499
3677
|
{
|
|
@@ -3510,6 +3688,9 @@
|
|
|
3510
3688
|
},
|
|
3511
3689
|
{
|
|
3512
3690
|
"address": "grpc.server.request.message"
|
|
3691
|
+
},
|
|
3692
|
+
{
|
|
3693
|
+
"address": "graphql.server.all_resolvers"
|
|
3513
3694
|
}
|
|
3514
3695
|
],
|
|
3515
3696
|
"regex": "![!+ ]\\[\\]",
|
|
@@ -3530,7 +3711,9 @@
|
|
|
3530
3711
|
"type": "xss",
|
|
3531
3712
|
"crs_id": "941390",
|
|
3532
3713
|
"category": "attack_attempt",
|
|
3533
|
-
"confidence": "1"
|
|
3714
|
+
"confidence": "1",
|
|
3715
|
+
"cwe": "79",
|
|
3716
|
+
"capec": "1000/152/242/63/591"
|
|
3534
3717
|
},
|
|
3535
3718
|
"conditions": [
|
|
3536
3719
|
{
|
|
@@ -3547,6 +3730,9 @@
|
|
|
3547
3730
|
},
|
|
3548
3731
|
{
|
|
3549
3732
|
"address": "grpc.server.request.message"
|
|
3733
|
+
},
|
|
3734
|
+
{
|
|
3735
|
+
"address": "graphql.server.all_resolvers"
|
|
3550
3736
|
}
|
|
3551
3737
|
],
|
|
3552
3738
|
"regex": "\\b(?i:eval|settimeout|setinterval|new\\s+Function|alert|prompt)[\\s+]*\\([^\\)]",
|
|
@@ -3566,7 +3752,9 @@
|
|
|
3566
3752
|
"tags": {
|
|
3567
3753
|
"type": "sql_injection",
|
|
3568
3754
|
"crs_id": "942100",
|
|
3569
|
-
"category": "attack_attempt"
|
|
3755
|
+
"category": "attack_attempt",
|
|
3756
|
+
"cwe": "89",
|
|
3757
|
+
"capec": "1000/152/248/66"
|
|
3570
3758
|
},
|
|
3571
3759
|
"conditions": [
|
|
3572
3760
|
{
|
|
@@ -3583,6 +3771,9 @@
|
|
|
3583
3771
|
},
|
|
3584
3772
|
{
|
|
3585
3773
|
"address": "grpc.server.request.message"
|
|
3774
|
+
},
|
|
3775
|
+
{
|
|
3776
|
+
"address": "graphql.server.all_resolvers"
|
|
3586
3777
|
}
|
|
3587
3778
|
]
|
|
3588
3779
|
},
|
|
@@ -3600,6 +3791,8 @@
|
|
|
3600
3791
|
"type": "sql_injection",
|
|
3601
3792
|
"crs_id": "942160",
|
|
3602
3793
|
"category": "attack_attempt",
|
|
3794
|
+
"cwe": "89",
|
|
3795
|
+
"capec": "1000/152/248/66/7",
|
|
3603
3796
|
"confidence": "1"
|
|
3604
3797
|
},
|
|
3605
3798
|
"conditions": [
|
|
@@ -3617,6 +3810,9 @@
|
|
|
3617
3810
|
},
|
|
3618
3811
|
{
|
|
3619
3812
|
"address": "grpc.server.request.message"
|
|
3813
|
+
},
|
|
3814
|
+
{
|
|
3815
|
+
"address": "graphql.server.all_resolvers"
|
|
3620
3816
|
}
|
|
3621
3817
|
],
|
|
3622
3818
|
"regex": "(?i:sleep\\(\\s*?\\d*?\\s*?\\)|benchmark\\(.*?\\,.*?\\))",
|
|
@@ -3637,6 +3833,8 @@
|
|
|
3637
3833
|
"type": "sql_injection",
|
|
3638
3834
|
"crs_id": "942240",
|
|
3639
3835
|
"category": "attack_attempt",
|
|
3836
|
+
"cwe": "89",
|
|
3837
|
+
"capec": "1000/152/248/66/7",
|
|
3640
3838
|
"confidence": "1"
|
|
3641
3839
|
},
|
|
3642
3840
|
"conditions": [
|
|
@@ -3654,6 +3852,9 @@
|
|
|
3654
3852
|
},
|
|
3655
3853
|
{
|
|
3656
3854
|
"address": "grpc.server.request.message"
|
|
3855
|
+
},
|
|
3856
|
+
{
|
|
3857
|
+
"address": "graphql.server.all_resolvers"
|
|
3657
3858
|
}
|
|
3658
3859
|
],
|
|
3659
3860
|
"regex": "(?:[\\\"'`](?:;*?\\s*?waitfor\\s+(?:delay|time)\\s+[\\\"'`]|;.*?:\\s*?goto)|alter\\s*?\\w+.*?cha(?:racte)?r\\s+set\\s+\\w+)",
|
|
@@ -3672,7 +3873,9 @@
|
|
|
3672
3873
|
"tags": {
|
|
3673
3874
|
"type": "sql_injection",
|
|
3674
3875
|
"crs_id": "942250",
|
|
3675
|
-
"category": "attack_attempt"
|
|
3876
|
+
"category": "attack_attempt",
|
|
3877
|
+
"cwe": "89",
|
|
3878
|
+
"capec": "1000/152/248/66"
|
|
3676
3879
|
},
|
|
3677
3880
|
"conditions": [
|
|
3678
3881
|
{
|
|
@@ -3689,6 +3892,9 @@
|
|
|
3689
3892
|
},
|
|
3690
3893
|
{
|
|
3691
3894
|
"address": "grpc.server.request.message"
|
|
3895
|
+
},
|
|
3896
|
+
{
|
|
3897
|
+
"address": "graphql.server.all_resolvers"
|
|
3692
3898
|
}
|
|
3693
3899
|
],
|
|
3694
3900
|
"regex": "(?i:merge.*?using\\s*?\\(|execute\\s*?immediate\\s*?[\\\"'`]|match\\s*?[\\w(?:),+-]+\\s*?against\\s*?\\()",
|
|
@@ -3708,7 +3914,9 @@
|
|
|
3708
3914
|
"tags": {
|
|
3709
3915
|
"type": "sql_injection",
|
|
3710
3916
|
"crs_id": "942270",
|
|
3711
|
-
"category": "attack_attempt"
|
|
3917
|
+
"category": "attack_attempt",
|
|
3918
|
+
"cwe": "89",
|
|
3919
|
+
"capec": "1000/152/248/66"
|
|
3712
3920
|
},
|
|
3713
3921
|
"conditions": [
|
|
3714
3922
|
{
|
|
@@ -3725,6 +3933,9 @@
|
|
|
3725
3933
|
},
|
|
3726
3934
|
{
|
|
3727
3935
|
"address": "grpc.server.request.message"
|
|
3936
|
+
},
|
|
3937
|
+
{
|
|
3938
|
+
"address": "graphql.server.all_resolvers"
|
|
3728
3939
|
}
|
|
3729
3940
|
],
|
|
3730
3941
|
"regex": "union.*?select.*?from",
|
|
@@ -3744,6 +3955,8 @@
|
|
|
3744
3955
|
"type": "sql_injection",
|
|
3745
3956
|
"crs_id": "942280",
|
|
3746
3957
|
"category": "attack_attempt",
|
|
3958
|
+
"cwe": "89",
|
|
3959
|
+
"capec": "1000/152/248/66/7",
|
|
3747
3960
|
"confidence": "1"
|
|
3748
3961
|
},
|
|
3749
3962
|
"conditions": [
|
|
@@ -3761,6 +3974,9 @@
|
|
|
3761
3974
|
},
|
|
3762
3975
|
{
|
|
3763
3976
|
"address": "grpc.server.request.message"
|
|
3977
|
+
},
|
|
3978
|
+
{
|
|
3979
|
+
"address": "graphql.server.all_resolvers"
|
|
3764
3980
|
}
|
|
3765
3981
|
],
|
|
3766
3982
|
"regex": "(?:;\\s*?shutdown\\s*?(?:[#;{]|\\/\\*|--)|waitfor\\s*?delay\\s?[\\\"'`]+\\s?\\d|select\\s*?pg_sleep)",
|
|
@@ -3779,7 +3995,9 @@
|
|
|
3779
3995
|
"tags": {
|
|
3780
3996
|
"type": "nosql_injection",
|
|
3781
3997
|
"crs_id": "942290",
|
|
3782
|
-
"category": "attack_attempt"
|
|
3998
|
+
"category": "attack_attempt",
|
|
3999
|
+
"cwe": "943",
|
|
4000
|
+
"capec": "1000/152/248/676"
|
|
3783
4001
|
},
|
|
3784
4002
|
"conditions": [
|
|
3785
4003
|
{
|
|
@@ -3796,6 +4014,9 @@
|
|
|
3796
4014
|
},
|
|
3797
4015
|
{
|
|
3798
4016
|
"address": "grpc.server.request.message"
|
|
4017
|
+
},
|
|
4018
|
+
{
|
|
4019
|
+
"address": "graphql.server.all_resolvers"
|
|
3799
4020
|
}
|
|
3800
4021
|
],
|
|
3801
4022
|
"regex": "(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)",
|
|
@@ -3817,7 +4038,9 @@
|
|
|
3817
4038
|
"tags": {
|
|
3818
4039
|
"type": "sql_injection",
|
|
3819
4040
|
"crs_id": "942360",
|
|
3820
|
-
"category": "attack_attempt"
|
|
4041
|
+
"category": "attack_attempt",
|
|
4042
|
+
"cwe": "89",
|
|
4043
|
+
"capec": "1000/152/248/66/470"
|
|
3821
4044
|
},
|
|
3822
4045
|
"conditions": [
|
|
3823
4046
|
{
|
|
@@ -3834,6 +4057,9 @@
|
|
|
3834
4057
|
},
|
|
3835
4058
|
{
|
|
3836
4059
|
"address": "grpc.server.request.message"
|
|
4060
|
+
},
|
|
4061
|
+
{
|
|
4062
|
+
"address": "graphql.server.all_resolvers"
|
|
3837
4063
|
}
|
|
3838
4064
|
],
|
|
3839
4065
|
"regex": "(?:^[\\W\\d]+\\s*?(?:alter\\s*(?:a(?:(?:pplication\\s*rol|ggregat)e|s(?:ymmetric\\s*ke|sembl)y|u(?:thorization|dit)|vailability\\s*group)|c(?:r(?:yptographic\\s*provider|edential)|o(?:l(?:latio|um)|nversio)n|ertificate|luster)|s(?:e(?:rv(?:ice|er)|curity|quence|ssion|arch)|y(?:mmetric\\s*key|nonym)|togroup|chema)|m(?:a(?:s(?:ter\\s*key|k)|terialized)|e(?:ssage\\s*type|thod)|odule)|l(?:o(?:g(?:file\\s*group|in)|ckdown)|a(?:ngua|r)ge|ibrary)|t(?:(?:abl(?:espac)?|yp)e|r(?:igger|usted)|hreshold|ext)|p(?:a(?:rtition|ckage)|ro(?:cedur|fil)e|ermission)|d(?:i(?:mension|skgroup)|atabase|efault|omain)|r(?:o(?:l(?:lback|e)|ute)|e(?:sourc|mot)e)|f(?:u(?:lltext|nction)|lashback|oreign)|e(?:xte(?:nsion|rnal)|(?:ndpoi|ve)nt)|in(?:dex(?:type)?|memory|stance)|b(?:roker\\s*priority|ufferpool)|x(?:ml\\s*schema|srobject)|w(?:ork(?:load)?|rapper)|hi(?:erarchy|stogram)|o(?:perator|utline)|(?:nicknam|queu)e|us(?:age|er)|group|java|view)|union\\s*(?:(?:distin|sele)ct|all))\\b|\\b(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\\s+(?:group_concat|load_file|char)\\b\\s*\\(?|[\\s(]load_file\\s*?\\(|[\\\"'`]\\s+regexp\\W)",
|
|
@@ -3852,7 +4078,9 @@
|
|
|
3852
4078
|
"tags": {
|
|
3853
4079
|
"type": "sql_injection",
|
|
3854
4080
|
"crs_id": "942500",
|
|
3855
|
-
"category": "attack_attempt"
|
|
4081
|
+
"category": "attack_attempt",
|
|
4082
|
+
"cwe": "89",
|
|
4083
|
+
"capec": "1000/152/248/66"
|
|
3856
4084
|
},
|
|
3857
4085
|
"conditions": [
|
|
3858
4086
|
{
|
|
@@ -3869,6 +4097,9 @@
|
|
|
3869
4097
|
},
|
|
3870
4098
|
{
|
|
3871
4099
|
"address": "grpc.server.request.message"
|
|
4100
|
+
},
|
|
4101
|
+
{
|
|
4102
|
+
"address": "graphql.server.all_resolvers"
|
|
3872
4103
|
}
|
|
3873
4104
|
],
|
|
3874
4105
|
"regex": "(?i:/\\*[!+](?:[\\w\\s=_\\-(?:)]+)?\\*/)",
|
|
@@ -3889,6 +4120,8 @@
|
|
|
3889
4120
|
"type": "http_protocol_violation",
|
|
3890
4121
|
"crs_id": "943100",
|
|
3891
4122
|
"category": "attack_attempt",
|
|
4123
|
+
"cwe": "384",
|
|
4124
|
+
"capec": "1000/225/21/593/61",
|
|
3892
4125
|
"confidence": "1"
|
|
3893
4126
|
},
|
|
3894
4127
|
"conditions": [
|
|
@@ -3903,6 +4136,12 @@
|
|
|
3903
4136
|
},
|
|
3904
4137
|
{
|
|
3905
4138
|
"address": "server.request.path_params"
|
|
4139
|
+
},
|
|
4140
|
+
{
|
|
4141
|
+
"address": "grpc.server.request.message"
|
|
4142
|
+
},
|
|
4143
|
+
{
|
|
4144
|
+
"address": "graphql.server.all_resolvers"
|
|
3906
4145
|
}
|
|
3907
4146
|
],
|
|
3908
4147
|
"regex": "(?i:\\.cookie\\b.*?;\\W*?(?:expires|domain)\\W*?=|\\bhttp-equiv\\W+set-cookie\\b)",
|
|
@@ -3923,6 +4162,8 @@
|
|
|
3923
4162
|
"type": "java_code_injection",
|
|
3924
4163
|
"crs_id": "944100",
|
|
3925
4164
|
"category": "attack_attempt",
|
|
4165
|
+
"cwe": "94",
|
|
4166
|
+
"capec": "1000/152/242",
|
|
3926
4167
|
"confidence": "1"
|
|
3927
4168
|
},
|
|
3928
4169
|
"conditions": [
|
|
@@ -3943,6 +4184,9 @@
|
|
|
3943
4184
|
},
|
|
3944
4185
|
{
|
|
3945
4186
|
"address": "grpc.server.request.message"
|
|
4187
|
+
},
|
|
4188
|
+
{
|
|
4189
|
+
"address": "graphql.server.all_resolvers"
|
|
3946
4190
|
}
|
|
3947
4191
|
],
|
|
3948
4192
|
"regex": "java\\.lang\\.(?:runtime|processbuilder)",
|
|
@@ -3964,7 +4208,9 @@
|
|
|
3964
4208
|
"tags": {
|
|
3965
4209
|
"type": "java_code_injection",
|
|
3966
4210
|
"crs_id": "944110",
|
|
3967
|
-
"category": "attack_attempt"
|
|
4211
|
+
"category": "attack_attempt",
|
|
4212
|
+
"cwe": "94",
|
|
4213
|
+
"capec": "1000/152/242"
|
|
3968
4214
|
},
|
|
3969
4215
|
"conditions": [
|
|
3970
4216
|
{
|
|
@@ -3984,6 +4230,9 @@
|
|
|
3984
4230
|
},
|
|
3985
4231
|
{
|
|
3986
4232
|
"address": "grpc.server.request.message"
|
|
4233
|
+
},
|
|
4234
|
+
{
|
|
4235
|
+
"address": "graphql.server.all_resolvers"
|
|
3987
4236
|
}
|
|
3988
4237
|
],
|
|
3989
4238
|
"regex": "(?:runtime|processbuilder)",
|
|
@@ -4011,6 +4260,9 @@
|
|
|
4011
4260
|
},
|
|
4012
4261
|
{
|
|
4013
4262
|
"address": "grpc.server.request.message"
|
|
4263
|
+
},
|
|
4264
|
+
{
|
|
4265
|
+
"address": "graphql.server.all_resolvers"
|
|
4014
4266
|
}
|
|
4015
4267
|
],
|
|
4016
4268
|
"regex": "(?:unmarshaller|base64data|java\\.)",
|
|
@@ -4032,7 +4284,9 @@
|
|
|
4032
4284
|
"tags": {
|
|
4033
4285
|
"type": "java_code_injection",
|
|
4034
4286
|
"crs_id": "944130",
|
|
4035
|
-
"category": "attack_attempt"
|
|
4287
|
+
"category": "attack_attempt",
|
|
4288
|
+
"cwe": "94",
|
|
4289
|
+
"capec": "1000/152/242"
|
|
4036
4290
|
},
|
|
4037
4291
|
"conditions": [
|
|
4038
4292
|
{
|
|
@@ -4052,6 +4306,9 @@
|
|
|
4052
4306
|
},
|
|
4053
4307
|
{
|
|
4054
4308
|
"address": "grpc.server.request.message"
|
|
4309
|
+
},
|
|
4310
|
+
{
|
|
4311
|
+
"address": "graphql.server.all_resolvers"
|
|
4055
4312
|
}
|
|
4056
4313
|
],
|
|
4057
4314
|
"list": [
|
|
@@ -4112,6 +4369,8 @@
|
|
|
4112
4369
|
"type": "java_code_injection",
|
|
4113
4370
|
"crs_id": "944260",
|
|
4114
4371
|
"category": "attack_attempt",
|
|
4372
|
+
"cwe": "94",
|
|
4373
|
+
"capec": "1000/152/242",
|
|
4115
4374
|
"confidence": "1"
|
|
4116
4375
|
},
|
|
4117
4376
|
"conditions": [
|
|
@@ -4132,6 +4391,9 @@
|
|
|
4132
4391
|
},
|
|
4133
4392
|
{
|
|
4134
4393
|
"address": "grpc.server.request.message"
|
|
4394
|
+
},
|
|
4395
|
+
{
|
|
4396
|
+
"address": "graphql.server.all_resolvers"
|
|
4135
4397
|
}
|
|
4136
4398
|
],
|
|
4137
4399
|
"regex": "(?:class\\.module\\.classLoader\\.resources\\.context\\.parent\\.pipeline|springframework\\.context\\.support\\.FileSystemXmlApplicationContext)",
|
|
@@ -4150,7 +4412,9 @@
|
|
|
4150
4412
|
"name": "Look for Cassandra injections",
|
|
4151
4413
|
"tags": {
|
|
4152
4414
|
"type": "nosql_injection",
|
|
4153
|
-
"category": "attack_attempt"
|
|
4415
|
+
"category": "attack_attempt",
|
|
4416
|
+
"cwe": "943",
|
|
4417
|
+
"capec": "1000/152/248/676"
|
|
4154
4418
|
},
|
|
4155
4419
|
"conditions": [
|
|
4156
4420
|
{
|
|
@@ -4165,6 +4429,12 @@
|
|
|
4165
4429
|
{
|
|
4166
4430
|
"address": "server.request.path_params"
|
|
4167
4431
|
},
|
|
4432
|
+
{
|
|
4433
|
+
"address": "grpc.server.request.message"
|
|
4434
|
+
},
|
|
4435
|
+
{
|
|
4436
|
+
"address": "graphql.server.all_resolvers"
|
|
4437
|
+
},
|
|
4168
4438
|
{
|
|
4169
4439
|
"address": "server.request.headers.no_cookies"
|
|
4170
4440
|
}
|
|
@@ -4183,7 +4453,9 @@
|
|
|
4183
4453
|
"name": "OGNL - Look for formatting injection patterns",
|
|
4184
4454
|
"tags": {
|
|
4185
4455
|
"type": "java_code_injection",
|
|
4186
|
-
"category": "attack_attempt"
|
|
4456
|
+
"category": "attack_attempt",
|
|
4457
|
+
"cwe": "94",
|
|
4458
|
+
"capec": "1000/152/242"
|
|
4187
4459
|
},
|
|
4188
4460
|
"conditions": [
|
|
4189
4461
|
{
|
|
@@ -4204,6 +4476,9 @@
|
|
|
4204
4476
|
},
|
|
4205
4477
|
{
|
|
4206
4478
|
"address": "grpc.server.request.message"
|
|
4479
|
+
},
|
|
4480
|
+
{
|
|
4481
|
+
"address": "graphql.server.all_resolvers"
|
|
4207
4482
|
}
|
|
4208
4483
|
],
|
|
4209
4484
|
"regex": "[#%$]{(?:[^}]+[^\\w\\s}\\-_][^}]+|\\d+-\\d+)}",
|
|
@@ -4221,6 +4496,8 @@
|
|
|
4221
4496
|
"tags": {
|
|
4222
4497
|
"type": "java_code_injection",
|
|
4223
4498
|
"category": "attack_attempt",
|
|
4499
|
+
"cwe": "94",
|
|
4500
|
+
"capec": "1000/152/242",
|
|
4224
4501
|
"confidence": "1"
|
|
4225
4502
|
},
|
|
4226
4503
|
"conditions": [
|
|
@@ -4242,6 +4519,9 @@
|
|
|
4242
4519
|
},
|
|
4243
4520
|
{
|
|
4244
4521
|
"address": "grpc.server.request.message"
|
|
4522
|
+
},
|
|
4523
|
+
{
|
|
4524
|
+
"address": "graphql.server.all_resolvers"
|
|
4245
4525
|
}
|
|
4246
4526
|
],
|
|
4247
4527
|
"regex": "[@#]ognl",
|
|
@@ -4259,6 +4539,8 @@
|
|
|
4259
4539
|
"tags": {
|
|
4260
4540
|
"type": "exploit_detection",
|
|
4261
4541
|
"category": "attack_attempt",
|
|
4542
|
+
"cwe": "94",
|
|
4543
|
+
"capec": "1000/152/242",
|
|
4262
4544
|
"confidence": "1"
|
|
4263
4545
|
},
|
|
4264
4546
|
"conditions": [
|
|
@@ -4287,6 +4569,8 @@
|
|
|
4287
4569
|
"tags": {
|
|
4288
4570
|
"type": "js_code_injection",
|
|
4289
4571
|
"category": "attack_attempt",
|
|
4572
|
+
"cwe": "1321",
|
|
4573
|
+
"capec": "1000/152/242",
|
|
4290
4574
|
"confidence": "1"
|
|
4291
4575
|
},
|
|
4292
4576
|
"conditions": [
|
|
@@ -4315,6 +4599,8 @@
|
|
|
4315
4599
|
"tags": {
|
|
4316
4600
|
"type": "js_code_injection",
|
|
4317
4601
|
"category": "attack_attempt",
|
|
4602
|
+
"cwe": "1321",
|
|
4603
|
+
"capec": "1000/152/242",
|
|
4318
4604
|
"confidence": "1"
|
|
4319
4605
|
},
|
|
4320
4606
|
"conditions": [
|
|
@@ -4357,6 +4643,8 @@
|
|
|
4357
4643
|
"tags": {
|
|
4358
4644
|
"type": "java_code_injection",
|
|
4359
4645
|
"category": "attack_attempt",
|
|
4646
|
+
"cwe": "1336",
|
|
4647
|
+
"capec": "1000/152/242/19",
|
|
4360
4648
|
"confidence": "1"
|
|
4361
4649
|
},
|
|
4362
4650
|
"conditions": [
|
|
@@ -4377,6 +4665,9 @@
|
|
|
4377
4665
|
},
|
|
4378
4666
|
{
|
|
4379
4667
|
"address": "grpc.server.request.message"
|
|
4668
|
+
},
|
|
4669
|
+
{
|
|
4670
|
+
"address": "graphql.server.all_resolvers"
|
|
4380
4671
|
}
|
|
4381
4672
|
],
|
|
4382
4673
|
"regex": "#(?:set|foreach|macro|parse|if)\\(.*\\)|<#assign.*>"
|
|
@@ -4390,9 +4681,11 @@
|
|
|
4390
4681
|
"id": "dog-913-001",
|
|
4391
4682
|
"name": "BurpCollaborator OOB domain",
|
|
4392
4683
|
"tags": {
|
|
4393
|
-
"type": "
|
|
4684
|
+
"type": "attack_tool",
|
|
4394
4685
|
"category": "attack_attempt",
|
|
4395
4686
|
"tool_name": "BurpCollaborator",
|
|
4687
|
+
"cwe": "200",
|
|
4688
|
+
"capec": "1000/118/169",
|
|
4396
4689
|
"confidence": "1"
|
|
4397
4690
|
},
|
|
4398
4691
|
"conditions": [
|
|
@@ -4413,6 +4706,9 @@
|
|
|
4413
4706
|
},
|
|
4414
4707
|
{
|
|
4415
4708
|
"address": "grpc.server.request.message"
|
|
4709
|
+
},
|
|
4710
|
+
{
|
|
4711
|
+
"address": "graphql.server.all_resolvers"
|
|
4416
4712
|
}
|
|
4417
4713
|
],
|
|
4418
4714
|
"regex": "\\b(?:burpcollaborator\\.net|oastify\\.com)\\b"
|
|
@@ -4429,6 +4725,8 @@
|
|
|
4429
4725
|
"type": "commercial_scanner",
|
|
4430
4726
|
"category": "attack_attempt",
|
|
4431
4727
|
"tool_name": "Qualys",
|
|
4728
|
+
"cwe": "200",
|
|
4729
|
+
"capec": "1000/118/169",
|
|
4432
4730
|
"confidence": "0"
|
|
4433
4731
|
},
|
|
4434
4732
|
"conditions": [
|
|
@@ -4449,6 +4747,9 @@
|
|
|
4449
4747
|
},
|
|
4450
4748
|
{
|
|
4451
4749
|
"address": "grpc.server.request.message"
|
|
4750
|
+
},
|
|
4751
|
+
{
|
|
4752
|
+
"address": "graphql.server.all_resolvers"
|
|
4452
4753
|
}
|
|
4453
4754
|
],
|
|
4454
4755
|
"regex": "\\bqualysperiscope\\.com\\b"
|
|
@@ -4465,6 +4766,8 @@
|
|
|
4465
4766
|
"type": "commercial_scanner",
|
|
4466
4767
|
"category": "attack_attempt",
|
|
4467
4768
|
"tool_name": "Probely",
|
|
4769
|
+
"cwe": "200",
|
|
4770
|
+
"capec": "1000/118/169",
|
|
4468
4771
|
"confidence": "0"
|
|
4469
4772
|
},
|
|
4470
4773
|
"conditions": [
|
|
@@ -4485,6 +4788,9 @@
|
|
|
4485
4788
|
},
|
|
4486
4789
|
{
|
|
4487
4790
|
"address": "grpc.server.request.message"
|
|
4791
|
+
},
|
|
4792
|
+
{
|
|
4793
|
+
"address": "graphql.server.all_resolvers"
|
|
4488
4794
|
}
|
|
4489
4795
|
],
|
|
4490
4796
|
"regex": "\\bprbly\\.win\\b"
|
|
@@ -4500,6 +4806,8 @@
|
|
|
4500
4806
|
"tags": {
|
|
4501
4807
|
"type": "security_scanner",
|
|
4502
4808
|
"category": "attack_attempt",
|
|
4809
|
+
"cwe": "200",
|
|
4810
|
+
"capec": "1000/118/169",
|
|
4503
4811
|
"confidence": "1"
|
|
4504
4812
|
},
|
|
4505
4813
|
"conditions": [
|
|
@@ -4520,6 +4828,9 @@
|
|
|
4520
4828
|
},
|
|
4521
4829
|
{
|
|
4522
4830
|
"address": "grpc.server.request.message"
|
|
4831
|
+
},
|
|
4832
|
+
{
|
|
4833
|
+
"address": "graphql.server.all_resolvers"
|
|
4523
4834
|
}
|
|
4524
4835
|
],
|
|
4525
4836
|
"regex": "\\b(?:webhook\\.site|\\.canarytokens\\.com|vii\\.one|act1on3\\.ru|gdsburp\\.com)\\b"
|
|
@@ -4535,6 +4846,8 @@
|
|
|
4535
4846
|
"tags": {
|
|
4536
4847
|
"type": "security_scanner",
|
|
4537
4848
|
"category": "attack_attempt",
|
|
4849
|
+
"cwe": "200",
|
|
4850
|
+
"capec": "1000/118/169",
|
|
4538
4851
|
"confidence": "0"
|
|
4539
4852
|
},
|
|
4540
4853
|
"conditions": [
|
|
@@ -4555,6 +4868,9 @@
|
|
|
4555
4868
|
},
|
|
4556
4869
|
{
|
|
4557
4870
|
"address": "grpc.server.request.message"
|
|
4871
|
+
},
|
|
4872
|
+
{
|
|
4873
|
+
"address": "graphql.server.all_resolvers"
|
|
4558
4874
|
}
|
|
4559
4875
|
],
|
|
4560
4876
|
"regex": "\\b(?:\\.ngrok\\.io|requestbin\\.com|requestbin\\.net)\\b"
|
|
@@ -4571,6 +4887,8 @@
|
|
|
4571
4887
|
"type": "commercial_scanner",
|
|
4572
4888
|
"category": "attack_attempt",
|
|
4573
4889
|
"tool_name": "Rapid7",
|
|
4890
|
+
"cwe": "200",
|
|
4891
|
+
"capec": "1000/118/169",
|
|
4574
4892
|
"confidence": "0"
|
|
4575
4893
|
},
|
|
4576
4894
|
"conditions": [
|
|
@@ -4591,6 +4909,9 @@
|
|
|
4591
4909
|
},
|
|
4592
4910
|
{
|
|
4593
4911
|
"address": "grpc.server.request.message"
|
|
4912
|
+
},
|
|
4913
|
+
{
|
|
4914
|
+
"address": "graphql.server.all_resolvers"
|
|
4594
4915
|
}
|
|
4595
4916
|
],
|
|
4596
4917
|
"regex": "\\bappspidered\\.rapid7\\."
|
|
@@ -4604,9 +4925,11 @@
|
|
|
4604
4925
|
"id": "dog-913-007",
|
|
4605
4926
|
"name": "Interact.sh OOB domain",
|
|
4606
4927
|
"tags": {
|
|
4607
|
-
"type": "
|
|
4928
|
+
"type": "attack_tool",
|
|
4608
4929
|
"category": "attack_attempt",
|
|
4609
4930
|
"tool_name": "interact.sh",
|
|
4931
|
+
"cwe": "200",
|
|
4932
|
+
"capec": "1000/118/169",
|
|
4610
4933
|
"confidence": "1"
|
|
4611
4934
|
},
|
|
4612
4935
|
"conditions": [
|
|
@@ -4627,6 +4950,9 @@
|
|
|
4627
4950
|
},
|
|
4628
4951
|
{
|
|
4629
4952
|
"address": "grpc.server.request.message"
|
|
4953
|
+
},
|
|
4954
|
+
{
|
|
4955
|
+
"address": "graphql.server.all_resolvers"
|
|
4630
4956
|
}
|
|
4631
4957
|
],
|
|
4632
4958
|
"regex": "\\b(?:interact\\.sh|oast\\.(?:pro|live|site|online|fun|me))\\b"
|
|
@@ -4636,12 +4962,59 @@
|
|
|
4636
4962
|
],
|
|
4637
4963
|
"transformers": []
|
|
4638
4964
|
},
|
|
4965
|
+
{
|
|
4966
|
+
"id": "dog-913-008",
|
|
4967
|
+
"name": "Netsparker OOB domain",
|
|
4968
|
+
"tags": {
|
|
4969
|
+
"type": "commercial_scanner",
|
|
4970
|
+
"category": "attack_attempt",
|
|
4971
|
+
"tool_name": "Netsparker",
|
|
4972
|
+
"cwe": "200",
|
|
4973
|
+
"capec": "1000/118/169",
|
|
4974
|
+
"confidence": "0"
|
|
4975
|
+
},
|
|
4976
|
+
"conditions": [
|
|
4977
|
+
{
|
|
4978
|
+
"parameters": {
|
|
4979
|
+
"inputs": [
|
|
4980
|
+
{
|
|
4981
|
+
"address": "server.request.query"
|
|
4982
|
+
},
|
|
4983
|
+
{
|
|
4984
|
+
"address": "server.request.body"
|
|
4985
|
+
},
|
|
4986
|
+
{
|
|
4987
|
+
"address": "server.request.path_params"
|
|
4988
|
+
},
|
|
4989
|
+
{
|
|
4990
|
+
"address": "server.request.headers.no_cookies"
|
|
4991
|
+
},
|
|
4992
|
+
{
|
|
4993
|
+
"address": "grpc.server.request.message"
|
|
4994
|
+
},
|
|
4995
|
+
{
|
|
4996
|
+
"address": "graphql.server.all_resolvers"
|
|
4997
|
+
}
|
|
4998
|
+
],
|
|
4999
|
+
"regex": "\\b(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)r87(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)(?:me|com)\\b",
|
|
5000
|
+
"options": {
|
|
5001
|
+
"case_sensitive": false,
|
|
5002
|
+
"min_length": 7
|
|
5003
|
+
}
|
|
5004
|
+
},
|
|
5005
|
+
"operator": "match_regex"
|
|
5006
|
+
}
|
|
5007
|
+
],
|
|
5008
|
+
"transformers": []
|
|
5009
|
+
},
|
|
4639
5010
|
{
|
|
4640
5011
|
"id": "dog-931-001",
|
|
4641
5012
|
"name": "RFI: URL Payload to well known RFI target",
|
|
4642
5013
|
"tags": {
|
|
4643
5014
|
"type": "rfi",
|
|
4644
5015
|
"category": "attack_attempt",
|
|
5016
|
+
"cwe": "98",
|
|
5017
|
+
"capec": "1000/152/175/253/193",
|
|
4645
5018
|
"confidence": "1"
|
|
4646
5019
|
},
|
|
4647
5020
|
"conditions": [
|
|
@@ -4656,6 +5029,12 @@
|
|
|
4656
5029
|
},
|
|
4657
5030
|
{
|
|
4658
5031
|
"address": "server.request.path_params"
|
|
5032
|
+
},
|
|
5033
|
+
{
|
|
5034
|
+
"address": "grpc.server.request.message"
|
|
5035
|
+
},
|
|
5036
|
+
{
|
|
5037
|
+
"address": "graphql.server.all_resolvers"
|
|
4659
5038
|
}
|
|
4660
5039
|
],
|
|
4661
5040
|
"regex": "^(?i:file|ftps?|https?).*/rfiinc\\.txt\\?+$",
|
|
@@ -4675,6 +5054,8 @@
|
|
|
4675
5054
|
"tags": {
|
|
4676
5055
|
"type": "xxe",
|
|
4677
5056
|
"category": "attack_attempt",
|
|
5057
|
+
"cwe": "91",
|
|
5058
|
+
"capec": "1000/152/248/250",
|
|
4678
5059
|
"confidence": "0"
|
|
4679
5060
|
},
|
|
4680
5061
|
"conditions": [
|
|
@@ -4686,6 +5067,9 @@
|
|
|
4686
5067
|
},
|
|
4687
5068
|
{
|
|
4688
5069
|
"address": "grpc.server.request.message"
|
|
5070
|
+
},
|
|
5071
|
+
{
|
|
5072
|
+
"address": "graphql.server.all_resolvers"
|
|
4689
5073
|
}
|
|
4690
5074
|
],
|
|
4691
5075
|
"regex": "(?:<\\?xml[^>]*>.*)<!ENTITY[^>]+SYSTEM\\s+[^>]+>",
|
|
@@ -4699,12 +5083,69 @@
|
|
|
4699
5083
|
],
|
|
4700
5084
|
"transformers": []
|
|
4701
5085
|
},
|
|
5086
|
+
{
|
|
5087
|
+
"id": "dog-941-001",
|
|
5088
|
+
"name": "XSS in source property",
|
|
5089
|
+
"tags": {
|
|
5090
|
+
"type": "xss",
|
|
5091
|
+
"category": "attack_attempt",
|
|
5092
|
+
"cwe": "83",
|
|
5093
|
+
"capec": "1000/152/242/63/591/243",
|
|
5094
|
+
"confidence": "0"
|
|
5095
|
+
},
|
|
5096
|
+
"conditions": [
|
|
5097
|
+
{
|
|
5098
|
+
"parameters": {
|
|
5099
|
+
"inputs": [
|
|
5100
|
+
{
|
|
5101
|
+
"address": "server.request.headers.no_cookies",
|
|
5102
|
+
"key_path": [
|
|
5103
|
+
"user-agent"
|
|
5104
|
+
]
|
|
5105
|
+
},
|
|
5106
|
+
{
|
|
5107
|
+
"address": "server.request.headers.no_cookies",
|
|
5108
|
+
"key_path": [
|
|
5109
|
+
"referer"
|
|
5110
|
+
]
|
|
5111
|
+
},
|
|
5112
|
+
{
|
|
5113
|
+
"address": "server.request.query"
|
|
5114
|
+
},
|
|
5115
|
+
{
|
|
5116
|
+
"address": "server.request.body"
|
|
5117
|
+
},
|
|
5118
|
+
{
|
|
5119
|
+
"address": "server.request.path_params"
|
|
5120
|
+
},
|
|
5121
|
+
{
|
|
5122
|
+
"address": "grpc.server.request.message"
|
|
5123
|
+
},
|
|
5124
|
+
{
|
|
5125
|
+
"address": "graphql.server.all_resolvers"
|
|
5126
|
+
}
|
|
5127
|
+
],
|
|
5128
|
+
"regex": "<(?:iframe|esi:include)(?:(?:\\s|/)*\\w+=[\"'\\w]+)*(?:\\s|/)*src(?:doc)?=[\"']?(?:data:|javascript:|http:|//)[^\\s'\"]+['\"]?",
|
|
5129
|
+
"options": {
|
|
5130
|
+
"min_length": 14
|
|
5131
|
+
}
|
|
5132
|
+
},
|
|
5133
|
+
"operator": "match_regex"
|
|
5134
|
+
}
|
|
5135
|
+
],
|
|
5136
|
+
"transformers": [
|
|
5137
|
+
"removeNulls",
|
|
5138
|
+
"urlDecodeUni"
|
|
5139
|
+
]
|
|
5140
|
+
},
|
|
4702
5141
|
{
|
|
4703
5142
|
"id": "dog-942-001",
|
|
4704
5143
|
"name": "Blind XSS callback domains",
|
|
4705
5144
|
"tags": {
|
|
4706
5145
|
"type": "xss",
|
|
4707
5146
|
"category": "attack_attempt",
|
|
5147
|
+
"cwe": "83",
|
|
5148
|
+
"capec": "1000/152/242/63/591/243",
|
|
4708
5149
|
"confidence": "1"
|
|
4709
5150
|
},
|
|
4710
5151
|
"conditions": [
|
|
@@ -4725,6 +5166,9 @@
|
|
|
4725
5166
|
},
|
|
4726
5167
|
{
|
|
4727
5168
|
"address": "grpc.server.request.message"
|
|
5169
|
+
},
|
|
5170
|
+
{
|
|
5171
|
+
"address": "graphql.server.all_resolvers"
|
|
4728
5172
|
}
|
|
4729
5173
|
],
|
|
4730
5174
|
"regex": "https?:\\/\\/(?:.*\\.)?(?:bxss\\.in|xss\\.ht|js\\.rip)",
|
|
@@ -4743,6 +5187,8 @@
|
|
|
4743
5187
|
"tags": {
|
|
4744
5188
|
"type": "security_scanner",
|
|
4745
5189
|
"category": "attack_attempt",
|
|
5190
|
+
"cwe": "200",
|
|
5191
|
+
"capec": "1000/118/169",
|
|
4746
5192
|
"confidence": "1"
|
|
4747
5193
|
},
|
|
4748
5194
|
"conditions": [
|
|
@@ -4978,6 +5424,8 @@
|
|
|
4978
5424
|
"tags": {
|
|
4979
5425
|
"type": "security_scanner",
|
|
4980
5426
|
"category": "attack_attempt",
|
|
5427
|
+
"cwe": "200",
|
|
5428
|
+
"capec": "1000/118/169",
|
|
4981
5429
|
"confidence": "1"
|
|
4982
5430
|
},
|
|
4983
5431
|
"conditions": [
|
|
@@ -5018,6 +5466,8 @@
|
|
|
5018
5466
|
"tags": {
|
|
5019
5467
|
"type": "security_scanner",
|
|
5020
5468
|
"category": "attack_attempt",
|
|
5469
|
+
"cwe": "200",
|
|
5470
|
+
"capec": "1000/118/169",
|
|
5021
5471
|
"confidence": "1"
|
|
5022
5472
|
},
|
|
5023
5473
|
"conditions": [
|
|
@@ -5058,6 +5508,8 @@
|
|
|
5058
5508
|
"tags": {
|
|
5059
5509
|
"type": "security_scanner",
|
|
5060
5510
|
"category": "attack_attempt",
|
|
5511
|
+
"cwe": "200",
|
|
5512
|
+
"capec": "1000/118/169",
|
|
5061
5513
|
"confidence": "1"
|
|
5062
5514
|
},
|
|
5063
5515
|
"conditions": [
|
|
@@ -5098,6 +5550,8 @@
|
|
|
5098
5550
|
"tags": {
|
|
5099
5551
|
"type": "security_scanner",
|
|
5100
5552
|
"category": "attack_attempt",
|
|
5553
|
+
"cwe": "200",
|
|
5554
|
+
"capec": "1000/118/169",
|
|
5101
5555
|
"confidence": "1"
|
|
5102
5556
|
},
|
|
5103
5557
|
"conditions": [
|
|
@@ -5138,6 +5592,8 @@
|
|
|
5138
5592
|
"tags": {
|
|
5139
5593
|
"type": "security_scanner",
|
|
5140
5594
|
"category": "attack_attempt",
|
|
5595
|
+
"cwe": "200",
|
|
5596
|
+
"capec": "1000/118/169",
|
|
5141
5597
|
"confidence": "1"
|
|
5142
5598
|
},
|
|
5143
5599
|
"conditions": [
|
|
@@ -5178,6 +5634,8 @@
|
|
|
5178
5634
|
"tags": {
|
|
5179
5635
|
"type": "security_scanner",
|
|
5180
5636
|
"category": "attack_attempt",
|
|
5637
|
+
"cwe": "200",
|
|
5638
|
+
"capec": "1000/118/169",
|
|
5181
5639
|
"confidence": "1"
|
|
5182
5640
|
},
|
|
5183
5641
|
"conditions": [
|
|
@@ -5218,6 +5676,8 @@
|
|
|
5218
5676
|
"tags": {
|
|
5219
5677
|
"type": "security_scanner",
|
|
5220
5678
|
"category": "attack_attempt",
|
|
5679
|
+
"cwe": "200",
|
|
5680
|
+
"capec": "1000/118/169",
|
|
5221
5681
|
"confidence": "1"
|
|
5222
5682
|
},
|
|
5223
5683
|
"conditions": [
|
|
@@ -5258,6 +5718,8 @@
|
|
|
5258
5718
|
"tags": {
|
|
5259
5719
|
"type": "security_scanner",
|
|
5260
5720
|
"category": "attack_attempt",
|
|
5721
|
+
"cwe": "200",
|
|
5722
|
+
"capec": "1000/118/169",
|
|
5261
5723
|
"confidence": "1"
|
|
5262
5724
|
},
|
|
5263
5725
|
"conditions": [
|
|
@@ -5298,6 +5760,8 @@
|
|
|
5298
5760
|
"tags": {
|
|
5299
5761
|
"type": "ssrf",
|
|
5300
5762
|
"category": "attack_attempt",
|
|
5763
|
+
"cwe": "918",
|
|
5764
|
+
"capec": "1000/225/115/664",
|
|
5301
5765
|
"confidence": "1"
|
|
5302
5766
|
},
|
|
5303
5767
|
"conditions": [
|
|
@@ -5315,6 +5779,9 @@
|
|
|
5315
5779
|
},
|
|
5316
5780
|
{
|
|
5317
5781
|
"address": "grpc.server.request.message"
|
|
5782
|
+
},
|
|
5783
|
+
{
|
|
5784
|
+
"address": "graphql.server.all_resolvers"
|
|
5318
5785
|
}
|
|
5319
5786
|
],
|
|
5320
5787
|
"regex": "(?i)^\\W*((http|ftp)s?://)?\\W*((::f{4}:)?(169|(0x)?0*a9|0+251)\\.?(254|(0x)?0*fe|0+376)[0-9a-fx\\.:]+|metadata\\.google\\.internal|metadata\\.goog)\\W*/",
|
|
@@ -5334,7 +5801,9 @@
|
|
|
5334
5801
|
"name": "Server-side Javascript injection: Try to detect obvious JS injection",
|
|
5335
5802
|
"tags": {
|
|
5336
5803
|
"type": "js_code_injection",
|
|
5337
|
-
"category": "attack_attempt"
|
|
5804
|
+
"category": "attack_attempt",
|
|
5805
|
+
"cwe": "94",
|
|
5806
|
+
"capec": "1000/152/242"
|
|
5338
5807
|
},
|
|
5339
5808
|
"conditions": [
|
|
5340
5809
|
{
|
|
@@ -5351,6 +5820,9 @@
|
|
|
5351
5820
|
},
|
|
5352
5821
|
{
|
|
5353
5822
|
"address": "grpc.server.request.message"
|
|
5823
|
+
},
|
|
5824
|
+
{
|
|
5825
|
+
"address": "graphql.server.all_resolvers"
|
|
5354
5826
|
}
|
|
5355
5827
|
],
|
|
5356
5828
|
"regex": "require\\(['\"][\\w\\.]+['\"]\\)|process\\.\\w+\\([\\w\\.]*\\)|\\.toString\\(\\)",
|
|
@@ -5371,6 +5843,8 @@
|
|
|
5371
5843
|
"tags": {
|
|
5372
5844
|
"type": "command_injection",
|
|
5373
5845
|
"category": "attack_attempt",
|
|
5846
|
+
"cwe": "78",
|
|
5847
|
+
"capec": "1000/152/248/88",
|
|
5374
5848
|
"confidence": "1"
|
|
5375
5849
|
},
|
|
5376
5850
|
"conditions": [
|
|
@@ -5391,6 +5865,9 @@
|
|
|
5391
5865
|
},
|
|
5392
5866
|
{
|
|
5393
5867
|
"address": "grpc.server.request.message"
|
|
5868
|
+
},
|
|
5869
|
+
{
|
|
5870
|
+
"address": "graphql.server.all_resolvers"
|
|
5394
5871
|
}
|
|
5395
5872
|
],
|
|
5396
5873
|
"regex": "(?i)[&|]\\s*type\\s+%\\w+%\\\\+\\w+\\.ini\\s*[&|]"
|
|
@@ -5406,6 +5883,8 @@
|
|
|
5406
5883
|
"tags": {
|
|
5407
5884
|
"type": "command_injection",
|
|
5408
5885
|
"category": "attack_attempt",
|
|
5886
|
+
"cwe": "78",
|
|
5887
|
+
"capec": "1000/152/248/88",
|
|
5409
5888
|
"confidence": "1"
|
|
5410
5889
|
},
|
|
5411
5890
|
"conditions": [
|
|
@@ -5426,14 +5905,19 @@
|
|
|
5426
5905
|
},
|
|
5427
5906
|
{
|
|
5428
5907
|
"address": "grpc.server.request.message"
|
|
5908
|
+
},
|
|
5909
|
+
{
|
|
5910
|
+
"address": "graphql.server.all_resolvers"
|
|
5429
5911
|
}
|
|
5430
5912
|
],
|
|
5431
|
-
"regex": "(?i)[&|]\\s*cat\\s
|
|
5913
|
+
"regex": "(?i)[&|]\\s*cat\\s*\\/etc\\/[\\w\\.\\/]*passwd\\s*[&|]"
|
|
5432
5914
|
},
|
|
5433
5915
|
"operator": "match_regex"
|
|
5434
5916
|
}
|
|
5435
5917
|
],
|
|
5436
|
-
"transformers": [
|
|
5918
|
+
"transformers": [
|
|
5919
|
+
"cmdLine"
|
|
5920
|
+
]
|
|
5437
5921
|
},
|
|
5438
5922
|
{
|
|
5439
5923
|
"id": "sqr-000-010",
|
|
@@ -5441,6 +5925,8 @@
|
|
|
5441
5925
|
"tags": {
|
|
5442
5926
|
"type": "command_injection",
|
|
5443
5927
|
"category": "attack_attempt",
|
|
5928
|
+
"cwe": "78",
|
|
5929
|
+
"capec": "1000/152/248/88",
|
|
5444
5930
|
"confidence": "1"
|
|
5445
5931
|
},
|
|
5446
5932
|
"conditions": [
|
|
@@ -5461,6 +5947,9 @@
|
|
|
5461
5947
|
},
|
|
5462
5948
|
{
|
|
5463
5949
|
"address": "grpc.server.request.message"
|
|
5950
|
+
},
|
|
5951
|
+
{
|
|
5952
|
+
"address": "graphql.server.all_resolvers"
|
|
5464
5953
|
}
|
|
5465
5954
|
],
|
|
5466
5955
|
"regex": "(?i)[&|]\\s*timeout\\s+/t\\s+\\d+\\s*[&|]"
|
|
@@ -5476,6 +5965,8 @@
|
|
|
5476
5965
|
"tags": {
|
|
5477
5966
|
"type": "ssrf",
|
|
5478
5967
|
"category": "attack_attempt",
|
|
5968
|
+
"cwe": "918",
|
|
5969
|
+
"capec": "1000/225/115/664",
|
|
5479
5970
|
"confidence": "1"
|
|
5480
5971
|
},
|
|
5481
5972
|
"conditions": [
|
|
@@ -5493,6 +5984,9 @@
|
|
|
5493
5984
|
},
|
|
5494
5985
|
{
|
|
5495
5986
|
"address": "grpc.server.request.message"
|
|
5987
|
+
},
|
|
5988
|
+
{
|
|
5989
|
+
"address": "graphql.server.all_resolvers"
|
|
5496
5990
|
}
|
|
5497
5991
|
],
|
|
5498
5992
|
"regex": "http(s?):\\/\\/([A-Za-z0-9\\.\\-\\_]+|\\[[A-Fa-f0-9\\:]+\\]|):5986\\/wsman",
|
|
@@ -5511,6 +6005,8 @@
|
|
|
5511
6005
|
"tags": {
|
|
5512
6006
|
"type": "ssrf",
|
|
5513
6007
|
"category": "attack_attempt",
|
|
6008
|
+
"cwe": "918",
|
|
6009
|
+
"capec": "1000/225/115/664",
|
|
5514
6010
|
"confidence": "0"
|
|
5515
6011
|
},
|
|
5516
6012
|
"conditions": [
|
|
@@ -5528,6 +6024,9 @@
|
|
|
5528
6024
|
},
|
|
5529
6025
|
{
|
|
5530
6026
|
"address": "grpc.server.request.message"
|
|
6027
|
+
},
|
|
6028
|
+
{
|
|
6029
|
+
"address": "graphql.server.all_resolvers"
|
|
5531
6030
|
}
|
|
5532
6031
|
],
|
|
5533
6032
|
"regex": "^(jar:)?(http|https):\\/\\/([0-9oq]{1,5}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|[0-9]{1,10})(:[0-9]{1,5})?(\\/[^:@]*)?$"
|
|
@@ -5545,6 +6044,8 @@
|
|
|
5545
6044
|
"tags": {
|
|
5546
6045
|
"type": "ssrf",
|
|
5547
6046
|
"category": "attack_attempt",
|
|
6047
|
+
"cwe": "918",
|
|
6048
|
+
"capec": "1000/225/115/664",
|
|
5548
6049
|
"confidence": "0"
|
|
5549
6050
|
},
|
|
5550
6051
|
"conditions": [
|
|
@@ -5562,6 +6063,9 @@
|
|
|
5562
6063
|
},
|
|
5563
6064
|
{
|
|
5564
6065
|
"address": "grpc.server.request.message"
|
|
6066
|
+
},
|
|
6067
|
+
{
|
|
6068
|
+
"address": "graphql.server.all_resolvers"
|
|
5565
6069
|
}
|
|
5566
6070
|
],
|
|
5567
6071
|
"regex": "^(jar:)?(http|https):\\/\\/((\\[)?[:0-9a-f\\.x]{2,}(\\])?)(:[0-9]{1,5})?(\\/[^:@]*)?$"
|
|
@@ -5579,6 +6083,8 @@
|
|
|
5579
6083
|
"tags": {
|
|
5580
6084
|
"type": "ssrf",
|
|
5581
6085
|
"category": "attack_attempt",
|
|
6086
|
+
"cwe": "918",
|
|
6087
|
+
"capec": "1000/225/115/664",
|
|
5582
6088
|
"confidence": "1"
|
|
5583
6089
|
},
|
|
5584
6090
|
"conditions": [
|
|
@@ -5599,6 +6105,9 @@
|
|
|
5599
6105
|
},
|
|
5600
6106
|
{
|
|
5601
6107
|
"address": "grpc.server.request.message"
|
|
6108
|
+
},
|
|
6109
|
+
{
|
|
6110
|
+
"address": "graphql.server.all_resolvers"
|
|
5602
6111
|
}
|
|
5603
6112
|
],
|
|
5604
6113
|
"regex": "(http|https):\\/\\/(?:.*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click|prbly\\.win|qualysperiscope\\.com|vii.one|act1on3.ru)"
|
|
@@ -5614,6 +6123,8 @@
|
|
|
5614
6123
|
"tags": {
|
|
5615
6124
|
"type": "ssrf",
|
|
5616
6125
|
"category": "attack_attempt",
|
|
6126
|
+
"cwe": "918",
|
|
6127
|
+
"capec": "1000/225/115/664",
|
|
5617
6128
|
"confidence": "0"
|
|
5618
6129
|
},
|
|
5619
6130
|
"conditions": [
|
|
@@ -5634,6 +6145,9 @@
|
|
|
5634
6145
|
},
|
|
5635
6146
|
{
|
|
5636
6147
|
"address": "grpc.server.request.message"
|
|
6148
|
+
},
|
|
6149
|
+
{
|
|
6150
|
+
"address": "graphql.server.all_resolvers"
|
|
5637
6151
|
}
|
|
5638
6152
|
],
|
|
5639
6153
|
"regex": "^(jar:)?((file|netdoc):\\/\\/[\\\\\\/]+|(dict|gopher|ldap|sftp|tftp):\\/\\/.*:[0-9]{1,5})"
|
|
@@ -5651,6 +6165,8 @@
|
|
|
5651
6165
|
"tags": {
|
|
5652
6166
|
"type": "exploit_detection",
|
|
5653
6167
|
"category": "attack_attempt",
|
|
6168
|
+
"cwe": "94",
|
|
6169
|
+
"capec": "1000/152/242",
|
|
5654
6170
|
"confidence": "1"
|
|
5655
6171
|
},
|
|
5656
6172
|
"conditions": [
|
|
@@ -5674,6 +6190,9 @@
|
|
|
5674
6190
|
},
|
|
5675
6191
|
{
|
|
5676
6192
|
"address": "grpc.server.request.message"
|
|
6193
|
+
},
|
|
6194
|
+
{
|
|
6195
|
+
"address": "graphql.server.all_resolvers"
|
|
5677
6196
|
}
|
|
5678
6197
|
],
|
|
5679
6198
|
"regex": "\\${[^j]*j[^n]*n[^d]*d[^i]*i[^:]*:[^}]*}"
|
|
@@ -5689,8 +6208,10 @@
|
|
|
5689
6208
|
"id": "ua0-600-0xx",
|
|
5690
6209
|
"name": "Joomla exploitation tool",
|
|
5691
6210
|
"tags": {
|
|
5692
|
-
"type": "
|
|
6211
|
+
"type": "attack_tool",
|
|
5693
6212
|
"category": "attack_attempt",
|
|
6213
|
+
"cwe": "200",
|
|
6214
|
+
"capec": "1000/118/169",
|
|
5694
6215
|
"tool_name": "Joomla exploitation tool",
|
|
5695
6216
|
"confidence": "1"
|
|
5696
6217
|
},
|
|
@@ -5716,8 +6237,10 @@
|
|
|
5716
6237
|
"id": "ua0-600-10x",
|
|
5717
6238
|
"name": "Nessus",
|
|
5718
6239
|
"tags": {
|
|
5719
|
-
"type": "
|
|
6240
|
+
"type": "attack_tool",
|
|
5720
6241
|
"category": "attack_attempt",
|
|
6242
|
+
"cwe": "200",
|
|
6243
|
+
"capec": "1000/118/169",
|
|
5721
6244
|
"tool_name": "Nessus",
|
|
5722
6245
|
"confidence": "1"
|
|
5723
6246
|
},
|
|
@@ -5743,8 +6266,10 @@
|
|
|
5743
6266
|
"id": "ua0-600-12x",
|
|
5744
6267
|
"name": "Arachni",
|
|
5745
6268
|
"tags": {
|
|
5746
|
-
"type": "
|
|
6269
|
+
"type": "attack_tool",
|
|
5747
6270
|
"category": "attack_attempt",
|
|
6271
|
+
"cwe": "200",
|
|
6272
|
+
"capec": "1000/118/169",
|
|
5748
6273
|
"tool_name": "Arachni",
|
|
5749
6274
|
"confidence": "1"
|
|
5750
6275
|
},
|
|
@@ -5770,8 +6295,10 @@
|
|
|
5770
6295
|
"id": "ua0-600-13x",
|
|
5771
6296
|
"name": "Jorgee",
|
|
5772
6297
|
"tags": {
|
|
5773
|
-
"type": "
|
|
6298
|
+
"type": "attack_tool",
|
|
5774
6299
|
"category": "attack_attempt",
|
|
6300
|
+
"cwe": "200",
|
|
6301
|
+
"capec": "1000/118/169",
|
|
5775
6302
|
"tool_name": "Jorgee",
|
|
5776
6303
|
"confidence": "1"
|
|
5777
6304
|
},
|
|
@@ -5799,6 +6326,8 @@
|
|
|
5799
6326
|
"tags": {
|
|
5800
6327
|
"type": "commercial_scanner",
|
|
5801
6328
|
"category": "attack_attempt",
|
|
6329
|
+
"cwe": "200",
|
|
6330
|
+
"capec": "1000/118/169",
|
|
5802
6331
|
"tool_name": "Probely",
|
|
5803
6332
|
"confidence": "0"
|
|
5804
6333
|
},
|
|
@@ -5824,8 +6353,10 @@
|
|
|
5824
6353
|
"id": "ua0-600-15x",
|
|
5825
6354
|
"name": "Metis",
|
|
5826
6355
|
"tags": {
|
|
5827
|
-
"type": "
|
|
6356
|
+
"type": "attack_tool",
|
|
5828
6357
|
"category": "attack_attempt",
|
|
6358
|
+
"cwe": "200",
|
|
6359
|
+
"capec": "1000/118/169",
|
|
5829
6360
|
"tool_name": "Metis",
|
|
5830
6361
|
"confidence": "1"
|
|
5831
6362
|
},
|
|
@@ -5851,8 +6382,10 @@
|
|
|
5851
6382
|
"id": "ua0-600-16x",
|
|
5852
6383
|
"name": "SQL power injector",
|
|
5853
6384
|
"tags": {
|
|
5854
|
-
"type": "
|
|
6385
|
+
"type": "attack_tool",
|
|
5855
6386
|
"category": "attack_attempt",
|
|
6387
|
+
"cwe": "200",
|
|
6388
|
+
"capec": "1000/118/169",
|
|
5856
6389
|
"tool_name": "SQLPowerInjector",
|
|
5857
6390
|
"confidence": "1"
|
|
5858
6391
|
},
|
|
@@ -5878,8 +6411,10 @@
|
|
|
5878
6411
|
"id": "ua0-600-18x",
|
|
5879
6412
|
"name": "N-Stealth",
|
|
5880
6413
|
"tags": {
|
|
5881
|
-
"type": "
|
|
6414
|
+
"type": "attack_tool",
|
|
5882
6415
|
"category": "attack_attempt",
|
|
6416
|
+
"cwe": "200",
|
|
6417
|
+
"capec": "1000/118/169",
|
|
5883
6418
|
"tool_name": "N-Stealth",
|
|
5884
6419
|
"confidence": "1"
|
|
5885
6420
|
},
|
|
@@ -5905,8 +6440,10 @@
|
|
|
5905
6440
|
"id": "ua0-600-19x",
|
|
5906
6441
|
"name": "Brutus",
|
|
5907
6442
|
"tags": {
|
|
5908
|
-
"type": "
|
|
6443
|
+
"type": "attack_tool",
|
|
5909
6444
|
"category": "attack_attempt",
|
|
6445
|
+
"cwe": "200",
|
|
6446
|
+
"capec": "1000/118/169",
|
|
5910
6447
|
"tool_name": "Brutus",
|
|
5911
6448
|
"confidence": "1"
|
|
5912
6449
|
},
|
|
@@ -5934,7 +6471,8 @@
|
|
|
5934
6471
|
"tags": {
|
|
5935
6472
|
"type": "security_scanner",
|
|
5936
6473
|
"category": "attack_attempt",
|
|
5937
|
-
"
|
|
6474
|
+
"cwe": "200",
|
|
6475
|
+
"capec": "1000/118/169",
|
|
5938
6476
|
"confidence": "1"
|
|
5939
6477
|
},
|
|
5940
6478
|
"conditions": [
|
|
@@ -5961,6 +6499,8 @@
|
|
|
5961
6499
|
"tags": {
|
|
5962
6500
|
"type": "commercial_scanner",
|
|
5963
6501
|
"category": "attack_attempt",
|
|
6502
|
+
"cwe": "200",
|
|
6503
|
+
"capec": "1000/118/169",
|
|
5964
6504
|
"tool_name": "Netsparker",
|
|
5965
6505
|
"confidence": "0"
|
|
5966
6506
|
},
|
|
@@ -5986,8 +6526,10 @@
|
|
|
5986
6526
|
"id": "ua0-600-22x",
|
|
5987
6527
|
"name": "JAASCois",
|
|
5988
6528
|
"tags": {
|
|
5989
|
-
"type": "
|
|
6529
|
+
"type": "attack_tool",
|
|
5990
6530
|
"category": "attack_attempt",
|
|
6531
|
+
"cwe": "200",
|
|
6532
|
+
"capec": "1000/118/169",
|
|
5991
6533
|
"tool_name": "JAASCois",
|
|
5992
6534
|
"confidence": "1"
|
|
5993
6535
|
},
|
|
@@ -6013,8 +6555,10 @@
|
|
|
6013
6555
|
"id": "ua0-600-26x",
|
|
6014
6556
|
"name": "Nsauditor",
|
|
6015
6557
|
"tags": {
|
|
6016
|
-
"type": "
|
|
6558
|
+
"type": "attack_tool",
|
|
6017
6559
|
"category": "attack_attempt",
|
|
6560
|
+
"cwe": "200",
|
|
6561
|
+
"capec": "1000/118/169",
|
|
6018
6562
|
"tool_name": "Nsauditor",
|
|
6019
6563
|
"confidence": "1"
|
|
6020
6564
|
},
|
|
@@ -6040,8 +6584,10 @@
|
|
|
6040
6584
|
"id": "ua0-600-27x",
|
|
6041
6585
|
"name": "Paros",
|
|
6042
6586
|
"tags": {
|
|
6043
|
-
"type": "
|
|
6587
|
+
"type": "attack_tool",
|
|
6044
6588
|
"category": "attack_attempt",
|
|
6589
|
+
"cwe": "200",
|
|
6590
|
+
"capec": "1000/118/169",
|
|
6045
6591
|
"tool_name": "Paros",
|
|
6046
6592
|
"confidence": "1"
|
|
6047
6593
|
},
|
|
@@ -6067,8 +6613,10 @@
|
|
|
6067
6613
|
"id": "ua0-600-28x",
|
|
6068
6614
|
"name": "DirBuster",
|
|
6069
6615
|
"tags": {
|
|
6070
|
-
"type": "
|
|
6616
|
+
"type": "attack_tool",
|
|
6071
6617
|
"category": "attack_attempt",
|
|
6618
|
+
"cwe": "200",
|
|
6619
|
+
"capec": "1000/118/169",
|
|
6072
6620
|
"tool_name": "DirBuster",
|
|
6073
6621
|
"confidence": "1"
|
|
6074
6622
|
},
|
|
@@ -6094,8 +6642,10 @@
|
|
|
6094
6642
|
"id": "ua0-600-29x",
|
|
6095
6643
|
"name": "Pangolin",
|
|
6096
6644
|
"tags": {
|
|
6097
|
-
"type": "
|
|
6645
|
+
"type": "attack_tool",
|
|
6098
6646
|
"category": "attack_attempt",
|
|
6647
|
+
"cwe": "200",
|
|
6648
|
+
"capec": "1000/118/169",
|
|
6099
6649
|
"tool_name": "Pangolin",
|
|
6100
6650
|
"confidence": "1"
|
|
6101
6651
|
},
|
|
@@ -6123,6 +6673,8 @@
|
|
|
6123
6673
|
"tags": {
|
|
6124
6674
|
"type": "commercial_scanner",
|
|
6125
6675
|
"category": "attack_attempt",
|
|
6676
|
+
"cwe": "200",
|
|
6677
|
+
"capec": "1000/118/169",
|
|
6126
6678
|
"tool_name": "Qualys",
|
|
6127
6679
|
"confidence": "0"
|
|
6128
6680
|
},
|
|
@@ -6148,8 +6700,10 @@
|
|
|
6148
6700
|
"id": "ua0-600-30x",
|
|
6149
6701
|
"name": "SQLNinja",
|
|
6150
6702
|
"tags": {
|
|
6151
|
-
"type": "
|
|
6703
|
+
"type": "attack_tool",
|
|
6152
6704
|
"category": "attack_attempt",
|
|
6705
|
+
"cwe": "200",
|
|
6706
|
+
"capec": "1000/118/169",
|
|
6153
6707
|
"tool_name": "SQLNinja",
|
|
6154
6708
|
"confidence": "1"
|
|
6155
6709
|
},
|
|
@@ -6175,8 +6729,10 @@
|
|
|
6175
6729
|
"id": "ua0-600-31x",
|
|
6176
6730
|
"name": "Nikto",
|
|
6177
6731
|
"tags": {
|
|
6178
|
-
"type": "
|
|
6732
|
+
"type": "attack_tool",
|
|
6179
6733
|
"category": "attack_attempt",
|
|
6734
|
+
"cwe": "200",
|
|
6735
|
+
"capec": "1000/118/169",
|
|
6180
6736
|
"tool_name": "Nikto",
|
|
6181
6737
|
"confidence": "1"
|
|
6182
6738
|
},
|
|
@@ -6202,8 +6758,10 @@
|
|
|
6202
6758
|
"id": "ua0-600-33x",
|
|
6203
6759
|
"name": "BlackWidow",
|
|
6204
6760
|
"tags": {
|
|
6205
|
-
"type": "
|
|
6761
|
+
"type": "attack_tool",
|
|
6206
6762
|
"category": "attack_attempt",
|
|
6763
|
+
"cwe": "200",
|
|
6764
|
+
"capec": "1000/118/169",
|
|
6207
6765
|
"tool_name": "BlackWidow",
|
|
6208
6766
|
"confidence": "1"
|
|
6209
6767
|
},
|
|
@@ -6229,8 +6787,10 @@
|
|
|
6229
6787
|
"id": "ua0-600-34x",
|
|
6230
6788
|
"name": "Grendel-Scan",
|
|
6231
6789
|
"tags": {
|
|
6232
|
-
"type": "
|
|
6790
|
+
"type": "attack_tool",
|
|
6233
6791
|
"category": "attack_attempt",
|
|
6792
|
+
"cwe": "200",
|
|
6793
|
+
"capec": "1000/118/169",
|
|
6234
6794
|
"tool_name": "Grendel-Scan",
|
|
6235
6795
|
"confidence": "1"
|
|
6236
6796
|
},
|
|
@@ -6256,8 +6816,10 @@
|
|
|
6256
6816
|
"id": "ua0-600-35x",
|
|
6257
6817
|
"name": "Havij",
|
|
6258
6818
|
"tags": {
|
|
6259
|
-
"type": "
|
|
6819
|
+
"type": "attack_tool",
|
|
6260
6820
|
"category": "attack_attempt",
|
|
6821
|
+
"cwe": "200",
|
|
6822
|
+
"capec": "1000/118/169",
|
|
6261
6823
|
"tool_name": "Havij",
|
|
6262
6824
|
"confidence": "1"
|
|
6263
6825
|
},
|
|
@@ -6283,8 +6845,10 @@
|
|
|
6283
6845
|
"id": "ua0-600-36x",
|
|
6284
6846
|
"name": "w3af",
|
|
6285
6847
|
"tags": {
|
|
6286
|
-
"type": "
|
|
6848
|
+
"type": "attack_tool",
|
|
6287
6849
|
"category": "attack_attempt",
|
|
6850
|
+
"cwe": "200",
|
|
6851
|
+
"capec": "1000/118/169",
|
|
6288
6852
|
"tool_name": "w3af",
|
|
6289
6853
|
"confidence": "1"
|
|
6290
6854
|
},
|
|
@@ -6310,8 +6874,10 @@
|
|
|
6310
6874
|
"id": "ua0-600-37x",
|
|
6311
6875
|
"name": "Nmap",
|
|
6312
6876
|
"tags": {
|
|
6313
|
-
"type": "
|
|
6877
|
+
"type": "attack_tool",
|
|
6314
6878
|
"category": "attack_attempt",
|
|
6879
|
+
"cwe": "200",
|
|
6880
|
+
"capec": "1000/118/169",
|
|
6315
6881
|
"tool_name": "Nmap",
|
|
6316
6882
|
"confidence": "1"
|
|
6317
6883
|
},
|
|
@@ -6337,8 +6903,10 @@
|
|
|
6337
6903
|
"id": "ua0-600-39x",
|
|
6338
6904
|
"name": "Nessus Scripted",
|
|
6339
6905
|
"tags": {
|
|
6340
|
-
"type": "
|
|
6906
|
+
"type": "attack_tool",
|
|
6341
6907
|
"category": "attack_attempt",
|
|
6908
|
+
"cwe": "200",
|
|
6909
|
+
"capec": "1000/118/169",
|
|
6342
6910
|
"tool_name": "Nessus",
|
|
6343
6911
|
"confidence": "1"
|
|
6344
6912
|
},
|
|
@@ -6364,8 +6932,10 @@
|
|
|
6364
6932
|
"id": "ua0-600-3xx",
|
|
6365
6933
|
"name": "Evil Scanner",
|
|
6366
6934
|
"tags": {
|
|
6367
|
-
"type": "
|
|
6935
|
+
"type": "attack_tool",
|
|
6368
6936
|
"category": "attack_attempt",
|
|
6937
|
+
"cwe": "200",
|
|
6938
|
+
"capec": "1000/118/169",
|
|
6369
6939
|
"tool_name": "EvilScanner",
|
|
6370
6940
|
"confidence": "1"
|
|
6371
6941
|
},
|
|
@@ -6391,8 +6961,10 @@
|
|
|
6391
6961
|
"id": "ua0-600-40x",
|
|
6392
6962
|
"name": "WebFuck",
|
|
6393
6963
|
"tags": {
|
|
6394
|
-
"type": "
|
|
6964
|
+
"type": "attack_tool",
|
|
6395
6965
|
"category": "attack_attempt",
|
|
6966
|
+
"cwe": "200",
|
|
6967
|
+
"capec": "1000/118/169",
|
|
6396
6968
|
"tool_name": "WebFuck",
|
|
6397
6969
|
"confidence": "1"
|
|
6398
6970
|
},
|
|
@@ -6418,8 +6990,10 @@
|
|
|
6418
6990
|
"id": "ua0-600-42x",
|
|
6419
6991
|
"name": "OpenVAS",
|
|
6420
6992
|
"tags": {
|
|
6421
|
-
"type": "
|
|
6993
|
+
"type": "attack_tool",
|
|
6422
6994
|
"category": "attack_attempt",
|
|
6995
|
+
"cwe": "200",
|
|
6996
|
+
"capec": "1000/118/169",
|
|
6423
6997
|
"tool_name": "OpenVAS",
|
|
6424
6998
|
"confidence": "1"
|
|
6425
6999
|
},
|
|
@@ -6445,8 +7019,10 @@
|
|
|
6445
7019
|
"id": "ua0-600-43x",
|
|
6446
7020
|
"name": "Spider-Pig",
|
|
6447
7021
|
"tags": {
|
|
6448
|
-
"type": "
|
|
7022
|
+
"type": "attack_tool",
|
|
6449
7023
|
"category": "attack_attempt",
|
|
7024
|
+
"cwe": "200",
|
|
7025
|
+
"capec": "1000/118/169",
|
|
6450
7026
|
"tool_name": "Spider-Pig",
|
|
6451
7027
|
"confidence": "1"
|
|
6452
7028
|
},
|
|
@@ -6472,8 +7048,10 @@
|
|
|
6472
7048
|
"id": "ua0-600-44x",
|
|
6473
7049
|
"name": "Zgrab",
|
|
6474
7050
|
"tags": {
|
|
6475
|
-
"type": "
|
|
7051
|
+
"type": "attack_tool",
|
|
6476
7052
|
"category": "attack_attempt",
|
|
7053
|
+
"cwe": "200",
|
|
7054
|
+
"capec": "1000/118/169",
|
|
6477
7055
|
"tool_name": "Zgrab",
|
|
6478
7056
|
"confidence": "1"
|
|
6479
7057
|
},
|
|
@@ -6499,8 +7077,10 @@
|
|
|
6499
7077
|
"id": "ua0-600-45x",
|
|
6500
7078
|
"name": "Zmeu",
|
|
6501
7079
|
"tags": {
|
|
6502
|
-
"type": "
|
|
7080
|
+
"type": "attack_tool",
|
|
6503
7081
|
"category": "attack_attempt",
|
|
7082
|
+
"cwe": "200",
|
|
7083
|
+
"capec": "1000/118/169",
|
|
6504
7084
|
"tool_name": "Zmeu",
|
|
6505
7085
|
"confidence": "1"
|
|
6506
7086
|
},
|
|
@@ -6528,6 +7108,8 @@
|
|
|
6528
7108
|
"tags": {
|
|
6529
7109
|
"type": "commercial_scanner",
|
|
6530
7110
|
"category": "attack_attempt",
|
|
7111
|
+
"cwe": "200",
|
|
7112
|
+
"capec": "1000/118/169",
|
|
6531
7113
|
"tool_name": "GoogleSecurityScanner",
|
|
6532
7114
|
"confidence": "0"
|
|
6533
7115
|
},
|
|
@@ -6553,8 +7135,10 @@
|
|
|
6553
7135
|
"id": "ua0-600-48x",
|
|
6554
7136
|
"name": "Commix",
|
|
6555
7137
|
"tags": {
|
|
6556
|
-
"type": "
|
|
7138
|
+
"type": "attack_tool",
|
|
6557
7139
|
"category": "attack_attempt",
|
|
7140
|
+
"cwe": "200",
|
|
7141
|
+
"capec": "1000/118/169",
|
|
6558
7142
|
"tool_name": "Commix",
|
|
6559
7143
|
"confidence": "1"
|
|
6560
7144
|
},
|
|
@@ -6580,8 +7164,10 @@
|
|
|
6580
7164
|
"id": "ua0-600-49x",
|
|
6581
7165
|
"name": "Gobuster",
|
|
6582
7166
|
"tags": {
|
|
6583
|
-
"type": "
|
|
7167
|
+
"type": "attack_tool",
|
|
6584
7168
|
"category": "attack_attempt",
|
|
7169
|
+
"cwe": "200",
|
|
7170
|
+
"capec": "1000/118/169",
|
|
6585
7171
|
"tool_name": "Gobuster",
|
|
6586
7172
|
"confidence": "1"
|
|
6587
7173
|
},
|
|
@@ -6607,8 +7193,10 @@
|
|
|
6607
7193
|
"id": "ua0-600-4xx",
|
|
6608
7194
|
"name": "CGIchk",
|
|
6609
7195
|
"tags": {
|
|
6610
|
-
"type": "
|
|
7196
|
+
"type": "attack_tool",
|
|
6611
7197
|
"category": "attack_attempt",
|
|
7198
|
+
"cwe": "200",
|
|
7199
|
+
"capec": "1000/118/169",
|
|
6612
7200
|
"tool_name": "CGIchk",
|
|
6613
7201
|
"confidence": "1"
|
|
6614
7202
|
},
|
|
@@ -6634,8 +7222,10 @@
|
|
|
6634
7222
|
"id": "ua0-600-51x",
|
|
6635
7223
|
"name": "FFUF",
|
|
6636
7224
|
"tags": {
|
|
6637
|
-
"type": "
|
|
7225
|
+
"type": "attack_tool",
|
|
6638
7226
|
"category": "attack_attempt",
|
|
7227
|
+
"cwe": "200",
|
|
7228
|
+
"capec": "1000/118/169",
|
|
6639
7229
|
"tool_name": "FFUF",
|
|
6640
7230
|
"confidence": "1"
|
|
6641
7231
|
},
|
|
@@ -6661,8 +7251,10 @@
|
|
|
6661
7251
|
"id": "ua0-600-52x",
|
|
6662
7252
|
"name": "Nuclei",
|
|
6663
7253
|
"tags": {
|
|
6664
|
-
"type": "
|
|
7254
|
+
"type": "attack_tool",
|
|
6665
7255
|
"category": "attack_attempt",
|
|
7256
|
+
"cwe": "200",
|
|
7257
|
+
"capec": "1000/118/169",
|
|
6666
7258
|
"tool_name": "Nuclei",
|
|
6667
7259
|
"confidence": "1"
|
|
6668
7260
|
},
|
|
@@ -6688,8 +7280,10 @@
|
|
|
6688
7280
|
"id": "ua0-600-53x",
|
|
6689
7281
|
"name": "Tsunami",
|
|
6690
7282
|
"tags": {
|
|
6691
|
-
"type": "
|
|
7283
|
+
"type": "attack_tool",
|
|
6692
7284
|
"category": "attack_attempt",
|
|
7285
|
+
"cwe": "200",
|
|
7286
|
+
"capec": "1000/118/169",
|
|
6693
7287
|
"tool_name": "Tsunami",
|
|
6694
7288
|
"confidence": "1"
|
|
6695
7289
|
},
|
|
@@ -6715,8 +7309,10 @@
|
|
|
6715
7309
|
"id": "ua0-600-54x",
|
|
6716
7310
|
"name": "Nimbostratus",
|
|
6717
7311
|
"tags": {
|
|
6718
|
-
"type": "
|
|
7312
|
+
"type": "attack_tool",
|
|
6719
7313
|
"category": "attack_attempt",
|
|
7314
|
+
"cwe": "200",
|
|
7315
|
+
"capec": "1000/118/169",
|
|
6720
7316
|
"tool_name": "Nimbostratus",
|
|
6721
7317
|
"confidence": "1"
|
|
6722
7318
|
},
|
|
@@ -6744,6 +7340,8 @@
|
|
|
6744
7340
|
"tags": {
|
|
6745
7341
|
"type": "security_scanner",
|
|
6746
7342
|
"category": "attack_attempt",
|
|
7343
|
+
"cwe": "200",
|
|
7344
|
+
"capec": "1000/118/169",
|
|
6747
7345
|
"tool_name": "Datadog Canary Test",
|
|
6748
7346
|
"confidence": "1"
|
|
6749
7347
|
},
|
|
@@ -6775,8 +7373,10 @@
|
|
|
6775
7373
|
"id": "ua0-600-56x",
|
|
6776
7374
|
"name": "Datadog test scanner - blocking version: user-agent",
|
|
6777
7375
|
"tags": {
|
|
6778
|
-
"type": "
|
|
7376
|
+
"type": "attack_tool",
|
|
6779
7377
|
"category": "attack_attempt",
|
|
7378
|
+
"cwe": "200",
|
|
7379
|
+
"capec": "1000/118/169",
|
|
6780
7380
|
"tool_name": "Datadog Canary Test",
|
|
6781
7381
|
"confidence": "1"
|
|
6782
7382
|
},
|
|
@@ -6813,6 +7413,8 @@
|
|
|
6813
7413
|
"tags": {
|
|
6814
7414
|
"type": "commercial_scanner",
|
|
6815
7415
|
"category": "attack_attempt",
|
|
7416
|
+
"cwe": "200",
|
|
7417
|
+
"capec": "1000/118/169",
|
|
6816
7418
|
"tool_name": "AlertLogic",
|
|
6817
7419
|
"confidence": "0"
|
|
6818
7420
|
},
|
|
@@ -6838,8 +7440,10 @@
|
|
|
6838
7440
|
"id": "ua0-600-58x",
|
|
6839
7441
|
"name": "wfuzz",
|
|
6840
7442
|
"tags": {
|
|
6841
|
-
"type": "
|
|
7443
|
+
"type": "attack_tool",
|
|
6842
7444
|
"category": "attack_attempt",
|
|
7445
|
+
"cwe": "200",
|
|
7446
|
+
"capec": "1000/118/169",
|
|
6843
7447
|
"tool_name": "wfuzz",
|
|
6844
7448
|
"confidence": "1"
|
|
6845
7449
|
},
|
|
@@ -6867,6 +7471,8 @@
|
|
|
6867
7471
|
"tags": {
|
|
6868
7472
|
"type": "commercial_scanner",
|
|
6869
7473
|
"category": "attack_attempt",
|
|
7474
|
+
"cwe": "200",
|
|
7475
|
+
"capec": "1000/118/169",
|
|
6870
7476
|
"tool_name": "Detectify",
|
|
6871
7477
|
"confidence": "0"
|
|
6872
7478
|
},
|
|
@@ -6892,8 +7498,10 @@
|
|
|
6892
7498
|
"id": "ua0-600-5xx",
|
|
6893
7499
|
"name": "Blind SQL Injection Brute Forcer",
|
|
6894
7500
|
"tags": {
|
|
6895
|
-
"type": "
|
|
7501
|
+
"type": "attack_tool",
|
|
6896
7502
|
"category": "attack_attempt",
|
|
7503
|
+
"cwe": "200",
|
|
7504
|
+
"capec": "1000/118/169",
|
|
6897
7505
|
"tool_name": "BSQLBF",
|
|
6898
7506
|
"confidence": "1"
|
|
6899
7507
|
},
|
|
@@ -6919,8 +7527,10 @@
|
|
|
6919
7527
|
"id": "ua0-600-60x",
|
|
6920
7528
|
"name": "masscan",
|
|
6921
7529
|
"tags": {
|
|
6922
|
-
"type": "
|
|
7530
|
+
"type": "attack_tool",
|
|
6923
7531
|
"category": "attack_attempt",
|
|
7532
|
+
"cwe": "200",
|
|
7533
|
+
"capec": "1000/118/169",
|
|
6924
7534
|
"tool_name": "masscan",
|
|
6925
7535
|
"confidence": "1"
|
|
6926
7536
|
},
|
|
@@ -6946,8 +7556,10 @@
|
|
|
6946
7556
|
"id": "ua0-600-61x",
|
|
6947
7557
|
"name": "WPScan",
|
|
6948
7558
|
"tags": {
|
|
6949
|
-
"type": "
|
|
7559
|
+
"type": "attack_tool",
|
|
6950
7560
|
"category": "attack_attempt",
|
|
7561
|
+
"cwe": "200",
|
|
7562
|
+
"capec": "1000/118/169",
|
|
6951
7563
|
"tool_name": "WPScan",
|
|
6952
7564
|
"confidence": "1"
|
|
6953
7565
|
},
|
|
@@ -6975,6 +7587,8 @@
|
|
|
6975
7587
|
"tags": {
|
|
6976
7588
|
"type": "commercial_scanner",
|
|
6977
7589
|
"category": "attack_attempt",
|
|
7590
|
+
"cwe": "200",
|
|
7591
|
+
"capec": "1000/118/169",
|
|
6978
7592
|
"tool_name": "Aon",
|
|
6979
7593
|
"confidence": "0"
|
|
6980
7594
|
},
|
|
@@ -7002,6 +7616,8 @@
|
|
|
7002
7616
|
"tags": {
|
|
7003
7617
|
"type": "security_scanner",
|
|
7004
7618
|
"category": "attack_attempt",
|
|
7619
|
+
"cwe": "200",
|
|
7620
|
+
"capec": "1000/118/169",
|
|
7005
7621
|
"confidence": "1"
|
|
7006
7622
|
},
|
|
7007
7623
|
"conditions": [
|
|
@@ -7015,7 +7631,10 @@
|
|
|
7015
7631
|
]
|
|
7016
7632
|
}
|
|
7017
7633
|
],
|
|
7018
|
-
"regex": "mozilla/4\\.0 \\(compatible(; msie 6\\.0; win32)?\\)"
|
|
7634
|
+
"regex": "mozilla/4\\.0 \\(compatible(; msie (?:6\\.0; win32|4\\.0; Windows NT))?\\)",
|
|
7635
|
+
"options": {
|
|
7636
|
+
"case_sensitive": false
|
|
7637
|
+
}
|
|
7019
7638
|
},
|
|
7020
7639
|
"operator": "match_regex"
|
|
7021
7640
|
}
|
|
@@ -7026,8 +7645,10 @@
|
|
|
7026
7645
|
"id": "ua0-600-7xx",
|
|
7027
7646
|
"name": "SQLmap",
|
|
7028
7647
|
"tags": {
|
|
7029
|
-
"type": "
|
|
7648
|
+
"type": "attack_tool",
|
|
7030
7649
|
"category": "attack_attempt",
|
|
7650
|
+
"cwe": "200",
|
|
7651
|
+
"capec": "1000/118/169",
|
|
7031
7652
|
"tool_name": "SQLmap",
|
|
7032
7653
|
"confidence": "1"
|
|
7033
7654
|
},
|
|
@@ -7053,8 +7674,10 @@
|
|
|
7053
7674
|
"id": "ua0-600-9xx",
|
|
7054
7675
|
"name": "Skipfish",
|
|
7055
7676
|
"tags": {
|
|
7056
|
-
"type": "
|
|
7677
|
+
"type": "attack_tool",
|
|
7057
7678
|
"category": "attack_attempt",
|
|
7679
|
+
"cwe": "200",
|
|
7680
|
+
"capec": "1000/118/169",
|
|
7058
7681
|
"tool_name": "Skipfish",
|
|
7059
7682
|
"confidence": "1"
|
|
7060
7683
|
},
|
|
@@ -7077,4 +7700,4 @@
|
|
|
7077
7700
|
"transformers": []
|
|
7078
7701
|
}
|
|
7079
7702
|
]
|
|
7080
|
-
}
|
|
7703
|
+
}
|