ddtrace 1.5.0 → 1.5.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +43 -1
- data/LICENSE-3rdparty.csv +1 -0
- data/lib/datadog/appsec/assets/waf_rules/recommended.json +1169 -275
- data/lib/datadog/appsec/assets/waf_rules/risky.json +78 -78
- data/lib/datadog/appsec/assets/waf_rules/strict.json +278 -88
- data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +25 -18
- data/lib/datadog/appsec/contrib/rack/reactive/request.rb +11 -11
- data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +11 -11
- data/lib/datadog/appsec/contrib/rack/reactive/response.rb +11 -11
- data/lib/datadog/appsec/contrib/rack/request.rb +3 -0
- data/lib/datadog/appsec/contrib/rack/request_middleware.rb +42 -19
- data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +7 -6
- data/lib/datadog/appsec/contrib/rails/reactive/action.rb +11 -11
- data/lib/datadog/appsec/contrib/rails/request.rb +3 -0
- data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +14 -12
- data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +11 -11
- data/lib/datadog/appsec/event.rb +2 -12
- data/lib/datadog/appsec/instrumentation/gateway.rb +16 -2
- data/lib/datadog/appsec/processor.rb +18 -2
- data/lib/datadog/core/configuration/settings.rb +19 -5
- data/lib/datadog/tracing/client_ip.rb +11 -0
- data/lib/datadog/tracing/configuration/ext.rb +2 -1
- data/lib/datadog/tracing/contrib/rack/middlewares.rb +3 -1
- data/lib/datadog/tracing/contrib/utils/quantization/http.rb +14 -6
- data/lib/ddtrace/transport/traces.rb +2 -0
- data/lib/ddtrace/version.rb +1 -1
- metadata +3 -3
@@ -1,9 +1,34 @@
|
|
1
1
|
{
|
2
2
|
"version": "2.2",
|
3
3
|
"metadata": {
|
4
|
-
"rules_version": "1.
|
4
|
+
"rules_version": "1.4.1"
|
5
5
|
},
|
6
6
|
"rules": [
|
7
|
+
{
|
8
|
+
"id": "blk-001-001",
|
9
|
+
"name": "Block IP Addresses",
|
10
|
+
"tags": {
|
11
|
+
"type": "block_ip",
|
12
|
+
"category": "security_response"
|
13
|
+
},
|
14
|
+
"conditions": [
|
15
|
+
{
|
16
|
+
"parameters": {
|
17
|
+
"inputs": [
|
18
|
+
{
|
19
|
+
"address": "http.client_ip"
|
20
|
+
}
|
21
|
+
],
|
22
|
+
"data": "blocked_ips"
|
23
|
+
},
|
24
|
+
"operator": "ip_match"
|
25
|
+
}
|
26
|
+
],
|
27
|
+
"transformers": [],
|
28
|
+
"on_match": [
|
29
|
+
"block"
|
30
|
+
]
|
31
|
+
},
|
7
32
|
{
|
8
33
|
"id": "crs-913-110",
|
9
34
|
"name": "Acunetix",
|
@@ -224,7 +249,7 @@
|
|
224
249
|
"address": "server.request.headers.no_cookies"
|
225
250
|
}
|
226
251
|
],
|
227
|
-
"regex": "(
|
252
|
+
"regex": "(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\/|\\x5c)(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\\.))|\\.(?:%0[01]|\\?)?|\\?\\.?|0x2e){2,3}(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\/|\\x5c)",
|
228
253
|
"options": {
|
229
254
|
"min_length": 4
|
230
255
|
}
|
@@ -255,7 +280,7 @@
|
|
255
280
|
"address": "server.request.headers.no_cookies"
|
256
281
|
}
|
257
282
|
],
|
258
|
-
"regex": "(?:(?:^|[
|
283
|
+
"regex": "(?:(?:^|[\\x5c/])\\.{2,3}[\\x5c/]|[\\x5c/]\\.{2,3}(?:[\\x5c/]|$))",
|
259
284
|
"options": {
|
260
285
|
"case_sensitive": true,
|
261
286
|
"min_length": 3
|
@@ -299,6 +324,8 @@
|
|
299
324
|
"/.htpasswd",
|
300
325
|
"/.addressbook",
|
301
326
|
"/.aptitude/config",
|
327
|
+
".aws/config",
|
328
|
+
".aws/credentials",
|
302
329
|
"/.bash_config",
|
303
330
|
"/.bash_history",
|
304
331
|
"/.bash_logout",
|
@@ -330,6 +357,7 @@
|
|
330
357
|
"/.nano_history",
|
331
358
|
"/.node_repl_history",
|
332
359
|
"/.pearrc",
|
360
|
+
"/.pgpass",
|
333
361
|
"/.php_history",
|
334
362
|
"/.pinerc",
|
335
363
|
".pki/",
|
@@ -350,6 +378,8 @@
|
|
350
378
|
".ssh/id_rsa.pub",
|
351
379
|
".ssh/identity",
|
352
380
|
".ssh/identity.pub",
|
381
|
+
".ssh/id_ecdsa",
|
382
|
+
".ssh/id_ecdsa.pub",
|
353
383
|
".ssh/known_hosts",
|
354
384
|
".subversion/auth",
|
355
385
|
".subversion/config",
|
@@ -366,6 +396,225 @@
|
|
366
396
|
"/.zshrc",
|
367
397
|
"/.zsh_history",
|
368
398
|
"/.nsconfig",
|
399
|
+
"data/elasticsearch",
|
400
|
+
"data/kafka",
|
401
|
+
"etc/ansible",
|
402
|
+
"etc/bind",
|
403
|
+
"etc/centos-release",
|
404
|
+
"etc/centos-release-upstream",
|
405
|
+
"etc/clam.d",
|
406
|
+
"etc/elasticsearch",
|
407
|
+
"etc/freshclam.conf",
|
408
|
+
"etc/gshadow",
|
409
|
+
"etc/gshadow-",
|
410
|
+
"etc/httpd",
|
411
|
+
"etc/kafka",
|
412
|
+
"etc/kibana",
|
413
|
+
"etc/logstash",
|
414
|
+
"etc/lvm",
|
415
|
+
"etc/mongod.conf",
|
416
|
+
"etc/my.cnf",
|
417
|
+
"etc/nuxeo.conf",
|
418
|
+
"etc/pki",
|
419
|
+
"etc/postfix",
|
420
|
+
"etc/scw-release",
|
421
|
+
"etc/subgid",
|
422
|
+
"etc/subgid-",
|
423
|
+
"etc/sudoers.d",
|
424
|
+
"etc/sysconfig",
|
425
|
+
"etc/system-release-cpe",
|
426
|
+
"opt/nuxeo",
|
427
|
+
"opt/tomcat",
|
428
|
+
"tmp/kafka-logs",
|
429
|
+
"usr/lib/rpm/rpm.log",
|
430
|
+
"var/data/elasticsearch",
|
431
|
+
"var/lib/elasticsearch",
|
432
|
+
"etc/.java",
|
433
|
+
"etc/acpi",
|
434
|
+
"etc/alsa",
|
435
|
+
"etc/alternatives",
|
436
|
+
"etc/apache2",
|
437
|
+
"etc/apm",
|
438
|
+
"etc/apparmor",
|
439
|
+
"etc/apparmor.d",
|
440
|
+
"etc/apport",
|
441
|
+
"etc/apt",
|
442
|
+
"etc/asciidoc",
|
443
|
+
"etc/avahi",
|
444
|
+
"etc/bash_completion.d",
|
445
|
+
"etc/binfmt.d",
|
446
|
+
"etc/bluetooth",
|
447
|
+
"etc/bonobo-activation",
|
448
|
+
"etc/brltty",
|
449
|
+
"etc/ca-certificates",
|
450
|
+
"etc/calendar",
|
451
|
+
"etc/chatscripts",
|
452
|
+
"etc/chromium-browser",
|
453
|
+
"etc/clamav",
|
454
|
+
"etc/cni",
|
455
|
+
"etc/console-setup",
|
456
|
+
"etc/coraza-waf",
|
457
|
+
"etc/cracklib",
|
458
|
+
"etc/cron.d",
|
459
|
+
"etc/cron.daily",
|
460
|
+
"etc/cron.hourly",
|
461
|
+
"etc/cron.monthly",
|
462
|
+
"etc/cron.weekly",
|
463
|
+
"etc/cups",
|
464
|
+
"etc/cups.save",
|
465
|
+
"etc/cupshelpers",
|
466
|
+
"etc/dbus-1",
|
467
|
+
"etc/dconf",
|
468
|
+
"etc/default",
|
469
|
+
"etc/depmod.d",
|
470
|
+
"etc/dhcp",
|
471
|
+
"etc/dictionaries-common",
|
472
|
+
"etc/dkms",
|
473
|
+
"etc/dnsmasq.d",
|
474
|
+
"etc/dockeretc/dpkg",
|
475
|
+
"etc/emacs",
|
476
|
+
"etc/environment.d",
|
477
|
+
"etc/fail2ban",
|
478
|
+
"etc/firebird",
|
479
|
+
"etc/firefox",
|
480
|
+
"etc/fonts",
|
481
|
+
"etc/fwupd",
|
482
|
+
"etc/gconf",
|
483
|
+
"etc/gdb",
|
484
|
+
"etc/gdm3",
|
485
|
+
"etc/geoclue",
|
486
|
+
"etc/ghostscript",
|
487
|
+
"etc/gimp",
|
488
|
+
"etc/glvnd",
|
489
|
+
"etc/gnome",
|
490
|
+
"etc/gnome-vfs-2.0",
|
491
|
+
"etc/gnucash",
|
492
|
+
"etc/gnustep",
|
493
|
+
"etc/groff",
|
494
|
+
"etc/grub.d",
|
495
|
+
"etc/gss",
|
496
|
+
"etc/gtk-2.0",
|
497
|
+
"etc/gtk-3.0",
|
498
|
+
"etc/hp",
|
499
|
+
"etc/ifplugd",
|
500
|
+
"etc/imagemagick-6",
|
501
|
+
"etc/init",
|
502
|
+
"etc/init.d",
|
503
|
+
"etc/initramfs-tools",
|
504
|
+
"etc/insserv.conf.d",
|
505
|
+
"etc/iproute2",
|
506
|
+
"etc/iptables",
|
507
|
+
"etc/java",
|
508
|
+
"etc/java-11-openjdk",
|
509
|
+
"etc/java-17-oracle",
|
510
|
+
"etc/java-8-openjdk",
|
511
|
+
"etc/kernel",
|
512
|
+
"etc/ld.so.conf.d",
|
513
|
+
"etc/ldap",
|
514
|
+
"etc/libblockdev",
|
515
|
+
"etc/libibverbs.d",
|
516
|
+
"etc/libnl-3",
|
517
|
+
"etc/libpaper.d",
|
518
|
+
"etc/libreoffice",
|
519
|
+
"etc/lighttpd",
|
520
|
+
"etc/logcheck",
|
521
|
+
"etc/logrotate.d",
|
522
|
+
"etc/lynx",
|
523
|
+
"etc/mail",
|
524
|
+
"etc/mc",
|
525
|
+
"etc/menu",
|
526
|
+
"etc/menu-methods",
|
527
|
+
"etc/modprobe.d",
|
528
|
+
"etc/modsecurity",
|
529
|
+
"etc/modules-load.d",
|
530
|
+
"etc/monit",
|
531
|
+
"etc/mono",
|
532
|
+
"etc/mplayer",
|
533
|
+
"etc/mpv",
|
534
|
+
"etc/muttrc.d",
|
535
|
+
"etc/mysql",
|
536
|
+
"etc/netplan",
|
537
|
+
"etc/network",
|
538
|
+
"etc/networkd-dispatcher",
|
539
|
+
"etc/networkmanager",
|
540
|
+
"etc/newt",
|
541
|
+
"etc/nghttpx",
|
542
|
+
"etc/nikto",
|
543
|
+
"etc/odbcdatasources",
|
544
|
+
"etc/openal",
|
545
|
+
"etc/openmpi",
|
546
|
+
"etc/opt",
|
547
|
+
"etc/osync",
|
548
|
+
"etc/packagekit",
|
549
|
+
"etc/pam.d",
|
550
|
+
"etc/pcmcia",
|
551
|
+
"etc/perl",
|
552
|
+
"etc/php",
|
553
|
+
"etc/pki",
|
554
|
+
"etc/pm",
|
555
|
+
"etc/polkit-1",
|
556
|
+
"etc/postfix",
|
557
|
+
"etc/ppp",
|
558
|
+
"etc/profile.d",
|
559
|
+
"etc/proftpd",
|
560
|
+
"etc/pulse",
|
561
|
+
"etc/python",
|
562
|
+
"etc/rc0.d",
|
563
|
+
"etc/rc1.d",
|
564
|
+
"etc/rc2.d",
|
565
|
+
"etc/rc3.d",
|
566
|
+
"etc/rc4.d",
|
567
|
+
"etc/rc5.d",
|
568
|
+
"etc/rc6.d",
|
569
|
+
"etc/rcs.d",
|
570
|
+
"etc/resolvconf",
|
571
|
+
"etc/rsyslog.d",
|
572
|
+
"etc/samba",
|
573
|
+
"etc/sane.d",
|
574
|
+
"etc/security",
|
575
|
+
"etc/selinux",
|
576
|
+
"etc/sensors.d",
|
577
|
+
"etc/sgml",
|
578
|
+
"etc/signon-ui",
|
579
|
+
"etc/skel",
|
580
|
+
"etc/snmp",
|
581
|
+
"etc/sound",
|
582
|
+
"etc/spamassassin",
|
583
|
+
"etc/speech-dispatcher",
|
584
|
+
"etc/ssh",
|
585
|
+
"etc/ssl",
|
586
|
+
"etc/sudoers.d",
|
587
|
+
"etc/sysctl.d",
|
588
|
+
"etc/sysstat",
|
589
|
+
"etc/systemd",
|
590
|
+
"etc/terminfo",
|
591
|
+
"etc/texmf",
|
592
|
+
"etc/thermald",
|
593
|
+
"etc/thnuclnt",
|
594
|
+
"etc/thunderbird",
|
595
|
+
"etc/timidity",
|
596
|
+
"etc/tmpfiles.d",
|
597
|
+
"etc/ubuntu-advantage",
|
598
|
+
"etc/udev",
|
599
|
+
"etc/udisks2",
|
600
|
+
"etc/ufw",
|
601
|
+
"etc/update-manager",
|
602
|
+
"etc/update-motd.d",
|
603
|
+
"etc/update-notifier",
|
604
|
+
"etc/upower",
|
605
|
+
"etc/urlview",
|
606
|
+
"etc/usb_modeswitch.d",
|
607
|
+
"etc/vim",
|
608
|
+
"etc/vmware",
|
609
|
+
"etc/vmware-installer",
|
610
|
+
"etc/vmware-vix",
|
611
|
+
"etc/vulkan",
|
612
|
+
"etc/w3m",
|
613
|
+
"etc/wireshark",
|
614
|
+
"etc/wpa_supplicant",
|
615
|
+
"etc/x11",
|
616
|
+
"etc/xdg",
|
617
|
+
"etc/xml",
|
369
618
|
"etc/redis.conf",
|
370
619
|
"etc/redis-sentinel.conf",
|
371
620
|
"etc/php.ini",
|
@@ -417,10 +666,8 @@
|
|
417
666
|
"usr/local/cpanel/logs/license_log",
|
418
667
|
"usr/local/cpanel/logs/login_log",
|
419
668
|
"var/cpanel/cpanel.config",
|
420
|
-
"var/log/sw-cp-server/error_log",
|
421
669
|
"usr/local/psa/admin/logs/httpsd_access_log",
|
422
670
|
"usr/local/psa/admin/logs/panel.log",
|
423
|
-
"var/log/sso/sso.log",
|
424
671
|
"usr/local/psa/admin/conf/php.ini",
|
425
672
|
"etc/sw-cp-server/applications.d/plesk.conf",
|
426
673
|
"usr/local/psa/admin/conf/site_isolation_settings.ini",
|
@@ -428,16 +675,6 @@
|
|
428
675
|
"etc/sw-cp-server/applications.d/00-sso-cpserver.conf",
|
429
676
|
"etc/sso/sso_config.ini",
|
430
677
|
"etc/mysql/conf.d/old_passwords.cnf",
|
431
|
-
"var/log/mysql/mysql-bin.log",
|
432
|
-
"var/log/mysql/mysql-bin.index",
|
433
|
-
"var/log/mysql/data/mysql-bin.index",
|
434
|
-
"var/log/mysql.log",
|
435
|
-
"var/log/mysql.err",
|
436
|
-
"var/log/mysqlderror.log",
|
437
|
-
"var/log/mysql/mysql.log",
|
438
|
-
"var/log/mysql/mysql-slow.log",
|
439
|
-
"var/log/mysql-bin.index",
|
440
|
-
"var/log/data/mysql-bin.index",
|
441
678
|
"var/mysql.log",
|
442
679
|
"var/mysql-bin.index",
|
443
680
|
"var/data/mysql-bin.index",
|
@@ -474,21 +711,6 @@
|
|
474
711
|
"mysql/my.cnf",
|
475
712
|
"mysql/bin/my.ini",
|
476
713
|
"var/postgresql/log/postgresql.log",
|
477
|
-
"var/log/postgresql/postgresql.log",
|
478
|
-
"var/log/postgres/pg_backup.log",
|
479
|
-
"var/log/postgres/postgres.log",
|
480
|
-
"var/log/postgresql.log",
|
481
|
-
"var/log/pgsql/pgsql.log",
|
482
|
-
"var/log/postgresql/postgresql-8.1-main.log",
|
483
|
-
"var/log/postgresql/postgresql-8.3-main.log",
|
484
|
-
"var/log/postgresql/postgresql-8.4-main.log",
|
485
|
-
"var/log/postgresql/postgresql-9.0-main.log",
|
486
|
-
"var/log/postgresql/postgresql-9.1-main.log",
|
487
|
-
"var/log/pgsql8.log",
|
488
|
-
"var/log/postgresql/postgres.log",
|
489
|
-
"var/log/pgsql_log",
|
490
|
-
"var/log/postgresql/main.log",
|
491
|
-
"var/log/cron/var/log/postgres.log",
|
492
714
|
"usr/internet/pgsql/data/postmaster.log",
|
493
715
|
"usr/local/pgsql/data/postgresql.log",
|
494
716
|
"usr/local/pgsql/data/pg_log",
|
@@ -572,29 +794,21 @@
|
|
572
794
|
"windows/system32/logfiles/msftpsvc2",
|
573
795
|
"etc/logrotate.d/proftpd",
|
574
796
|
"www/logs/proftpd.system.log",
|
575
|
-
"var/log/proftpd",
|
576
|
-
"var/log/proftpd/xferlog.legacy",
|
577
|
-
"var/log/proftpd.access_log",
|
578
|
-
"var/log/proftpd.xferlog",
|
579
797
|
"etc/pam.d/proftpd",
|
580
798
|
"etc/proftp.conf",
|
581
799
|
"etc/protpd/proftpd.conf",
|
582
800
|
"etc/vhcs2/proftpd/proftpd.conf",
|
583
801
|
"etc/proftpd/modules.conf",
|
584
|
-
"var/log/vsftpd.log",
|
585
802
|
"etc/vsftpd.chroot_list",
|
586
803
|
"etc/logrotate.d/vsftpd.log",
|
587
804
|
"etc/vsftpd/vsftpd.conf",
|
588
805
|
"etc/vsftpd.conf",
|
589
806
|
"etc/chrootusers",
|
590
|
-
"var/log/xferlog",
|
591
807
|
"var/adm/log/xferlog",
|
592
808
|
"etc/wu-ftpd/ftpaccess",
|
593
809
|
"etc/wu-ftpd/ftphosts",
|
594
810
|
"etc/wu-ftpd/ftpusers",
|
595
|
-
"var/log/pure-ftpd/pure-ftpd.log",
|
596
811
|
"logs/pure-ftpd.log",
|
597
|
-
"var/log/pureftpd.log",
|
598
812
|
"usr/sbin/pure-config.pl",
|
599
813
|
"usr/etc/pure-ftpd.conf",
|
600
814
|
"etc/pure-ftpd/pure-ftpd.conf",
|
@@ -620,30 +834,18 @@
|
|
620
834
|
"usr/ports/contrib/pure-ftpd/pure-ftpd.conf",
|
621
835
|
"usr/ports/contrib/pure-ftpd/pureftpd.pdb",
|
622
836
|
"usr/ports/contrib/pure-ftpd/pureftpd.passwd",
|
623
|
-
"var/log/muddleftpd",
|
624
837
|
"usr/sbin/mudlogd",
|
625
838
|
"etc/muddleftpd/mudlog",
|
626
839
|
"etc/muddleftpd.com",
|
627
840
|
"etc/muddleftpd/mudlogd.conf",
|
628
841
|
"etc/muddleftpd/muddleftpd.conf",
|
629
|
-
"var/log/muddleftpd.conf",
|
630
842
|
"usr/sbin/mudpasswd",
|
631
843
|
"etc/muddleftpd/muddleftpd.passwd",
|
632
844
|
"etc/muddleftpd/passwd",
|
633
|
-
"var/log/ftp-proxy/ftp-proxy.log",
|
634
|
-
"var/log/ftp-proxy",
|
635
|
-
"var/log/ftplog",
|
636
845
|
"etc/logrotate.d/ftp",
|
637
846
|
"etc/ftpchroot",
|
638
847
|
"etc/ftphosts",
|
639
848
|
"etc/ftpusers",
|
640
|
-
"var/log/exim_mainlog",
|
641
|
-
"var/log/exim/mainlog",
|
642
|
-
"var/log/maillog",
|
643
|
-
"var/log/exim_paniclog",
|
644
|
-
"var/log/exim/paniclog",
|
645
|
-
"var/log/exim/rejectlog",
|
646
|
-
"var/log/exim_rejectlog",
|
647
849
|
"winnt/system32/logfiles/smtpsvc",
|
648
850
|
"winnt/system32/logfiles/smtpsvc1",
|
649
851
|
"winnt/system32/logfiles/smtpsvc2",
|
@@ -716,7 +918,6 @@
|
|
716
918
|
"library/webserver/documents/default.htm",
|
717
919
|
"library/webserver/documents/index.php",
|
718
920
|
"library/webserver/documents/default.php",
|
719
|
-
"var/log/webmin/miniserv.log",
|
720
921
|
"usr/local/etc/webmin/miniserv.conf",
|
721
922
|
"etc/webmin/miniserv.conf",
|
722
923
|
"usr/local/etc/webmin/miniserv.users",
|
@@ -729,8 +930,6 @@
|
|
729
930
|
"windows/system32/logfiles/w3svc1/inetsvn1.log",
|
730
931
|
"windows/system32/logfiles/w3svc2/inetsvn1.log",
|
731
932
|
"windows/system32/logfiles/w3svc3/inetsvn1.log",
|
732
|
-
"var/log/httpd/access_log",
|
733
|
-
"var/log/httpd/error_log",
|
734
933
|
"apache/logs/error.log",
|
735
934
|
"apache/logs/access.log",
|
736
935
|
"apache2/logs/error.log",
|
@@ -753,20 +952,6 @@
|
|
753
952
|
"var/www/logs/access.log",
|
754
953
|
"var/www/logs/error_log",
|
755
954
|
"var/www/logs/error.log",
|
756
|
-
"var/log/httpd/access.log",
|
757
|
-
"var/log/httpd/error.log",
|
758
|
-
"var/log/apache/access_log",
|
759
|
-
"var/log/apache/access.log",
|
760
|
-
"var/log/apache/error_log",
|
761
|
-
"var/log/apache/error.log",
|
762
|
-
"var/log/apache2/access_log",
|
763
|
-
"var/log/apache2/access.log",
|
764
|
-
"var/log/apache2/error_log",
|
765
|
-
"var/log/apache2/error.log",
|
766
|
-
"var/log/access_log",
|
767
|
-
"var/log/access.log",
|
768
|
-
"var/log/error_log",
|
769
|
-
"var/log/error.log",
|
770
955
|
"opt/lampp/logs/access_log",
|
771
956
|
"opt/lampp/logs/error_log",
|
772
957
|
"opt/xampp/logs/access_log",
|
@@ -905,7 +1090,6 @@
|
|
905
1090
|
"usr/share/tomcat6/conf/context.xml",
|
906
1091
|
"usr/share/tomcat6/conf/workers.properties",
|
907
1092
|
"usr/share/tomcat6/conf/logging.properties",
|
908
|
-
"var/log/tomcat6/catalina.out",
|
909
1093
|
"var/cpanel/tomcat.options",
|
910
1094
|
"usr/local/jakarta/tomcat/logs/catalina.out",
|
911
1095
|
"usr/local/jakarta/tomcat/logs/catalina.err",
|
@@ -986,23 +1170,14 @@
|
|
986
1170
|
"program files/[jboss]/server/default/log/boot.log",
|
987
1171
|
"[jboss]/server/default/log/server.log",
|
988
1172
|
"[jboss]/server/default/log/boot.log",
|
989
|
-
"var/log/lighttpd.error.log",
|
990
|
-
"var/log/lighttpd.access.log",
|
991
1173
|
"var/lighttpd.log",
|
992
1174
|
"var/logs/access.log",
|
993
|
-
"var/log/lighttpd/",
|
994
|
-
"var/log/lighttpd/error.log",
|
995
|
-
"var/log/lighttpd/access.www.log",
|
996
|
-
"var/log/lighttpd/error.www.log",
|
997
|
-
"var/log/lighttpd/access.log",
|
998
1175
|
"usr/local/apache2/logs/lighttpd.error.log",
|
999
1176
|
"usr/local/apache2/logs/lighttpd.log",
|
1000
1177
|
"usr/local/apache/logs/lighttpd.error.log",
|
1001
1178
|
"usr/local/apache/logs/lighttpd.log",
|
1002
1179
|
"usr/local/lighttpd/log/lighttpd.error.log",
|
1003
1180
|
"usr/local/lighttpd/log/access.log",
|
1004
|
-
"var/log/lighttpd/{domain}/access.log",
|
1005
|
-
"var/log/lighttpd/{domain}/error.log",
|
1006
1181
|
"usr/home/user/var/log/lighttpd.error.log",
|
1007
1182
|
"usr/home/user/var/log/apache.log",
|
1008
1183
|
"home/user/lighttpd/lighttpd.conf",
|
@@ -1012,12 +1187,6 @@
|
|
1012
1187
|
"usr/local/lighttpd/conf/lighttpd.conf",
|
1013
1188
|
"usr/local/etc/lighttpd.conf.new",
|
1014
1189
|
"var/www/.lighttpdpassword",
|
1015
|
-
"var/log/nginx/access_log",
|
1016
|
-
"var/log/nginx/error_log",
|
1017
|
-
"var/log/nginx/access.log",
|
1018
|
-
"var/log/nginx/error.log",
|
1019
|
-
"var/log/nginx.access_log",
|
1020
|
-
"var/log/nginx.error_log",
|
1021
1190
|
"logs/access_log",
|
1022
1191
|
"logs/error_log",
|
1023
1192
|
"etc/nginx/nginx.conf",
|
@@ -1033,12 +1202,6 @@
|
|
1033
1202
|
"usr/local/logs/access.log",
|
1034
1203
|
"usr/local/samba/lib/log.user",
|
1035
1204
|
"usr/local/logs/samba.log",
|
1036
|
-
"var/log/samba/log.smbd",
|
1037
|
-
"var/log/samba/log.nmbd",
|
1038
|
-
"var/log/samba.log",
|
1039
|
-
"var/log/samba.log1",
|
1040
|
-
"var/log/samba.log2",
|
1041
|
-
"var/log/log.smb",
|
1042
1205
|
"etc/samba/netlogon",
|
1043
1206
|
"etc/smbpasswd",
|
1044
1207
|
"etc/smb.conf",
|
@@ -1067,10 +1230,6 @@
|
|
1067
1230
|
"etc/wicd/manager-settings.conf",
|
1068
1231
|
"etc/wicd/wired-settings.conf",
|
1069
1232
|
"etc/wicd/wireless-settings.conf",
|
1070
|
-
"var/log/ipfw.log",
|
1071
|
-
"var/log/ipfw",
|
1072
|
-
"var/log/ipfw/ipfw.log",
|
1073
|
-
"var/log/ipfw.today",
|
1074
1233
|
"etc/ipfw.rules",
|
1075
1234
|
"etc/ipfw.conf",
|
1076
1235
|
"etc/firewall.rules",
|
@@ -1089,33 +1248,6 @@
|
|
1089
1248
|
"etc/bluetooth/main.conf",
|
1090
1249
|
"etc/bluetooth/network.conf",
|
1091
1250
|
"etc/bluetooth/rfcomm.conf",
|
1092
|
-
"proc/self/environ",
|
1093
|
-
"proc/self/mounts",
|
1094
|
-
"proc/self/stat",
|
1095
|
-
"proc/self/status",
|
1096
|
-
"proc/self/cmdline",
|
1097
|
-
"proc/self/fd/0",
|
1098
|
-
"proc/self/fd/1",
|
1099
|
-
"proc/self/fd/2",
|
1100
|
-
"proc/self/fd/3",
|
1101
|
-
"proc/self/fd/4",
|
1102
|
-
"proc/self/fd/5",
|
1103
|
-
"proc/self/fd/6",
|
1104
|
-
"proc/self/fd/7",
|
1105
|
-
"proc/self/fd/8",
|
1106
|
-
"proc/self/fd/9",
|
1107
|
-
"proc/self/fd/10",
|
1108
|
-
"proc/self/fd/11",
|
1109
|
-
"proc/self/fd/12",
|
1110
|
-
"proc/self/fd/13",
|
1111
|
-
"proc/self/fd/14",
|
1112
|
-
"proc/self/fd/15",
|
1113
|
-
"proc/version",
|
1114
|
-
"proc/devices",
|
1115
|
-
"proc/cpuinfo",
|
1116
|
-
"proc/meminfo",
|
1117
|
-
"proc/net/tcp",
|
1118
|
-
"proc/net/udp",
|
1119
1251
|
"etc/bash_completion.d/debconf",
|
1120
1252
|
"root/.bash_logout",
|
1121
1253
|
"root/.bash_history",
|
@@ -1153,39 +1285,12 @@
|
|
1153
1285
|
"var/adm/aculog",
|
1154
1286
|
"var/adm/vold.log",
|
1155
1287
|
"var/adm/log/asppp.log",
|
1156
|
-
"var/log/poplog",
|
1157
|
-
"var/log/authlog",
|
1158
1288
|
"var/lp/logs/lpsched",
|
1159
1289
|
"var/lp/logs/lpnet",
|
1160
1290
|
"var/lp/logs/requests",
|
1161
1291
|
"var/cron/log",
|
1162
1292
|
"var/saf/_log",
|
1163
1293
|
"var/saf/port/log",
|
1164
|
-
"var/log/news.all",
|
1165
|
-
"var/log/news/news.all",
|
1166
|
-
"var/log/news/news.crit",
|
1167
|
-
"var/log/news/news.err",
|
1168
|
-
"var/log/news/news.notice",
|
1169
|
-
"var/log/news/suck.err",
|
1170
|
-
"var/log/news/suck.notice",
|
1171
|
-
"var/log/messages",
|
1172
|
-
"var/log/messages.1",
|
1173
|
-
"var/log/user.log",
|
1174
|
-
"var/log/user.log.1",
|
1175
|
-
"var/log/auth.log",
|
1176
|
-
"var/log/pm-powersave.log",
|
1177
|
-
"var/log/xorg.0.log",
|
1178
|
-
"var/log/daemon.log",
|
1179
|
-
"var/log/daemon.log.1",
|
1180
|
-
"var/log/kern.log",
|
1181
|
-
"var/log/kern.log.1",
|
1182
|
-
"var/log/mail.err",
|
1183
|
-
"var/log/mail.info",
|
1184
|
-
"var/log/mail.warn",
|
1185
|
-
"var/log/ufw.log",
|
1186
|
-
"var/log/boot.log",
|
1187
|
-
"var/log/syslog",
|
1188
|
-
"var/log/syslog.1",
|
1189
1294
|
"tmp/access.log",
|
1190
1295
|
"etc/sensors.conf",
|
1191
1296
|
"etc/sensors3.conf",
|
@@ -1271,6 +1376,8 @@
|
|
1271
1376
|
"etc/sudoers",
|
1272
1377
|
"etc/sysconfig/network-scripts/ifcfg-eth0",
|
1273
1378
|
"etc/redhat-release",
|
1379
|
+
"etc/scw-release",
|
1380
|
+
"etc/system-release-cpe",
|
1274
1381
|
"etc/debian_version",
|
1275
1382
|
"etc/fedora-release",
|
1276
1383
|
"etc/mandrake-release",
|
@@ -1287,11 +1394,7 @@
|
|
1287
1394
|
"root/.ksh_history",
|
1288
1395
|
"root/.xauthority",
|
1289
1396
|
"usr/lib/security/mkuser.default",
|
1290
|
-
"var/log/squirrelmail.log",
|
1291
|
-
"var/log/apache2/squirrelmail.log",
|
1292
|
-
"var/log/apache2/squirrelmail.err.log",
|
1293
1397
|
"var/lib/squirrelmail/prefs/squirrelmail.log",
|
1294
|
-
"var/log/mail.log",
|
1295
1398
|
"etc/squirrelmail/apache.conf",
|
1296
1399
|
"etc/squirrelmail/config_local.php",
|
1297
1400
|
"etc/squirrelmail/default_pref",
|
@@ -1345,6 +1448,134 @@
|
|
1345
1448
|
"etc/vmware-tools/config",
|
1346
1449
|
"etc/vmware-tools/tpvmlp.conf",
|
1347
1450
|
"etc/vmware-tools/vmware-tools-libraries.conf",
|
1451
|
+
"var/log",
|
1452
|
+
"var/log/sw-cp-server/error_log",
|
1453
|
+
"var/log/sso/sso.log",
|
1454
|
+
"var/log/dpkg.log",
|
1455
|
+
"var/log/btmp",
|
1456
|
+
"var/log/utmp",
|
1457
|
+
"var/log/wtmp",
|
1458
|
+
"var/log/mysql/mysql-bin.log",
|
1459
|
+
"var/log/mysql/mysql-bin.index",
|
1460
|
+
"var/log/mysql/data/mysql-bin.index",
|
1461
|
+
"var/log/mysql.log",
|
1462
|
+
"var/log/mysql.err",
|
1463
|
+
"var/log/mysqlderror.log",
|
1464
|
+
"var/log/mysql/mysql.log",
|
1465
|
+
"var/log/mysql/mysql-slow.log",
|
1466
|
+
"var/log/mysql-bin.index",
|
1467
|
+
"var/log/data/mysql-bin.index",
|
1468
|
+
"var/log/postgresql/postgresql.log",
|
1469
|
+
"var/log/postgres/pg_backup.log",
|
1470
|
+
"var/log/postgres/postgres.log",
|
1471
|
+
"var/log/postgresql.log",
|
1472
|
+
"var/log/pgsql/pgsql.log",
|
1473
|
+
"var/log/postgresql/postgresql-8.1-main.log",
|
1474
|
+
"var/log/postgresql/postgresql-8.3-main.log",
|
1475
|
+
"var/log/postgresql/postgresql-8.4-main.log",
|
1476
|
+
"var/log/postgresql/postgresql-9.0-main.log",
|
1477
|
+
"var/log/postgresql/postgresql-9.1-main.log",
|
1478
|
+
"var/log/pgsql8.log",
|
1479
|
+
"var/log/postgresql/postgres.log",
|
1480
|
+
"var/log/pgsql_log",
|
1481
|
+
"var/log/postgresql/main.log",
|
1482
|
+
"var/log/cron",
|
1483
|
+
"var/log/postgres.log",
|
1484
|
+
"var/log/proftpd",
|
1485
|
+
"var/log/proftpd/xferlog.legacy",
|
1486
|
+
"var/log/proftpd.access_log",
|
1487
|
+
"var/log/proftpd.xferlog",
|
1488
|
+
"var/log/vsftpd.log",
|
1489
|
+
"var/log/xferlog",
|
1490
|
+
"var/log/pure-ftpd/pure-ftpd.log",
|
1491
|
+
"var/log/pureftpd.log",
|
1492
|
+
"var/log/muddleftpd",
|
1493
|
+
"var/log/muddleftpd.conf",
|
1494
|
+
"var/log/ftp-proxy/ftp-proxy.log",
|
1495
|
+
"var/log/ftp-proxy",
|
1496
|
+
"var/log/ftplog",
|
1497
|
+
"var/log/exim_mainlog",
|
1498
|
+
"var/log/exim/mainlog",
|
1499
|
+
"var/log/maillog",
|
1500
|
+
"var/log/exim_paniclog",
|
1501
|
+
"var/log/exim/paniclog",
|
1502
|
+
"var/log/exim/rejectlog",
|
1503
|
+
"var/log/exim_rejectlog",
|
1504
|
+
"var/log/webmin/miniserv.log",
|
1505
|
+
"var/log/httpd/access_log",
|
1506
|
+
"var/log/httpd/error_log",
|
1507
|
+
"var/log/httpd/access.log",
|
1508
|
+
"var/log/httpd/error.log",
|
1509
|
+
"var/log/apache/access_log",
|
1510
|
+
"var/log/apache/access.log",
|
1511
|
+
"var/log/apache/error_log",
|
1512
|
+
"var/log/apache/error.log",
|
1513
|
+
"var/log/apache2/access_log",
|
1514
|
+
"var/log/apache2/access.log",
|
1515
|
+
"var/log/apache2/error_log",
|
1516
|
+
"var/log/apache2/error.log",
|
1517
|
+
"var/log/access_log",
|
1518
|
+
"var/log/access.log",
|
1519
|
+
"var/log/error_log",
|
1520
|
+
"var/log/error.log",
|
1521
|
+
"var/log/tomcat6/catalina.out",
|
1522
|
+
"var/log/lighttpd.error.log",
|
1523
|
+
"var/log/lighttpd.access.log",
|
1524
|
+
"var/logs/access.log",
|
1525
|
+
"var/log/lighttpd/",
|
1526
|
+
"var/log/lighttpd/error.log",
|
1527
|
+
"var/log/lighttpd/access.www.log",
|
1528
|
+
"var/log/lighttpd/error.www.log",
|
1529
|
+
"var/log/lighttpd/access.log",
|
1530
|
+
"var/log/lighttpd/{domain}/access.log",
|
1531
|
+
"var/log/lighttpd/{domain}/error.log",
|
1532
|
+
"var/log/nginx/access_log",
|
1533
|
+
"var/log/nginx/error_log",
|
1534
|
+
"var/log/nginx/access.log",
|
1535
|
+
"var/log/nginx/error.log",
|
1536
|
+
"var/log/nginx.access_log",
|
1537
|
+
"var/log/nginx.error_log",
|
1538
|
+
"var/log/samba/log.smbd",
|
1539
|
+
"var/log/samba/log.nmbd",
|
1540
|
+
"var/log/samba.log",
|
1541
|
+
"var/log/samba.log1",
|
1542
|
+
"var/log/samba.log2",
|
1543
|
+
"var/log/log.smb",
|
1544
|
+
"var/log/ipfw.log",
|
1545
|
+
"var/log/ipfw",
|
1546
|
+
"var/log/ipfw/ipfw.log",
|
1547
|
+
"var/log/ipfw.today",
|
1548
|
+
"var/log/poplog",
|
1549
|
+
"var/log/authlog",
|
1550
|
+
"var/log/news.all",
|
1551
|
+
"var/log/news/news.all",
|
1552
|
+
"var/log/news/news.crit",
|
1553
|
+
"var/log/news/news.err",
|
1554
|
+
"var/log/news/news.notice",
|
1555
|
+
"var/log/news/suck.err",
|
1556
|
+
"var/log/news/suck.notice",
|
1557
|
+
"var/log/messages",
|
1558
|
+
"var/log/messages.1",
|
1559
|
+
"var/log/user.log",
|
1560
|
+
"var/log/user.log.1",
|
1561
|
+
"var/log/auth.log",
|
1562
|
+
"var/log/pm-powersave.log",
|
1563
|
+
"var/log/xorg.0.log",
|
1564
|
+
"var/log/daemon.log",
|
1565
|
+
"var/log/daemon.log.1",
|
1566
|
+
"var/log/kern.log",
|
1567
|
+
"var/log/kern.log.1",
|
1568
|
+
"var/log/mail.err",
|
1569
|
+
"var/log/mail.info",
|
1570
|
+
"var/log/mail.warn",
|
1571
|
+
"var/log/ufw.log",
|
1572
|
+
"var/log/boot.log",
|
1573
|
+
"var/log/syslog",
|
1574
|
+
"var/log/syslog.1",
|
1575
|
+
"var/log/squirrelmail.log",
|
1576
|
+
"var/log/apache2/squirrelmail.log",
|
1577
|
+
"var/log/apache2/squirrelmail.err.log",
|
1578
|
+
"var/log/mail.log",
|
1348
1579
|
"var/log/vmware/hostd.log",
|
1349
1580
|
"var/log/vmware/hostd-1.log",
|
1350
1581
|
"/wp-config.php",
|
@@ -1369,8 +1600,8 @@
|
|
1369
1600
|
"/web.config",
|
1370
1601
|
"includes/config.php",
|
1371
1602
|
"includes/configure.php",
|
1372
|
-
"config.inc.php",
|
1373
|
-
"localsettings.php",
|
1603
|
+
"/config.inc.php",
|
1604
|
+
"/localsettings.php",
|
1374
1605
|
"inc/config.php",
|
1375
1606
|
"typo3conf/localconf.php",
|
1376
1607
|
"config/app.php",
|
@@ -1397,7 +1628,122 @@
|
|
1397
1628
|
"/ormconfig.json",
|
1398
1629
|
"/tsconfig.json",
|
1399
1630
|
"/webpack.config.js",
|
1400
|
-
"/yarn.lock"
|
1631
|
+
"/yarn.lock",
|
1632
|
+
"proc/0",
|
1633
|
+
"proc/1",
|
1634
|
+
"proc/2",
|
1635
|
+
"proc/3",
|
1636
|
+
"proc/4",
|
1637
|
+
"proc/5",
|
1638
|
+
"proc/6",
|
1639
|
+
"proc/7",
|
1640
|
+
"proc/8",
|
1641
|
+
"proc/9",
|
1642
|
+
"proc/acpi",
|
1643
|
+
"proc/asound",
|
1644
|
+
"proc/bootconfig",
|
1645
|
+
"proc/buddyinfo",
|
1646
|
+
"proc/bus",
|
1647
|
+
"proc/cgroups",
|
1648
|
+
"proc/cmdline",
|
1649
|
+
"proc/config.gz",
|
1650
|
+
"proc/consoles",
|
1651
|
+
"proc/cpuinfo",
|
1652
|
+
"proc/crypto",
|
1653
|
+
"proc/devices",
|
1654
|
+
"proc/diskstats",
|
1655
|
+
"proc/dma",
|
1656
|
+
"proc/docker",
|
1657
|
+
"proc/driver",
|
1658
|
+
"proc/dynamic_debug",
|
1659
|
+
"proc/execdomains",
|
1660
|
+
"proc/fb",
|
1661
|
+
"proc/filesystems",
|
1662
|
+
"proc/fs",
|
1663
|
+
"proc/interrupts",
|
1664
|
+
"proc/iomem",
|
1665
|
+
"proc/ioports",
|
1666
|
+
"proc/ipmi",
|
1667
|
+
"proc/irq",
|
1668
|
+
"proc/kallsyms",
|
1669
|
+
"proc/kcore",
|
1670
|
+
"proc/keys",
|
1671
|
+
"proc/keys",
|
1672
|
+
"proc/key-users",
|
1673
|
+
"proc/kmsg",
|
1674
|
+
"proc/kpagecgroup",
|
1675
|
+
"proc/kpagecount",
|
1676
|
+
"proc/kpageflags",
|
1677
|
+
"proc/latency_stats",
|
1678
|
+
"proc/loadavg",
|
1679
|
+
"proc/locks",
|
1680
|
+
"proc/mdstat",
|
1681
|
+
"proc/meminfo",
|
1682
|
+
"proc/misc",
|
1683
|
+
"proc/modules",
|
1684
|
+
"proc/mounts",
|
1685
|
+
"proc/mpt",
|
1686
|
+
"proc/mtd",
|
1687
|
+
"proc/mtrr",
|
1688
|
+
"proc/net",
|
1689
|
+
"proc/net/tcp",
|
1690
|
+
"proc/net/udp",
|
1691
|
+
"proc/pagetypeinfo",
|
1692
|
+
"proc/partitions",
|
1693
|
+
"proc/pressure",
|
1694
|
+
"proc/sched_debug",
|
1695
|
+
"proc/schedstat",
|
1696
|
+
"proc/scsi",
|
1697
|
+
"proc/self",
|
1698
|
+
"proc/self/cmdline",
|
1699
|
+
"proc/self/environ",
|
1700
|
+
"proc/self/fd/0",
|
1701
|
+
"proc/self/fd/1",
|
1702
|
+
"proc/self/fd/10",
|
1703
|
+
"proc/self/fd/11",
|
1704
|
+
"proc/self/fd/12",
|
1705
|
+
"proc/self/fd/13",
|
1706
|
+
"proc/self/fd/14",
|
1707
|
+
"proc/self/fd/15",
|
1708
|
+
"proc/self/fd/2",
|
1709
|
+
"proc/self/fd/3",
|
1710
|
+
"proc/self/fd/4",
|
1711
|
+
"proc/self/fd/5",
|
1712
|
+
"proc/self/fd/6",
|
1713
|
+
"proc/self/fd/7",
|
1714
|
+
"proc/self/fd/8",
|
1715
|
+
"proc/self/fd/9",
|
1716
|
+
"proc/self/mounts",
|
1717
|
+
"proc/self/stat",
|
1718
|
+
"proc/self/status",
|
1719
|
+
"proc/slabinfo",
|
1720
|
+
"proc/softirqs",
|
1721
|
+
"proc/stat",
|
1722
|
+
"proc/swaps",
|
1723
|
+
"proc/sys",
|
1724
|
+
"proc/sysrq-trigger",
|
1725
|
+
"proc/sysvipc",
|
1726
|
+
"proc/thread-self",
|
1727
|
+
"proc/timer_list",
|
1728
|
+
"proc/timer_stats",
|
1729
|
+
"proc/tty",
|
1730
|
+
"proc/uptime",
|
1731
|
+
"proc/version",
|
1732
|
+
"proc/version_signature",
|
1733
|
+
"proc/vmallocinfo",
|
1734
|
+
"proc/vmstat",
|
1735
|
+
"proc/zoneinfo",
|
1736
|
+
"sys/block",
|
1737
|
+
"sys/bus",
|
1738
|
+
"sys/class",
|
1739
|
+
"sys/dev",
|
1740
|
+
"sys/devices",
|
1741
|
+
"sys/firmware",
|
1742
|
+
"sys/fs",
|
1743
|
+
"sys/hypervisor",
|
1744
|
+
"sys/kernel",
|
1745
|
+
"sys/module",
|
1746
|
+
"sys/power"
|
1401
1747
|
]
|
1402
1748
|
},
|
1403
1749
|
"operator": "phrase_match"
|
@@ -1511,103 +1857,456 @@
|
|
1511
1857
|
"$ostype",
|
1512
1858
|
"$path",
|
1513
1859
|
"$pwd",
|
1860
|
+
"dev/fd/",
|
1861
|
+
"dev/null",
|
1862
|
+
"dev/stderr",
|
1863
|
+
"dev/stdin",
|
1864
|
+
"dev/stdout",
|
1865
|
+
"dev/tcp/",
|
1866
|
+
"dev/udp/",
|
1867
|
+
"dev/zero",
|
1868
|
+
"etc/group",
|
1869
|
+
"etc/master.passwd",
|
1870
|
+
"etc/passwd",
|
1871
|
+
"etc/pwd.db",
|
1872
|
+
"etc/shadow",
|
1873
|
+
"etc/shells",
|
1874
|
+
"etc/spwd.db",
|
1875
|
+
"proc/self/",
|
1876
|
+
"bin/7z",
|
1877
|
+
"bin/7za",
|
1878
|
+
"bin/7zr",
|
1879
|
+
"bin/ab",
|
1880
|
+
"bin/agetty",
|
1881
|
+
"bin/ansible-playbook",
|
1882
|
+
"bin/apt",
|
1883
|
+
"bin/apt-get",
|
1884
|
+
"bin/ar",
|
1885
|
+
"bin/aria2c",
|
1886
|
+
"bin/arj",
|
1887
|
+
"bin/arp",
|
1888
|
+
"bin/as",
|
1889
|
+
"bin/ascii-xfr",
|
1890
|
+
"bin/ascii85",
|
1891
|
+
"bin/ash",
|
1892
|
+
"bin/aspell",
|
1893
|
+
"bin/at",
|
1894
|
+
"bin/atobm",
|
1895
|
+
"bin/awk",
|
1896
|
+
"bin/base32",
|
1897
|
+
"bin/base64",
|
1898
|
+
"bin/basenc",
|
1514
1899
|
"bin/bash",
|
1900
|
+
"bin/bpftrace",
|
1901
|
+
"bin/bridge",
|
1902
|
+
"bin/bundler",
|
1903
|
+
"bin/bunzip2",
|
1904
|
+
"bin/busctl",
|
1905
|
+
"bin/busybox",
|
1906
|
+
"bin/byebug",
|
1907
|
+
"bin/bzcat",
|
1908
|
+
"bin/bzcmp",
|
1909
|
+
"bin/bzdiff",
|
1910
|
+
"bin/bzegrep",
|
1911
|
+
"bin/bzexe",
|
1912
|
+
"bin/bzfgrep",
|
1913
|
+
"bin/bzgrep",
|
1914
|
+
"bin/bzip2",
|
1915
|
+
"bin/bzip2recover",
|
1916
|
+
"bin/bzless",
|
1917
|
+
"bin/bzmore",
|
1918
|
+
"bin/bzz",
|
1919
|
+
"bin/c89",
|
1920
|
+
"bin/c99",
|
1921
|
+
"bin/cancel",
|
1922
|
+
"bin/capsh",
|
1515
1923
|
"bin/cat",
|
1924
|
+
"bin/cc",
|
1925
|
+
"bin/certbot",
|
1926
|
+
"bin/check_by_ssh",
|
1927
|
+
"bin/check_cups",
|
1928
|
+
"bin/check_log",
|
1929
|
+
"bin/check_memory",
|
1930
|
+
"bin/check_raid",
|
1931
|
+
"bin/check_ssl_cert",
|
1932
|
+
"bin/check_statusfile",
|
1933
|
+
"bin/chmod",
|
1934
|
+
"bin/choom",
|
1935
|
+
"bin/chown",
|
1936
|
+
"bin/chroot",
|
1937
|
+
"bin/clang",
|
1938
|
+
"bin/clang++",
|
1939
|
+
"bin/cmp",
|
1940
|
+
"bin/cobc",
|
1941
|
+
"bin/column",
|
1942
|
+
"bin/comm",
|
1943
|
+
"bin/composer",
|
1944
|
+
"bin/core_perl/zipdetails",
|
1945
|
+
"bin/cowsay",
|
1946
|
+
"bin/cowthink",
|
1947
|
+
"bin/cp",
|
1948
|
+
"bin/cpan",
|
1949
|
+
"bin/cpio",
|
1950
|
+
"bin/cpulimit",
|
1951
|
+
"bin/crash",
|
1952
|
+
"bin/crontab",
|
1516
1953
|
"bin/csh",
|
1954
|
+
"bin/csplit",
|
1955
|
+
"bin/csvtool",
|
1956
|
+
"bin/cupsfilter",
|
1957
|
+
"bin/curl",
|
1958
|
+
"bin/cut",
|
1517
1959
|
"bin/dash",
|
1960
|
+
"bin/date",
|
1961
|
+
"bin/dd",
|
1962
|
+
"bin/dev/fd/",
|
1963
|
+
"bin/dev/null",
|
1964
|
+
"bin/dev/stderr",
|
1965
|
+
"bin/dev/stdin",
|
1966
|
+
"bin/dev/stdout",
|
1967
|
+
"bin/dev/tcp/",
|
1968
|
+
"bin/dev/udp/",
|
1969
|
+
"bin/dev/zero",
|
1970
|
+
"bin/dialog",
|
1971
|
+
"bin/diff",
|
1972
|
+
"bin/dig",
|
1973
|
+
"bin/dmesg",
|
1974
|
+
"bin/dmidecode",
|
1975
|
+
"bin/dmsetup",
|
1976
|
+
"bin/dnf",
|
1977
|
+
"bin/docker",
|
1978
|
+
"bin/dosbox",
|
1979
|
+
"bin/dpkg",
|
1518
1980
|
"bin/du",
|
1981
|
+
"bin/dvips",
|
1982
|
+
"bin/easy_install",
|
1983
|
+
"bin/eb",
|
1519
1984
|
"bin/echo",
|
1985
|
+
"bin/ed",
|
1986
|
+
"bin/efax",
|
1987
|
+
"bin/emacs",
|
1988
|
+
"bin/env",
|
1989
|
+
"bin/eqn",
|
1990
|
+
"bin/es",
|
1991
|
+
"bin/esh",
|
1992
|
+
"bin/etc/group",
|
1993
|
+
"bin/etc/master.passwd",
|
1994
|
+
"bin/etc/passwd",
|
1995
|
+
"bin/etc/pwd.db",
|
1996
|
+
"bin/etc/shadow",
|
1997
|
+
"bin/etc/shells",
|
1998
|
+
"bin/etc/spwd.db",
|
1999
|
+
"bin/ex",
|
2000
|
+
"bin/exiftool",
|
2001
|
+
"bin/expand",
|
2002
|
+
"bin/expect",
|
2003
|
+
"bin/expr",
|
2004
|
+
"bin/facter",
|
2005
|
+
"bin/fetch",
|
2006
|
+
"bin/file",
|
2007
|
+
"bin/find",
|
2008
|
+
"bin/finger",
|
2009
|
+
"bin/fish",
|
2010
|
+
"bin/flock",
|
2011
|
+
"bin/fmt",
|
2012
|
+
"bin/fold",
|
2013
|
+
"bin/fping",
|
2014
|
+
"bin/ftp",
|
2015
|
+
"bin/gawk",
|
2016
|
+
"bin/gcc",
|
2017
|
+
"bin/gcore",
|
2018
|
+
"bin/gdb",
|
2019
|
+
"bin/gem",
|
2020
|
+
"bin/genie",
|
2021
|
+
"bin/genisoimage",
|
2022
|
+
"bin/ghc",
|
2023
|
+
"bin/ghci",
|
2024
|
+
"bin/gimp",
|
2025
|
+
"bin/ginsh",
|
2026
|
+
"bin/git",
|
2027
|
+
"bin/grc",
|
1520
2028
|
"bin/grep",
|
2029
|
+
"bin/gtester",
|
2030
|
+
"bin/gunzip",
|
2031
|
+
"bin/gzexe",
|
2032
|
+
"bin/gzip",
|
2033
|
+
"bin/hd",
|
2034
|
+
"bin/head",
|
2035
|
+
"bin/hexdump",
|
2036
|
+
"bin/highlight",
|
2037
|
+
"bin/hping3",
|
2038
|
+
"bin/iconv",
|
2039
|
+
"bin/id",
|
2040
|
+
"bin/iftop",
|
2041
|
+
"bin/install",
|
2042
|
+
"bin/ionice",
|
2043
|
+
"bin/ip",
|
2044
|
+
"bin/irb",
|
2045
|
+
"bin/ispell",
|
2046
|
+
"bin/jjs",
|
2047
|
+
"bin/join",
|
2048
|
+
"bin/journalctl",
|
2049
|
+
"bin/jq",
|
2050
|
+
"bin/jrunscript",
|
2051
|
+
"bin/knife",
|
2052
|
+
"bin/ksh",
|
2053
|
+
"bin/ksshell",
|
2054
|
+
"bin/latex",
|
2055
|
+
"bin/ld",
|
2056
|
+
"bin/ldconfig",
|
1521
2057
|
"bin/less",
|
2058
|
+
"bin/lftp",
|
2059
|
+
"bin/ln",
|
2060
|
+
"bin/loginctl",
|
2061
|
+
"bin/logsave",
|
2062
|
+
"bin/look",
|
2063
|
+
"bin/lp",
|
1522
2064
|
"bin/ls",
|
2065
|
+
"bin/ltrace",
|
2066
|
+
"bin/lua",
|
2067
|
+
"bin/lualatex",
|
2068
|
+
"bin/luatex",
|
2069
|
+
"bin/lwp-download",
|
2070
|
+
"bin/lwp-request",
|
2071
|
+
"bin/lz",
|
2072
|
+
"bin/lz4",
|
2073
|
+
"bin/lz4c",
|
2074
|
+
"bin/lz4cat",
|
2075
|
+
"bin/lzcat",
|
2076
|
+
"bin/lzcmp",
|
2077
|
+
"bin/lzdiff",
|
2078
|
+
"bin/lzegrep",
|
2079
|
+
"bin/lzfgrep",
|
2080
|
+
"bin/lzgrep",
|
2081
|
+
"bin/lzless",
|
2082
|
+
"bin/lzma",
|
2083
|
+
"bin/lzmadec",
|
2084
|
+
"bin/lzmainfo",
|
2085
|
+
"bin/lzmore",
|
2086
|
+
"bin/mail",
|
2087
|
+
"bin/make",
|
2088
|
+
"bin/man",
|
2089
|
+
"bin/mawk",
|
2090
|
+
"bin/mkfifo",
|
1523
2091
|
"bin/mknod",
|
1524
2092
|
"bin/more",
|
2093
|
+
"bin/mosquitto",
|
2094
|
+
"bin/mount",
|
2095
|
+
"bin/msgattrib",
|
2096
|
+
"bin/msgcat",
|
2097
|
+
"bin/msgconv",
|
2098
|
+
"bin/msgfilter",
|
2099
|
+
"bin/msgmerge",
|
2100
|
+
"bin/msguniq",
|
2101
|
+
"bin/mtr",
|
2102
|
+
"bin/mv",
|
2103
|
+
"bin/mysql",
|
2104
|
+
"bin/nano",
|
2105
|
+
"bin/nasm",
|
2106
|
+
"bin/nawk",
|
1525
2107
|
"bin/nc",
|
2108
|
+
"bin/ncat",
|
2109
|
+
"bin/neofetch",
|
2110
|
+
"bin/nice",
|
2111
|
+
"bin/nl",
|
2112
|
+
"bin/nm",
|
2113
|
+
"bin/nmap",
|
2114
|
+
"bin/node",
|
2115
|
+
"bin/nohup",
|
2116
|
+
"bin/npm",
|
2117
|
+
"bin/nroff",
|
2118
|
+
"bin/nsenter",
|
2119
|
+
"bin/octave",
|
2120
|
+
"bin/od",
|
2121
|
+
"bin/openssl",
|
2122
|
+
"bin/openvpn",
|
2123
|
+
"bin/openvt",
|
2124
|
+
"bin/opkg",
|
2125
|
+
"bin/paste",
|
2126
|
+
"bin/pax",
|
2127
|
+
"bin/pdb",
|
2128
|
+
"bin/pdflatex",
|
2129
|
+
"bin/pdftex",
|
2130
|
+
"bin/pdksh",
|
2131
|
+
"bin/perf",
|
2132
|
+
"bin/perl",
|
2133
|
+
"bin/pg",
|
2134
|
+
"bin/php",
|
2135
|
+
"bin/php-cgi",
|
2136
|
+
"bin/php5",
|
2137
|
+
"bin/php7",
|
2138
|
+
"bin/pic",
|
2139
|
+
"bin/pico",
|
2140
|
+
"bin/pidstat",
|
2141
|
+
"bin/pigz",
|
2142
|
+
"bin/pip",
|
2143
|
+
"bin/pkexec",
|
2144
|
+
"bin/pkg",
|
2145
|
+
"bin/pr",
|
2146
|
+
"bin/printf",
|
2147
|
+
"bin/proc/self/",
|
2148
|
+
"bin/pry",
|
1526
2149
|
"bin/ps",
|
2150
|
+
"bin/psed",
|
2151
|
+
"bin/psftp",
|
2152
|
+
"bin/psql",
|
2153
|
+
"bin/ptx",
|
2154
|
+
"bin/puppet",
|
2155
|
+
"bin/pxz",
|
2156
|
+
"bin/python",
|
2157
|
+
"bin/python2",
|
2158
|
+
"bin/python3",
|
2159
|
+
"bin/rake",
|
1527
2160
|
"bin/rbash",
|
2161
|
+
"bin/rc",
|
2162
|
+
"bin/readelf",
|
2163
|
+
"bin/red",
|
2164
|
+
"bin/redcarpet",
|
2165
|
+
"bin/restic",
|
2166
|
+
"bin/rev",
|
2167
|
+
"bin/rlogin",
|
2168
|
+
"bin/rlwrap",
|
2169
|
+
"bin/rpm",
|
2170
|
+
"bin/rpmquery",
|
2171
|
+
"bin/rsync",
|
2172
|
+
"bin/ruby",
|
2173
|
+
"bin/run-mailcap",
|
2174
|
+
"bin/run-parts",
|
2175
|
+
"bin/rview",
|
2176
|
+
"bin/rvim",
|
2177
|
+
"bin/sash",
|
2178
|
+
"bin/sbin/capsh",
|
2179
|
+
"bin/sbin/logsave",
|
2180
|
+
"bin/sbin/service",
|
2181
|
+
"bin/sbin/start-stop-daemon",
|
2182
|
+
"bin/scp",
|
2183
|
+
"bin/screen",
|
2184
|
+
"bin/script",
|
2185
|
+
"bin/sed",
|
2186
|
+
"bin/service",
|
2187
|
+
"bin/setarch",
|
2188
|
+
"bin/sftp",
|
2189
|
+
"bin/sg",
|
1528
2190
|
"bin/sh",
|
2191
|
+
"bin/shuf",
|
1529
2192
|
"bin/sleep",
|
2193
|
+
"bin/slsh",
|
2194
|
+
"bin/smbclient",
|
2195
|
+
"bin/snap",
|
2196
|
+
"bin/socat",
|
2197
|
+
"bin/soelim",
|
2198
|
+
"bin/sort",
|
2199
|
+
"bin/split",
|
2200
|
+
"bin/sqlite3",
|
2201
|
+
"bin/ss",
|
2202
|
+
"bin/ssh",
|
2203
|
+
"bin/ssh-keygen",
|
2204
|
+
"bin/ssh-keyscan",
|
2205
|
+
"bin/sshpass",
|
2206
|
+
"bin/start-stop-daemon",
|
2207
|
+
"bin/stdbuf",
|
2208
|
+
"bin/strace",
|
2209
|
+
"bin/strings",
|
1530
2210
|
"bin/su",
|
2211
|
+
"bin/sysctl",
|
2212
|
+
"bin/systemctl",
|
2213
|
+
"bin/systemd-resolve",
|
2214
|
+
"bin/tac",
|
2215
|
+
"bin/tail",
|
2216
|
+
"bin/tar",
|
2217
|
+
"bin/task",
|
2218
|
+
"bin/taskset",
|
2219
|
+
"bin/tbl",
|
2220
|
+
"bin/tclsh",
|
2221
|
+
"bin/tcpdump",
|
1531
2222
|
"bin/tcsh",
|
2223
|
+
"bin/tee",
|
2224
|
+
"bin/telnet",
|
2225
|
+
"bin/tex",
|
2226
|
+
"bin/tftp",
|
2227
|
+
"bin/tic",
|
2228
|
+
"bin/time",
|
2229
|
+
"bin/timedatectl",
|
2230
|
+
"bin/timeout",
|
2231
|
+
"bin/tmux",
|
2232
|
+
"bin/top",
|
2233
|
+
"bin/troff",
|
2234
|
+
"bin/tshark",
|
2235
|
+
"bin/ul",
|
1532
2236
|
"bin/uname",
|
1533
|
-
"
|
1534
|
-
"
|
1535
|
-
"
|
1536
|
-
"
|
1537
|
-
"
|
1538
|
-
"
|
1539
|
-
"
|
1540
|
-
"
|
1541
|
-
"
|
1542
|
-
"
|
1543
|
-
"
|
1544
|
-
"
|
1545
|
-
"
|
1546
|
-
"
|
1547
|
-
"
|
1548
|
-
"
|
1549
|
-
"
|
1550
|
-
"
|
1551
|
-
"
|
1552
|
-
"
|
1553
|
-
"
|
1554
|
-
"
|
1555
|
-
"
|
1556
|
-
"
|
1557
|
-
"
|
1558
|
-
"
|
1559
|
-
"
|
1560
|
-
"
|
1561
|
-
"
|
1562
|
-
"
|
1563
|
-
"
|
1564
|
-
"
|
1565
|
-
"
|
1566
|
-
"
|
1567
|
-
"
|
1568
|
-
"
|
1569
|
-
"
|
1570
|
-
"
|
1571
|
-
"
|
1572
|
-
"
|
1573
|
-
"
|
1574
|
-
"
|
1575
|
-
"
|
1576
|
-
"
|
1577
|
-
"
|
1578
|
-
"
|
1579
|
-
"
|
1580
|
-
"
|
1581
|
-
"
|
1582
|
-
"
|
1583
|
-
"
|
1584
|
-
"
|
1585
|
-
"
|
1586
|
-
"
|
1587
|
-
"
|
1588
|
-
"
|
1589
|
-
"
|
1590
|
-
"
|
1591
|
-
"
|
1592
|
-
"
|
1593
|
-
"
|
1594
|
-
"
|
1595
|
-
"
|
1596
|
-
"
|
1597
|
-
"
|
1598
|
-
"
|
1599
|
-
"
|
1600
|
-
"
|
1601
|
-
"
|
1602
|
-
"
|
1603
|
-
"
|
1604
|
-
"
|
1605
|
-
"
|
1606
|
-
"usr/local/bin/python2",
|
1607
|
-
"usr/local/bin/python3",
|
1608
|
-
"usr/local/bin/rbash",
|
1609
|
-
"usr/local/bin/ruby",
|
1610
|
-
"usr/local/bin/wget"
|
2237
|
+
"bin/uncompress",
|
2238
|
+
"bin/unexpand",
|
2239
|
+
"bin/uniq",
|
2240
|
+
"bin/unlz4",
|
2241
|
+
"bin/unlzma",
|
2242
|
+
"bin/unpigz",
|
2243
|
+
"bin/unrar",
|
2244
|
+
"bin/unshare",
|
2245
|
+
"bin/unxz",
|
2246
|
+
"bin/unzip",
|
2247
|
+
"bin/unzstd",
|
2248
|
+
"bin/update-alternatives",
|
2249
|
+
"bin/uudecode",
|
2250
|
+
"bin/uuencode",
|
2251
|
+
"bin/valgrind",
|
2252
|
+
"bin/vi",
|
2253
|
+
"bin/view",
|
2254
|
+
"bin/vigr",
|
2255
|
+
"bin/vim",
|
2256
|
+
"bin/vimdiff",
|
2257
|
+
"bin/vipw",
|
2258
|
+
"bin/virsh",
|
2259
|
+
"bin/volatility",
|
2260
|
+
"bin/wall",
|
2261
|
+
"bin/watch",
|
2262
|
+
"bin/wc",
|
2263
|
+
"bin/wget",
|
2264
|
+
"bin/whiptail",
|
2265
|
+
"bin/who",
|
2266
|
+
"bin/whoami",
|
2267
|
+
"bin/whois",
|
2268
|
+
"bin/wireshark",
|
2269
|
+
"bin/wish",
|
2270
|
+
"bin/xargs",
|
2271
|
+
"bin/xelatex",
|
2272
|
+
"bin/xetex",
|
2273
|
+
"bin/xmodmap",
|
2274
|
+
"bin/xmore",
|
2275
|
+
"bin/xpad",
|
2276
|
+
"bin/xxd",
|
2277
|
+
"bin/xz",
|
2278
|
+
"bin/xzcat",
|
2279
|
+
"bin/xzcmp",
|
2280
|
+
"bin/xzdec",
|
2281
|
+
"bin/xzdiff",
|
2282
|
+
"bin/xzegrep",
|
2283
|
+
"bin/xzfgrep",
|
2284
|
+
"bin/xzgrep",
|
2285
|
+
"bin/xzless",
|
2286
|
+
"bin/xzmore",
|
2287
|
+
"bin/yarn",
|
2288
|
+
"bin/yelp",
|
2289
|
+
"bin/yes",
|
2290
|
+
"bin/yum",
|
2291
|
+
"bin/zathura",
|
2292
|
+
"bin/zip",
|
2293
|
+
"bin/zipcloak",
|
2294
|
+
"bin/zipcmp",
|
2295
|
+
"bin/zipdetails",
|
2296
|
+
"bin/zipgrep",
|
2297
|
+
"bin/zipinfo",
|
2298
|
+
"bin/zipmerge",
|
2299
|
+
"bin/zipnote",
|
2300
|
+
"bin/zipsplit",
|
2301
|
+
"bin/ziptool",
|
2302
|
+
"bin/zsh",
|
2303
|
+
"bin/zsoelim",
|
2304
|
+
"bin/zstd",
|
2305
|
+
"bin/zstdcat",
|
2306
|
+
"bin/zstdgrep",
|
2307
|
+
"bin/zstdless",
|
2308
|
+
"bin/zstdmt",
|
2309
|
+
"bin/zypper"
|
1611
2310
|
]
|
1612
2311
|
},
|
1613
2312
|
"operator": "phrase_match"
|
@@ -1791,14 +2490,6 @@
|
|
1791
2490
|
],
|
1792
2491
|
"list": [
|
1793
2492
|
"$globals",
|
1794
|
-
"$http_cookie_vars",
|
1795
|
-
"$http_env_vars",
|
1796
|
-
"$http_get_vars",
|
1797
|
-
"$http_post_files",
|
1798
|
-
"$http_post_vars",
|
1799
|
-
"$http_raw_post_data",
|
1800
|
-
"$http_request_vars",
|
1801
|
-
"$http_server_vars",
|
1802
2493
|
"$_cookie",
|
1803
2494
|
"$_env",
|
1804
2495
|
"$_files",
|
@@ -1808,7 +2499,17 @@
|
|
1808
2499
|
"$_server",
|
1809
2500
|
"$_session",
|
1810
2501
|
"$argc",
|
1811
|
-
"$argv"
|
2502
|
+
"$argv",
|
2503
|
+
"$http_\\u200bresponse_\\u200bheader",
|
2504
|
+
"$php_\\u200berrormsg",
|
2505
|
+
"$http_cookie_vars",
|
2506
|
+
"$http_env_vars",
|
2507
|
+
"$http_get_vars",
|
2508
|
+
"$http_post_files",
|
2509
|
+
"$http_post_vars",
|
2510
|
+
"$http_raw_post_data",
|
2511
|
+
"$http_request_vars",
|
2512
|
+
"$http_server_vars"
|
1812
2513
|
]
|
1813
2514
|
},
|
1814
2515
|
"operator": "phrase_match"
|
@@ -1993,7 +2694,7 @@
|
|
1993
2694
|
"address": "grpc.server.request.message"
|
1994
2695
|
}
|
1995
2696
|
],
|
1996
|
-
"regex": "\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)
|
2697
|
+
"regex": "\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?|lert|tob)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|b(?:(?:son_(?:de|en)|ase64_en)code|zopen|toa)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|var_dump)(?:\\s|/\\*.*\\*/|//.*|#.*|\\\")*\\(.*\\)",
|
1997
2698
|
"options": {
|
1998
2699
|
"min_length": 5
|
1999
2700
|
}
|
@@ -2067,7 +2768,7 @@
|
|
2067
2768
|
"address": "grpc.server.request.message"
|
2068
2769
|
}
|
2069
2770
|
],
|
2070
|
-
"regex": "(
|
2771
|
+
"regex": "(?:(?:bzip|ssh)2|z(?:lib|ip)|(?:ph|r)ar|expect|glob|ogg)://",
|
2071
2772
|
"options": {
|
2072
2773
|
"case_sensitive": true,
|
2073
2774
|
"min_length": 6
|
@@ -2082,7 +2783,7 @@
|
|
2082
2783
|
},
|
2083
2784
|
{
|
2084
2785
|
"id": "crs-934-100",
|
2085
|
-
"name": "Node.js Injection Attack",
|
2786
|
+
"name": "Node.js Injection Attack 1/2",
|
2086
2787
|
"tags": {
|
2087
2788
|
"type": "js_code_injection",
|
2088
2789
|
"crs_id": "934100",
|
@@ -2105,7 +2806,43 @@
|
|
2105
2806
|
"address": "grpc.server.request.message"
|
2106
2807
|
}
|
2107
2808
|
],
|
2108
|
-
"regex": "(?:(?:
|
2809
|
+
"regex": "\\b(?:(?:l(?:(?:utimes|chmod)(?:Sync)?|(?:stat|ink)Sync)|w(?:rite(?:(?:File|v)(?:Sync)?|Sync)|atchFile)|u(?:n(?:watchFile|linkSync)|times(?:Sync)?)|s(?:(?:ymlink|tat)Sync|pawn(?:File|Sync))|ex(?:ec(?:File(?:Sync)?|Sync)|istsSync)|a(?:ppendFile|ccess)(?:Sync)?|(?:Caveat|Inode)s|open(?:dir)?Sync|new\\s+Function|Availability|\\beval)\\s*\\(|m(?:ain(?:Module\\s*(?:\\W*\\s*(?:constructor|require)|\\[)|\\s*(?:\\W*\\s*(?:constructor|require)|\\[))|kd(?:temp(?:Sync)?|irSync)\\s*\\(|odule\\.exports\\s*=)|c(?:(?:(?:h(?:mod|own)|lose)Sync|reate(?:Write|Read)Stream|p(?:Sync)?)\\s*\\(|o(?:nstructor\\s*(?:\\W*\\s*_load|\\[)|pyFile(?:Sync)?\\s*\\())|f(?:(?:(?:s(?:(?:yncS)?|tatS)|datas(?:yncS)?)ync|ch(?:mod|own)(?:Sync)?)\\s*\\(|u(?:nction\\s*\\(\\s*\\)\\s*{|times(?:Sync)?\\s*\\())|r(?:e(?:(?:ad(?:(?:File|link|dir)?Sync|v(?:Sync)?)|nameSync)\\s*\\(|quire\\s*(?:\\W*\\s*main|\\[))|m(?:Sync)?\\s*\\()|process\\s*(?:\\W*\\s*(?:mainModule|binding)|\\[)|t(?:his\\.constructor|runcateSync\\s*\\()|_(?:\\$\\$ND_FUNC\\$\\$_|_js_function)|global\\s*(?:\\W*\\s*process|\\[)|String\\s*\\.\\s*fromCharCode|binding\\s*\\[)",
|
2810
|
+
"options": {
|
2811
|
+
"case_sensitive": true,
|
2812
|
+
"min_length": 3
|
2813
|
+
}
|
2814
|
+
},
|
2815
|
+
"operator": "match_regex"
|
2816
|
+
}
|
2817
|
+
],
|
2818
|
+
"transformers": []
|
2819
|
+
},
|
2820
|
+
{
|
2821
|
+
"id": "crs-934-101",
|
2822
|
+
"name": "Node.js Injection Attack 2/2",
|
2823
|
+
"tags": {
|
2824
|
+
"type": "js_code_injection",
|
2825
|
+
"crs_id": "934101",
|
2826
|
+
"category": "attack_attempt"
|
2827
|
+
},
|
2828
|
+
"conditions": [
|
2829
|
+
{
|
2830
|
+
"parameters": {
|
2831
|
+
"inputs": [
|
2832
|
+
{
|
2833
|
+
"address": "server.request.query"
|
2834
|
+
},
|
2835
|
+
{
|
2836
|
+
"address": "server.request.body"
|
2837
|
+
},
|
2838
|
+
{
|
2839
|
+
"address": "server.request.path_params"
|
2840
|
+
},
|
2841
|
+
{
|
2842
|
+
"address": "grpc.server.request.message"
|
2843
|
+
}
|
2844
|
+
],
|
2845
|
+
"regex": "\\b(?:w(?:atch|rite)|(?:spaw|ope)n|exists|close|fork|read)\\s*\\(",
|
2109
2846
|
"options": {
|
2110
2847
|
"case_sensitive": true,
|
2111
2848
|
"min_length": 5
|
@@ -2247,7 +2984,7 @@
|
|
2247
2984
|
"address": "grpc.server.request.message"
|
2248
2985
|
}
|
2249
2986
|
],
|
2250
|
-
"regex": "[\\s\\\"'`;\\/0-9=\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]on
|
2987
|
+
"regex": "[\\s\\\"'`;\\/0-9=\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]on(?:d(?:r(?:ag(?:en(?:ter|d)|leave|start|over)?|op)|urationchange|blclick)|s(?:e(?:ek(?:ing|ed)|arch|lect)|u(?:spend|bmit)|talled|croll|how)|m(?:ouse(?:(?:lea|mo)ve|o(?:ver|ut)|enter|down|up)|essage)|p(?:a(?:ge(?:hide|show)|(?:st|us)e)|lay(?:ing)?|rogress)|c(?:anplay(?:through)?|o(?:ntextmenu|py)|hange|lick|ut)|a(?:nimation(?:iteration|start|end)|(?:fterprin|bor)t)|t(?:o(?:uch(?:cancel|start|move|end)|ggle)|imeupdate)|f(?:ullscreen(?:change|error)|ocus(?:out|in)?)|(?:(?:volume|hash)chang|o(?:ff|n)lin)e|b(?:efore(?:unload|print)|lur)|load(?:ed(?:meta)?data|start)?|r(?:es(?:ize|et)|atechange)|key(?:press|down|up)|w(?:aiting|heel)|in(?:valid|put)|e(?:nded|rror)|unload)[\\s\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]*?=[^=]",
|
2251
2988
|
"options": {
|
2252
2989
|
"min_length": 8
|
2253
2990
|
}
|
@@ -2308,6 +3045,52 @@
|
|
2308
3045
|
"removeNulls"
|
2309
3046
|
]
|
2310
3047
|
},
|
3048
|
+
{
|
3049
|
+
"id": "crs-941-170",
|
3050
|
+
"name": "NoScript XSS InjectionChecker: Attribute Injection",
|
3051
|
+
"tags": {
|
3052
|
+
"type": "xss",
|
3053
|
+
"crs_id": "941170",
|
3054
|
+
"category": "attack_attempt"
|
3055
|
+
},
|
3056
|
+
"conditions": [
|
3057
|
+
{
|
3058
|
+
"parameters": {
|
3059
|
+
"inputs": [
|
3060
|
+
{
|
3061
|
+
"address": "server.request.headers.no_cookies",
|
3062
|
+
"key_path": [
|
3063
|
+
"user-agent"
|
3064
|
+
]
|
3065
|
+
},
|
3066
|
+
{
|
3067
|
+
"address": "server.request.headers.no_cookies",
|
3068
|
+
"key_path": [
|
3069
|
+
"referer"
|
3070
|
+
]
|
3071
|
+
},
|
3072
|
+
{
|
3073
|
+
"address": "server.request.query"
|
3074
|
+
},
|
3075
|
+
{
|
3076
|
+
"address": "server.request.body"
|
3077
|
+
},
|
3078
|
+
{
|
3079
|
+
"address": "server.request.path_params"
|
3080
|
+
}
|
3081
|
+
],
|
3082
|
+
"regex": "(?:\\W|^)(?:javascript:(?:[\\s\\S]+[=\\x5c\\(\\[\\.<]|[\\s\\S]*?(?:\\bname\\b|\\x5c[ux]\\d)))|@\\W*?i\\W*?m\\W*?p\\W*?o\\W*?r\\W*?t\\W*?(?:/\\*[\\s\\S]*?)?(?:[\\\"']|\\W*?u\\W*?r\\W*?l[\\s\\S]*?\\()|[^-]*?-\\W*?m\\W*?o\\W*?z\\W*?-\\W*?b\\W*?i\\W*?n\\W*?d\\W*?i\\W*?n\\W*?g[^:]*?:\\W*?u\\W*?r\\W*?l[\\s\\S]*?\\(",
|
3083
|
+
"options": {
|
3084
|
+
"min_length": 6
|
3085
|
+
}
|
3086
|
+
},
|
3087
|
+
"operator": "match_regex"
|
3088
|
+
}
|
3089
|
+
],
|
3090
|
+
"transformers": [
|
3091
|
+
"removeNulls"
|
3092
|
+
]
|
3093
|
+
},
|
2311
3094
|
{
|
2312
3095
|
"id": "crs-941-180",
|
2313
3096
|
"name": "Node-Validator Deny List Keywords",
|
@@ -2414,7 +3197,7 @@
|
|
2414
3197
|
"address": "grpc.server.request.message"
|
2415
3198
|
}
|
2416
3199
|
],
|
2417
|
-
"regex": "(?i:(?:j|&#x?0*(?:74|4A|106|6A);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:v|&#x?0*(?:86|56|118|76);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)",
|
3200
|
+
"regex": "(?i:(?:j|&#x?0*(?:74|4A|106|6A);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:v|&#x?0*(?:86|56|118|76);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)",
|
2418
3201
|
"options": {
|
2419
3202
|
"case_sensitive": true,
|
2420
3203
|
"min_length": 12
|
@@ -2762,11 +3545,11 @@
|
|
2762
3545
|
"transformers": []
|
2763
3546
|
},
|
2764
3547
|
{
|
2765
|
-
"id": "crs-
|
2766
|
-
"name": "
|
3548
|
+
"id": "crs-941-390",
|
3549
|
+
"name": "Javascript method detected",
|
2767
3550
|
"tags": {
|
2768
|
-
"type": "
|
2769
|
-
"crs_id": "
|
3551
|
+
"type": "xss",
|
3552
|
+
"crs_id": "941390",
|
2770
3553
|
"category": "attack_attempt"
|
2771
3554
|
},
|
2772
3555
|
"conditions": [
|
@@ -2785,21 +3568,24 @@
|
|
2785
3568
|
{
|
2786
3569
|
"address": "grpc.server.request.message"
|
2787
3570
|
}
|
2788
|
-
]
|
3571
|
+
],
|
3572
|
+
"regex": "\\b(?i:eval|settimeout|setinterval|new\\s+Function)\\s*\\(",
|
3573
|
+
"options": {
|
3574
|
+
"case_sensitive": true,
|
3575
|
+
"min_length": 5
|
3576
|
+
}
|
2789
3577
|
},
|
2790
|
-
"operator": "
|
3578
|
+
"operator": "match_regex"
|
2791
3579
|
}
|
2792
3580
|
],
|
2793
|
-
"transformers": [
|
2794
|
-
"removeNulls"
|
2795
|
-
]
|
3581
|
+
"transformers": []
|
2796
3582
|
},
|
2797
3583
|
{
|
2798
|
-
"id": "crs-942-
|
2799
|
-
"name": "
|
3584
|
+
"id": "crs-942-100",
|
3585
|
+
"name": "SQL Injection Attack Detected via libinjection",
|
2800
3586
|
"tags": {
|
2801
3587
|
"type": "sql_injection",
|
2802
|
-
"crs_id": "
|
3588
|
+
"crs_id": "942100",
|
2803
3589
|
"category": "attack_attempt"
|
2804
3590
|
},
|
2805
3591
|
"conditions": [
|
@@ -2818,24 +3604,21 @@
|
|
2818
3604
|
{
|
2819
3605
|
"address": "grpc.server.request.message"
|
2820
3606
|
}
|
2821
|
-
]
|
2822
|
-
"regex": "(?i:sleep\\(\\s*?\\d*?\\s*?\\)|benchmark\\(.*?\\,.*?\\))",
|
2823
|
-
"options": {
|
2824
|
-
"case_sensitive": true,
|
2825
|
-
"min_length": 7
|
2826
|
-
}
|
3607
|
+
]
|
2827
3608
|
},
|
2828
|
-
"operator": "
|
3609
|
+
"operator": "is_sqli"
|
2829
3610
|
}
|
2830
3611
|
],
|
2831
|
-
"transformers": [
|
3612
|
+
"transformers": [
|
3613
|
+
"removeNulls"
|
3614
|
+
]
|
2832
3615
|
},
|
2833
3616
|
{
|
2834
|
-
"id": "crs-942-
|
2835
|
-
"name": "Detects
|
3617
|
+
"id": "crs-942-160",
|
3618
|
+
"name": "Detects blind sqli tests using sleep() or benchmark()",
|
2836
3619
|
"tags": {
|
2837
3620
|
"type": "sql_injection",
|
2838
|
-
"crs_id": "
|
3621
|
+
"crs_id": "942160",
|
2839
3622
|
"category": "attack_attempt"
|
2840
3623
|
},
|
2841
3624
|
"conditions": [
|
@@ -2855,9 +3638,10 @@
|
|
2855
3638
|
"address": "grpc.server.request.message"
|
2856
3639
|
}
|
2857
3640
|
],
|
2858
|
-
"regex": "(
|
3641
|
+
"regex": "(?i:sleep\\(\\s*?\\d*?\\s*?\\)|benchmark\\(.*?\\,.*?\\))",
|
2859
3642
|
"options": {
|
2860
|
-
"
|
3643
|
+
"case_sensitive": true,
|
3644
|
+
"min_length": 7
|
2861
3645
|
}
|
2862
3646
|
},
|
2863
3647
|
"operator": "match_regex"
|
@@ -3031,10 +3815,10 @@
|
|
3031
3815
|
"address": "grpc.server.request.message"
|
3032
3816
|
}
|
3033
3817
|
],
|
3034
|
-
"regex": "(?i:(?:\\[
|
3818
|
+
"regex": "(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?))",
|
3035
3819
|
"options": {
|
3036
3820
|
"case_sensitive": true,
|
3037
|
-
"min_length":
|
3821
|
+
"min_length": 3
|
3038
3822
|
}
|
3039
3823
|
},
|
3040
3824
|
"operator": "match_regex"
|
@@ -3338,6 +4122,45 @@
|
|
3338
4122
|
"lowercase"
|
3339
4123
|
]
|
3340
4124
|
},
|
4125
|
+
{
|
4126
|
+
"id": "crs-944-260",
|
4127
|
+
"name": "Remote Command Execution: Malicious class-loading payload",
|
4128
|
+
"tags": {
|
4129
|
+
"type": "java_code_injection",
|
4130
|
+
"crs_id": "944260",
|
4131
|
+
"category": "attack_attempt"
|
4132
|
+
},
|
4133
|
+
"conditions": [
|
4134
|
+
{
|
4135
|
+
"parameters": {
|
4136
|
+
"inputs": [
|
4137
|
+
{
|
4138
|
+
"address": "server.request.query"
|
4139
|
+
},
|
4140
|
+
{
|
4141
|
+
"address": "server.request.body"
|
4142
|
+
},
|
4143
|
+
{
|
4144
|
+
"address": "server.request.path_params"
|
4145
|
+
},
|
4146
|
+
{
|
4147
|
+
"address": "server.request.headers.no_cookies"
|
4148
|
+
},
|
4149
|
+
{
|
4150
|
+
"address": "grpc.server.request.message"
|
4151
|
+
}
|
4152
|
+
],
|
4153
|
+
"regex": "(?:class\\.module\\.classLoader\\.resources\\.context\\.parent\\.pipeline|springframework\\.context\\.support\\.FileSystemXmlApplicationContext)",
|
4154
|
+
"options": {
|
4155
|
+
"case_sensitive": true,
|
4156
|
+
"min_length": 58
|
4157
|
+
}
|
4158
|
+
},
|
4159
|
+
"operator": "match_regex"
|
4160
|
+
}
|
4161
|
+
],
|
4162
|
+
"transformers": []
|
4163
|
+
},
|
3341
4164
|
{
|
3342
4165
|
"id": "dog-000-001",
|
3343
4166
|
"name": "Look for Cassandra injections",
|
@@ -3383,6 +4206,9 @@
|
|
3383
4206
|
"operator": "match_regex",
|
3384
4207
|
"parameters": {
|
3385
4208
|
"inputs": [
|
4209
|
+
{
|
4210
|
+
"address": "server.request.uri.raw"
|
4211
|
+
},
|
3386
4212
|
{
|
3387
4213
|
"address": "server.request.query"
|
3388
4214
|
},
|
@@ -3469,6 +4295,74 @@
|
|
3469
4295
|
"keys_only"
|
3470
4296
|
]
|
3471
4297
|
},
|
4298
|
+
{
|
4299
|
+
"id": "dog-000-005",
|
4300
|
+
"name": "Node.js: Prototype pollution through __proto__",
|
4301
|
+
"tags": {
|
4302
|
+
"type": "js_code_injection",
|
4303
|
+
"category": "attack_attempt"
|
4304
|
+
},
|
4305
|
+
"conditions": [
|
4306
|
+
{
|
4307
|
+
"parameters": {
|
4308
|
+
"inputs": [
|
4309
|
+
{
|
4310
|
+
"address": "server.request.query"
|
4311
|
+
},
|
4312
|
+
{
|
4313
|
+
"address": "server.request.body"
|
4314
|
+
}
|
4315
|
+
],
|
4316
|
+
"regex": "^__proto__$"
|
4317
|
+
},
|
4318
|
+
"operator": "match_regex"
|
4319
|
+
}
|
4320
|
+
],
|
4321
|
+
"transformers": [
|
4322
|
+
"keys_only"
|
4323
|
+
]
|
4324
|
+
},
|
4325
|
+
{
|
4326
|
+
"id": "dog-000-006",
|
4327
|
+
"name": "Node.js: Prototype pollution through constructor.prototype",
|
4328
|
+
"tags": {
|
4329
|
+
"type": "js_code_injection",
|
4330
|
+
"category": "attack_attempt"
|
4331
|
+
},
|
4332
|
+
"conditions": [
|
4333
|
+
{
|
4334
|
+
"parameters": {
|
4335
|
+
"inputs": [
|
4336
|
+
{
|
4337
|
+
"address": "server.request.query"
|
4338
|
+
},
|
4339
|
+
{
|
4340
|
+
"address": "server.request.body"
|
4341
|
+
}
|
4342
|
+
],
|
4343
|
+
"regex": "^constructor$"
|
4344
|
+
},
|
4345
|
+
"operator": "match_regex"
|
4346
|
+
},
|
4347
|
+
{
|
4348
|
+
"parameters": {
|
4349
|
+
"inputs": [
|
4350
|
+
{
|
4351
|
+
"address": "server.request.query"
|
4352
|
+
},
|
4353
|
+
{
|
4354
|
+
"address": "server.request.body"
|
4355
|
+
}
|
4356
|
+
],
|
4357
|
+
"regex": "^prototype$"
|
4358
|
+
},
|
4359
|
+
"operator": "match_regex"
|
4360
|
+
}
|
4361
|
+
],
|
4362
|
+
"transformers": [
|
4363
|
+
"keys_only"
|
4364
|
+
]
|
4365
|
+
},
|
3472
4366
|
{
|
3473
4367
|
"id": "nfd-000-001",
|
3474
4368
|
"name": "Detect common directory discovery scans",
|
@@ -4346,7 +5240,7 @@
|
|
4346
5240
|
"address": "grpc.server.request.message"
|
4347
5241
|
}
|
4348
5242
|
],
|
4349
|
-
"regex": "
|
5243
|
+
"regex": "(http|https):\\/\\/(?:.*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click)"
|
4350
5244
|
},
|
4351
5245
|
"operator": "match_regex"
|
4352
5246
|
}
|