Import crowdsec_1.0.9.orig-data1.tar.gz

[dgit import orig crowdsec_1.0.9.orig-data1.tar.gz]

diff --git a/backdoors.txt b/backdoors.txt
new file mode 100644 (file)
index 0000000..d1bb1d5
--- /dev/null
+++ b/backdoors.txt
@@ -0,0 +1,189 @@
+c99.php
+c99shell.php
+r57.php
+r58.php
+dra.php
+r00t.php
+root.php
+mma.php
+filesman.php
+Locus7s.php
+c99-Ultimate.php
+c100.php
+Ekin0x.php
+hacker.php
+safe0ver.php
+sniper.php
+spyshell.php
+CWShellDumper.php
+angel.php
+dq.php
+cmd.php
+liz0zim.php
+simattacker.php
+tryag.php
+150.php
+Ani-Shell.php
+Crystal.php
+Dx.php
+FaTaLisTiCz_Fx.php
+G5.php
+NCC-Shell.php
+NetworkFileManagerPHP.php
+PHANTASMA.php
+PHPJackal.php
+PHPRemoteView.php
+PHPSPY.php
+Php_Backdoor.txt.php
+Private-i3lue.php
+SnIpEr_SA Shell.php
+upl0ader.php
+acid.php
+antichat.php
+shell.php
+udp.php
+ddos.php
+b37.php
+backupsql.php
+bdotw44shell.php
+bug.php
+c37.php
+c66.php
+c99-shadows-mod.php
+c99_PSych0.php
+c99_locus7s.php
+c99_madnet.php
+c99_w4cking.php
+c99madshell.php
+c99ud.php
+c99unlimited.php
+c99v2.php
+cbfphpsh.php
+cihshell_fix.php
+co.php
+connect-back.php
+cpg_143_incl_xpl.php
+ctt_sh.php
+cybershell.php
+egy.php
+erne.php
+ex0shell.php
+g00nv13.php
+hkrkoz.php
+ironshell.php
+isko.php
+iskorpitx.php
+itsecteam_shell.php
+locus.php
+log.php
+simple_cmd.php
+zacosmall.php
+weevely.php
+AK-74.php
+Ajax_PHP_Command_Shell.php
+Antichat_Shell.php
+Ayyildiz_Tim.php
+CasuS-1.5.php
+CrystalShell.php
+DTool_Pro.php
+Dive_Shell.php
+GRP_WebShell.php
+Gamma_Web_Shell.php
+JspWebshell_1.2.php
+KA_uShell_0.1.6.php
+Loaderz_WEB_Shell.php
+Mackers_Private_Shell.php
+Moroccan_Spamers.php
+MyShell.php
+NGH.php
+NTDaddy_v1.9.php
+Non-alphanumeric.php
+PHP_Shell.php
+PHVayv.php
+PhpSpy.php
+Predator.php
+Rootshell.v.1.0.php
+STNC_WebShell_v0.8.php
+Safe0ver_Shell.php
+Safe_Mode_Bypass.php
+SimShell.php
+Simple_PHP_backdoor.php
+Sincap_1.0.php
+Small_Web_Shell.php
+WinX_Shell.php
+Worse_Linux_Shell.php
+ZyklonShell.php
+aZRaiLPhp_v1.0.php
+alfa3.php
+andela.php
+aspydrv.php
+bloodsecv4.php
+cgitelnet.php
+configkillerionkros.php
+dC3_Security.php
+g00nshell-v1.3.php
+jspshell.jsp
+kral.php
+lifkaS.php
+lolipop.php
+lostDC.php
+matamu.php
+megabor.php
+obfuscated-punknopass.php
+pHpINJ.php
+php-backdoor.php
+punk-nopass.php
+punkholic.php
+pws.php
+qsd-backdoor.php
+ru24_post_sh.php
+s72_Shell.php
+simple-backdoor.php
+smevk.php
+soldierofallah.php
+sosyete.php
+spygrup.php
+stres.php
+wso2.8.5.php
+zehir4.php
+cgitelnet.pl
+cmd.pl
+dc.pl
+list.pl
+up.pl
+wewo.pl
+irc.pl
+pws.pl
+PerlWebShellbyRST-GHC.pl
+JspWebshell 1.2.jsp
+browser.jsp
+cmd.jsp
+cmd_win32.jsp
+jspShell.jsp
+jspbd.jsp
+list.jsp
+up.jsp
+up_win32.jsp
+3fexe.asp
+ASpy.asp
+EFSO.asp
+RemExp.asp
+aspxSH.asp
+aspxshell.aspx
+aspydrv.asp
+cmd.asp
+cmd.aspx
+cmdexec.aspx
+elmaliseker.asp
+filesystembrowser.aspx
+fileupload.aspx
+ntdaddy.asp
+spexec.aspx
+sql.aspx
+tool.asp
+toolaspshell.asp
+up.asp
+zehir.asp
+zehir.aspx
+zehir4.asp
+zehir4.aspx
\ No newline at end of file

diff --git a/bad_user_agents.txt b/bad_user_agents.txt
new file mode 100644 (file)
index 0000000..2a68b63
--- /dev/null
+++ b/bad_user_agents.txt
@@ -0,0 +1,614 @@
+# MIT License
+# 
+# Copyright (c) 2017 Mitchell Krog - mitchellkrog@gmail.com
+# https://github.com/mitchellkrogza
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+#
+360Spider
+404checker
+404enemy
+80legs
+Abonti
+Aboundex
+Aboundexbot
+Acunetix
+ADmantX
+AfD-Verbotsverfahren
+AIBOT
+AiHitBot
+Aipbot
+Alexibot
+Alligator
+AllSubmitter
+AlphaBot
+Anarchie
+Ankit
+Anthill
+Apexoo
+archive.org_bot
+arquivo.pt
+arquivo-web-crawler
+Aspiegel
+ASPSeek
+Asterias
+Attach
+autoemailspider
+AwarioRssBot
+AwarioSmartBot
+BackDoorBot
+Backlink-Ceck
+backlink-check
+BacklinkCrawler
+BackStreet
+BackWeb
+Badass
+Bandit
+Barkrowler
+BatchFTP
+Battleztar\ Bazinga
+BBBike
+BDCbot
+BDFetch
+BetaBot
+Bigfoot
+Bitacle
+Blackboard
+Black\ Hole
+BlackWidow
+BLEXBot
+Blow
+BlowFish
+Boardreader
+Bolt
+BotALot
+Brandprotect
+Brandwatch
+Buck
+Buddy
+BuiltBotTough
+BuiltWith
+Bullseye
+BunnySlippers
+BuzzSumo
+Calculon
+CATExplorador
+CazoodleBot
+CCBot
+Cegbfeieh
+CensysInspect
+check1.exe
+CheeseBot
+CherryPicker
+CheTeam
+ChinaClaw
+Chlooe
+Claritybot
+Cliqzbot
+Cloud\ mapping
+coccocbot-web
+Cocolyzebot
+CODE87
+Cogentbot
+cognitiveseo
+Collector
+com.plumanalytics
+Copier
+CopyRightCheck
+Copyscape
+Cosmos
+Craftbot
+crawler4j
+crawler.feedback
+crawl.sogou.com
+CrazyWebCrawler
+Crescent
+CrunchBot
+CSHttp
+Curious
+Custo
+CyotekWebCopy
+DatabaseDriverMysqli
+DataCha0s
+DBLBot
+demandbase-bot
+Demon
+Deusu
+Devil
+Digincore
+DigitalPebble
+DIIbot
+Dirbuster
+Disco
+Discobot
+Discoverybot
+Dispatch
+DittoSpyder
+DnyzBot
+DomainAppender
+DomainCrawler
+DomainSigmaCrawler
+Domains\ Project
+domainsproject.org
+DomainStatsBot
+Dotbot
+Download\ Wonder
+Dragonfly
+Drip
+DSearch
+DTS\ Agent
+EasyDL
+Ebingbong
+eCatch
+ECCP/1.0
+Ecxi
+EirGrabber
+EMail\ Siphon
+EMail\ Wolf
+EroCrawler
+evc-batch
+Evil
+Exabot
+Express\ WebPictures
+ExtLinksBot
+Extractor
+ExtractorPro
+Extreme\ Picture\ Finder
+EyeNetIE
+Ezooms
+facebookscraper
+FDM
+FemtosearchBot
+FHscan
+Fimap
+Firefox/7.0
+FlashGet
+Flunky
+Foobot
+Freeuploader
+FrontPage
+FyberSpider
+Fyrebot
+GalaxyBot
+Genieo
+GermCrawler
+Getintent
+GetRight
+GetWeb
+Gigablast
+Gigabot
+G-i-g-a-b-o-t
+Go-Ahead-Got-It
+Gotit
+GoZilla
+Go!Zilla
+Grabber
+GrabNet
+Grafula
+GrapeFX
+GrapeshotCrawler
+GridBot
+GT::WWW
+Haansoft
+HaosouSpider
+Harvest
+Havij
+HEADMasterSEO
+heritrix
+Heritrix
+Hloader
+HMView
+HTMLparser
+HTTP::Lite
+HTTrack
+Humanlinks
+HybridBot
+Iblog
+IDBot
+IDBTE4M
+Id-search
+IlseBot
+Image\ Fetch
+Image\ Sucker
+IndeedBot
+Indy\ Library
+InfoNaviRobot
+InfoTekies
+instabid
+Intelliseek
+InterGET
+Internet\ Ninja
+InternetSeer
+internetVista\ monitor
+ips-agent
+Iria
+IRLbot
+isitwp.com
+Iskanie
+IstellaBot
+JamesBOT
+Jbrofuzz
+JennyBot
+JetCar
+Jetty
+JikeSpider
+JOC\ Web\ Spider
+Joomla
+Jorgee
+JustView
+Jyxobot
+Kenjin\ Spider
+Keyword\ Density
+Kinza
+Kozmosbot
+Lanshanbot
+Larbin
+LeechFTP
+LeechGet
+LexiBot
+Lftp
+LibWeb
+Libwhisker
+LieBaoFast
+Lightspeedsystems
+Likse
+Linkbot
+Linkdexbot
+LinkextractorPro
+LinkpadBot
+LinkScan
+LinksManager
+LinkWalker
+LinqiaMetadataDownloaderBot
+LinqiaRSSBot
+LinqiaScrapeBot
+Lipperhey
+Lipperhey\ Spider
+Litemage_walker
+Lmspider
+LNSpiderguy
+Ltx71
+lwp-request
+LWP::Simple
+lwp-trivial
+Magnet
+Mag-Net
+magpie-crawler
+Mail.RU_Bot
+Majestic12
+Majestic-SEO
+Majestic\ SEO
+MarkMonitor
+MarkWatch
+Masscan
+masscan
+Mass\ Downloader
+Mata\ Hari
+MauiBot
+Mb2345Browser
+meanpathbot
+Meanpathbot
+MeanPath\ Bot
+Mediatoolkitbot
+mediawords
+MegaIndex.ru
+Metauri
+MFC_Tear_Sample
+MicroMessenger
+Microsoft\ Data\ Access
+Microsoft\ URL\ Control
+MIDown\ tool
+MIIxpc
+Mister\ PiX
+MJ12bot
+Mojeek
+Mojolicious
+Morfeus\ Fucking\ Scanner
+Mozlila
+MQQBrowser
+Mr.4x3
+MSFrontPage
+MSIECrawler
+Msrabot
+muhstik-scan
+Musobot
+Name\ Intelligence
+Nameprotect
+Navroad
+NearSite
+Needle
+Nessus
+NetAnts
+Netcraft
+netEstate\ NE\ Crawler
+NetLyzer
+NetMechanic
+NetSpider
+Nettrack
+Net\ Vampire
+Netvibes
+NetZIP
+NextGenSearchBot
+Nibbler
+NICErsPRO
+Niki-bot
+Nikto
+NimbleCrawler
+Nimbostratus
+Ninja
+Nuclei
+Nmap
+NPbot
+Nutch
+oBot
+Octopus
+Offline\ Explorer
+Offline\ Navigator
+OnCrawl
+Openfind
+OpenLinkProfiler
+Openvas
+OpenVAS
+OPPO A33
+OrangeBot
+OrangeSpider
+OutclicksBot
+OutfoxBot
+PageAnalyzer
+Page\ Analyzer
+PageGrabber
+page\ scorer
+PageScorer
+Pandalytics
+Panscient
+Papa\ Foto
+Pavuk
+pcBrowser
+PECL::HTTP
+PeoplePal
+Petalbot
+PHPCrawl
+Picscout
+Picsearch
+PictureFinder
+Pimonster
+Pi-Monster
+Pixray
+PleaseCrawl
+plumanalytics
+Pockey
+POE-Component-Client-HTTP
+polaris\ version
+Probethenet
+ProPowerBot
+ProWebWalker
+Psbot
+Pump
+PxBroker
+PyCurl
+QueryN\ Metasearch
+Quick-Crawler
+RankActive
+RankActiveLinkBot
+RankFlex
+RankingBot
+RankingBot2
+Rankivabot
+RankurBot
+RealDownload
+Reaper
+RebelMouse
+Recorder
+RedesScrapy
+ReGet
+RepoMonkey
+Ripper
+RocketCrawler
+Rogerbot
+RSSingBot
+s1z.ru
+SalesIntelligent
+satoristudio.net
+SBIder
+ScanAlert
+Scanbot
+scan.lol
+ScoutJet
+Scrapy
+Screaming
+ScreenerBot
+Searchestate
+SearchmetricsBot
+SentiBot
+SEOkicks
+SEOkicks-Robot
+SEOlyticsCrawler
+Seomoz
+SEOprofiler
+seoscanners
+SeoSiteCheckup
+SEOstats
+serpstatbot
+sexsearcher
+Shodan
+Siphon
+SISTRIX
+Sitebeam
+SiteCheckerBotCrawler
+sitechecker.pro
+SiteExplorer
+Siteimprove
+SiteLockSpider
+SiteSnagger
+SiteSucker
+Site\ Sucker
+Sitevigil
+SlySearch
+SmartDownload
+SMTBot
+Snake
+Snapbot
+Snoopy
+SocialRankIOBot
+Sociscraper
+sogouspider
+Sogou\ web\ spider
+Sosospider
+Sottopop
+SpaceBison
+Spammen
+SpankBot
+Spanner
+sp_auditbot
+Spbot
+Spinn3r
+SputnikBot
+spyfu
+Sqlmap
+Sqlworm
+Sqworm
+Steeler
+Stripper
+Sucker
+Sucuri
+SuperBot
+SuperHTTP
+Surfbot
+SurveyBot
+Suzuran
+Swiftbot
+sysscan
+Szukacz
+T0PHackTeam
+T8Abot
+tAkeOut
+Teleport
+TeleportPro
+Telesoft
+Telesphoreo
+Telesphorep
+The\ Intraformant
+TheNomad
+Thumbor
+TightTwatBot
+Titan
+Toata
+Toweyabot
+Tracemyfile
+Trendiction
+Trendictionbot
+trendiction.com
+trendiction.de
+True_Robot
+Turingos
+Turnitin
+TurnitinBot
+TwengaBot
+Twice
+Typhoeus
+UnisterBot
+Upflow
+URLy.Warning
+URLy\ Warning
+Vacuum
+Vagabondo
+VB\ Project
+VCI
+VelenPublicWebCrawler
+VeriCiteCrawler
+VidibleScraper
+Virusdie
+VoidEYE
+Voil
+Voltron
+Wallpapers/3.0
+WallpapersHD
+WASALive-Bot
+WBSearchBot
+Webalta
+WebAuto
+Web\ Auto
+WebBandit
+WebCollage
+Web\ Collage
+WebCopier
+WEBDAV
+WebEnhancer
+Web\ Enhancer
+WebFetch
+Web\ Fetch
+WebFuck
+Web\ Fuck
+WebGo\ IS
+WebImageCollector
+WebLeacher
+WebmasterWorldForumBot
+webmeup-crawler
+WebPix
+Web\ Pix
+WebReaper
+WebSauger
+Web\ Sauger
+Webshag
+WebsiteExtractor
+WebsiteQuester
+Website\ Quester
+Webster
+WebStripper
+WebSucker
+Web\ Sucker
+WebWhacker
+WebZIP
+WeSEE
+Whack
+Whacker
+Whatweb
+Who.is\ Bot
+Widow
+WinHTTrack
+WiseGuys\ Robot
+WISENutbot
+Wonderbot
+Woobot
+Wotbox
+Wprecon
+WPScan
+WWW-Collector-E
+WWW-Mechanize
+WWW::Mechanize
+WWWOFFLE
+x09Mozilla
+x22Mozilla
+Xaldon_WebSpider
+Xaldon\ WebSpider
+Xenu
+xpymep1.exe
+YoudaoBot
+Zade
+Zauba
+zauba.io
+Zermelo
+Zeus
+zgrab
+Zitebot
+ZmEu
+ZoomBot
+ZoominfoBot
+ZumBot
+ZyBorg
\ No newline at end of file

diff --git a/cloudflare_ips.txt b/cloudflare_ips.txt
new file mode 100644 (file)
index 0000000..2800771
--- /dev/null
+++ b/cloudflare_ips.txt
@@ -0,0 +1,14 @@
+173.245.48.0/20
+103.21.244.0/22
+103.22.200.0/22
+103.31.4.0/22
+141.101.64.0/18
+108.162.192.0/18
+190.93.240.0/20
+188.114.96.0/20
+197.234.240.0/22
+198.41.128.0/17
+162.158.0.0/15
+104.16.0.0/12
+172.64.0.0/13
+131.0.72.0/22

diff --git a/http_path_traversal.txt b/http_path_traversal.txt
new file mode 100644 (file)
index 0000000..28abc59
--- /dev/null
+++ b/http_path_traversal.txt
@@ -0,0 +1,32 @@
+../
+..\
+..\/
+%2e%2e%2f
+%2E%2E%2F
+%252e%252e%252f
+%252E%252E%252F
+/etc/passwd
+/etc/hosts
+/etc/shadow
+/etc/groups
+%2fetc%2fhosts
+%2fetc%2fshadow
+%2fetc%2fgroups
+%2fetc%2fpasswd
+%2Fetc%2Fhosts
+%2Fetc%2Fshadow
+%2Fetc%2Fgroups
+%2Fetc%2Fpasswd
+=file://
+=zip://
+=php://
+=expect://
+=data://
+/proc/self/
+/var/log/
+c:\win.ini
+c:/win.ini
+C:/inetpub/wwwroot/global.asa
+C:\inetpub\wwwroot\global.asa
+C:/boot.ini
+C:\boot.ini
\ No newline at end of file

diff --git a/ip_seo_bots.txt b/ip_seo_bots.txt
new file mode 100644 (file)
index 0000000..a7e9e17
--- /dev/null
+++ b/ip_seo_bots.txt
@@ -0,0 +1,15 @@
+# duckduckBot
+23.21.227.69/32
+40.88.21.235/32
+50.16.241.113/32
+50.16.241.114/32
+50.16.241.117/32
+50.16.247.234/32
+52.204.97.54/32
+52.5.190.19/32
+54.197.234.188/32
+54.208.100.253/32
+54.208.102.37/32
+107.21.1.8/32
+#pinterest: https://help.pinterest.com/en/business/article/pinterest-crawler
+54.236.1.0/24

diff --git a/rdns_seo_bots.regex b/rdns_seo_bots.regex
new file mode 100644 (file)
index 0000000..f7caf2b
--- /dev/null
+++ b/rdns_seo_bots.regex
@@ -0,0 +1,3 @@
+rate-limited-proxy-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}.google.com.$
+crawl-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}.googlebot.com.$
+google-proxy-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}.google.com.$

diff --git a/rdns_seo_bots.txt b/rdns_seo_bots.txt
new file mode 100644 (file)
index 0000000..f6d94d8
--- /dev/null
+++ b/rdns_seo_bots.txt
@@ -0,0 +1,9 @@
+.googlebot.com.
+.yandex.ru.
+.yandex.net.
+.yandex.com.
+.search.msn.com.
+.crawl.baidu.com.
+.crawl.baidu.jp.
+.crawl.yahoo.net.
+.search.qwant.com.

diff --git a/sensitive_data.txt b/sensitive_data.txt
new file mode 100644 (file)
index 0000000..b194ac2
--- /dev/null
+++ b/sensitive_data.txt
@@ -0,0 +1,41 @@
+.sql
+.sql.gz
+.sql.tar
+.sql.bzip2
+.sql.bz2
+.sql.zip
+.sql.rar
+.sql.7z
+.bash_history
+.bashrc
+.cache
+.config
+.cvs
+.cvsignore
+.env
+.forward
+.git/HEAD
+.git
+.history
+.hta
+.htaccess
+.htpasswd
+.listing
+.listings
+.mysql_history
+.passwd
+.pwd
+.perf
+.profile
+.rhosts
+.sh_history
+.ssh
+.subversion
+.svn
+.svn/entries
+.bak
+.exe
+.bat
+.dll
+.printer
+.pac

diff --git a/sqli_probe_patterns.txt b/sqli_probe_patterns.txt
new file mode 100644 (file)
index 0000000..98c64ef
--- /dev/null
+++ b/sqli_probe_patterns.txt
@@ -0,0 +1,18 @@
+%40%40version
+..xp_cmdshell
+information_schema.tables
+%20union%20all%20select%20
+%20union%20select%20
+%2cnull%2cnull
+benchmark%28
+load_file%28
+substr%28
+substring%28
+selectchar%28
+%7c%7cchr%28
+distinct%28
+pg_sleep%28
+sleep%28
+upper%28
+hex%28
+md5%28

diff --git a/xss_probe_patterns.txt b/xss_probe_patterns.txt
new file mode 100644 (file)
index 0000000..cb5ef37
--- /dev/null
+++ b/xss_probe_patterns.txt
@@ -0,0 +1,34 @@
+<img
+<script
+<div
+<a
+<embed
+<style
+javascript:
+alert(
+prompt(
+<br
+<input
+<table
+<object
+<body
+<p 
+<meta
+<frameset
+%3Cimg
+%3Cscript
+%3Cdiv
+%3Ca
+%3Cembed
+%3Cstyle
+javascript%3A
+alert%28
+prompt%28
+%3Cbr
+%3Cinput
+%3Ctable
+%3Cobject
+%3Cbody
+%3Cp 
+%3Cmeta
+%3Cframeset