From: Cyril Brulebois Date: Mon, 15 Mar 2021 00:19:43 +0000 (+0000) Subject: Import crowdsec_1.0.9.orig-data1.tar.gz X-Git-Tag: archive/raspbian/1.0.9-2+rpi1~10^2 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=cc4b31a9c367ebbd8731d1a486a76f13d8541d14;p=crowdsec.git Import crowdsec_1.0.9.orig-data1.tar.gz [dgit import orig crowdsec_1.0.9.orig-data1.tar.gz] --- cc4b31a9c367ebbd8731d1a486a76f13d8541d14 diff --git a/backdoors.txt b/backdoors.txt new file mode 100644 index 0000000..d1bb1d5 --- /dev/null +++ b/backdoors.txt @@ -0,0 +1,189 @@ +c99.php +c99shell.php +r57.php +r58.php +dra.php +r00t.php +root.php +mma.php +filesman.php +Locus7s.php +c99-Ultimate.php +c100.php +Ekin0x.php +hacker.php +safe0ver.php +sniper.php +spyshell.php +CWShellDumper.php +angel.php +dq.php +cmd.php +liz0zim.php +simattacker.php +tryag.php +150.php +Ani-Shell.php +Crystal.php +Dx.php +FaTaLisTiCz_Fx.php +G5.php +NCC-Shell.php +NetworkFileManagerPHP.php +PHANTASMA.php +PHPJackal.php +PHPRemoteView.php +PHPSPY.php +Php_Backdoor.txt.php +Private-i3lue.php +SnIpEr_SA Shell.php +upl0ader.php +acid.php +antichat.php +shell.php +udp.php +ddos.php +b37.php +backupsql.php +bdotw44shell.php +bug.php +c37.php +c66.php +c99-shadows-mod.php +c99_PSych0.php +c99_locus7s.php +c99_madnet.php +c99_w4cking.php +c99madshell.php +c99ud.php +c99unlimited.php +c99v2.php +cbfphpsh.php +cihshell_fix.php +co.php +connect-back.php +cpg_143_incl_xpl.php +ctt_sh.php +cybershell.php +egy.php +erne.php +ex0shell.php +g00nv13.php +hkrkoz.php +ironshell.php +isko.php +iskorpitx.php +itsecteam_shell.php +locus.php +log.php +simple_cmd.php +zacosmall.php +weevely.php +AK-74.php +Ajax_PHP_Command_Shell.php +Antichat_Shell.php +Ayyildiz_Tim.php +CasuS-1.5.php +CrystalShell.php +DTool_Pro.php +Dive_Shell.php +GRP_WebShell.php +Gamma_Web_Shell.php +JspWebshell_1.2.php +KA_uShell_0.1.6.php +Loaderz_WEB_Shell.php +Mackers_Private_Shell.php +Moroccan_Spamers.php +MyShell.php +NGH.php +NTDaddy_v1.9.php +Non-alphanumeric.php +PHP_Shell.php +PHVayv.php +PhpSpy.php +Predator.php +Rootshell.v.1.0.php +STNC_WebShell_v0.8.php +Safe0ver_Shell.php +Safe_Mode_Bypass.php +SimShell.php +Simple_PHP_backdoor.php +Sincap_1.0.php +Small_Web_Shell.php +WinX_Shell.php +Worse_Linux_Shell.php +ZyklonShell.php +aZRaiLPhp_v1.0.php +alfa3.php +andela.php +aspydrv.php +bloodsecv4.php +cgitelnet.php +configkillerionkros.php +dC3_Security.php +g00nshell-v1.3.php +jspshell.jsp +kral.php +lifkaS.php +lolipop.php +lostDC.php +matamu.php +megabor.php +obfuscated-punknopass.php +pHpINJ.php +php-backdoor.php +punk-nopass.php +punkholic.php +pws.php +qsd-backdoor.php +ru24_post_sh.php +s72_Shell.php +simple-backdoor.php +smevk.php +soldierofallah.php +sosyete.php +spygrup.php +stres.php +wso2.8.5.php +zehir4.php +cgitelnet.pl +cmd.pl +dc.pl +list.pl +up.pl +wewo.pl +irc.pl +pws.pl +PerlWebShellbyRST-GHC.pl +JspWebshell 1.2.jsp +browser.jsp +cmd.jsp +cmd_win32.jsp +jspShell.jsp +jspbd.jsp +list.jsp +up.jsp +up_win32.jsp +3fexe.asp +ASpy.asp +EFSO.asp +RemExp.asp +aspxSH.asp +aspxshell.aspx +aspydrv.asp +cmd.asp +cmd.aspx +cmdexec.aspx +elmaliseker.asp +filesystembrowser.aspx +fileupload.aspx +ntdaddy.asp +spexec.aspx +sql.aspx +tool.asp +toolaspshell.asp +up.asp +zehir.asp +zehir.aspx +zehir4.asp +zehir4.aspx \ No newline at end of file diff --git a/bad_user_agents.txt b/bad_user_agents.txt new file mode 100644 index 0000000..2a68b63 --- /dev/null +++ b/bad_user_agents.txt @@ -0,0 +1,614 @@ +# MIT License +# +# Copyright (c) 2017 Mitchell Krog - mitchellkrog@gmail.com +# https://github.com/mitchellkrogza +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +360Spider +404checker +404enemy +80legs +Abonti +Aboundex +Aboundexbot +Acunetix +ADmantX +AfD-Verbotsverfahren +AIBOT +AiHitBot +Aipbot +Alexibot +Alligator +AllSubmitter +AlphaBot +Anarchie +Ankit +Anthill +Apexoo +archive.org_bot +arquivo.pt +arquivo-web-crawler +Aspiegel +ASPSeek +Asterias +Attach +autoemailspider +AwarioRssBot +AwarioSmartBot +BackDoorBot +Backlink-Ceck +backlink-check +BacklinkCrawler +BackStreet +BackWeb +Badass +Bandit +Barkrowler +BatchFTP +Battleztar\ Bazinga +BBBike +BDCbot +BDFetch +BetaBot +Bigfoot +Bitacle +Blackboard +Black\ Hole +BlackWidow +BLEXBot +Blow +BlowFish +Boardreader +Bolt +BotALot +Brandprotect +Brandwatch +Buck +Buddy +BuiltBotTough +BuiltWith +Bullseye +BunnySlippers +BuzzSumo +Calculon +CATExplorador +CazoodleBot +CCBot +Cegbfeieh +CensysInspect +check1.exe +CheeseBot +CherryPicker +CheTeam +ChinaClaw +Chlooe +Claritybot +Cliqzbot +Cloud\ mapping +coccocbot-web +Cocolyzebot +CODE87 +Cogentbot +cognitiveseo +Collector +com.plumanalytics +Copier +CopyRightCheck +Copyscape +Cosmos +Craftbot +crawler4j +crawler.feedback +crawl.sogou.com +CrazyWebCrawler +Crescent +CrunchBot +CSHttp +Curious +Custo +CyotekWebCopy +DatabaseDriverMysqli +DataCha0s +DBLBot +demandbase-bot +Demon +Deusu +Devil +Digincore +DigitalPebble +DIIbot +Dirbuster +Disco +Discobot +Discoverybot +Dispatch +DittoSpyder +DnyzBot +DomainAppender +DomainCrawler +DomainSigmaCrawler +Domains\ Project +domainsproject.org +DomainStatsBot +Dotbot +Download\ Wonder +Dragonfly +Drip +DSearch +DTS\ Agent +EasyDL +Ebingbong +eCatch +ECCP/1.0 +Ecxi +EirGrabber +EMail\ Siphon +EMail\ Wolf +EroCrawler +evc-batch +Evil +Exabot +Express\ WebPictures +ExtLinksBot +Extractor +ExtractorPro +Extreme\ Picture\ Finder +EyeNetIE +Ezooms +facebookscraper +FDM +FemtosearchBot +FHscan +Fimap +Firefox/7.0 +FlashGet +Flunky +Foobot +Freeuploader +FrontPage +FyberSpider +Fyrebot +GalaxyBot +Genieo +GermCrawler +Getintent +GetRight +GetWeb +Gigablast +Gigabot +G-i-g-a-b-o-t +Go-Ahead-Got-It +Gotit +GoZilla +Go!Zilla +Grabber +GrabNet +Grafula +GrapeFX +GrapeshotCrawler +GridBot +GT::WWW +Haansoft +HaosouSpider +Harvest +Havij +HEADMasterSEO +heritrix +Heritrix +Hloader +HMView +HTMLparser +HTTP::Lite +HTTrack +Humanlinks +HybridBot +Iblog +IDBot +IDBTE4M +Id-search +IlseBot +Image\ Fetch +Image\ Sucker +IndeedBot +Indy\ Library +InfoNaviRobot +InfoTekies +instabid +Intelliseek +InterGET +Internet\ Ninja +InternetSeer +internetVista\ monitor +ips-agent +Iria +IRLbot +isitwp.com +Iskanie +IstellaBot +JamesBOT +Jbrofuzz +JennyBot +JetCar +Jetty +JikeSpider +JOC\ Web\ Spider +Joomla +Jorgee +JustView +Jyxobot +Kenjin\ Spider +Keyword\ Density +Kinza +Kozmosbot +Lanshanbot +Larbin +LeechFTP +LeechGet +LexiBot +Lftp +LibWeb +Libwhisker +LieBaoFast +Lightspeedsystems +Likse +Linkbot +Linkdexbot +LinkextractorPro +LinkpadBot +LinkScan +LinksManager +LinkWalker +LinqiaMetadataDownloaderBot +LinqiaRSSBot +LinqiaScrapeBot +Lipperhey +Lipperhey\ Spider +Litemage_walker +Lmspider +LNSpiderguy +Ltx71 +lwp-request +LWP::Simple +lwp-trivial +Magnet +Mag-Net +magpie-crawler +Mail.RU_Bot +Majestic12 +Majestic-SEO +Majestic\ SEO +MarkMonitor +MarkWatch +Masscan +masscan +Mass\ Downloader +Mata\ Hari +MauiBot +Mb2345Browser +meanpathbot +Meanpathbot +MeanPath\ Bot +Mediatoolkitbot +mediawords +MegaIndex.ru +Metauri +MFC_Tear_Sample +MicroMessenger +Microsoft\ Data\ Access +Microsoft\ URL\ Control +MIDown\ tool +MIIxpc +Mister\ PiX +MJ12bot +Mojeek +Mojolicious +Morfeus\ Fucking\ Scanner +Mozlila +MQQBrowser +Mr.4x3 +MSFrontPage +MSIECrawler +Msrabot +muhstik-scan +Musobot +Name\ Intelligence +Nameprotect +Navroad +NearSite +Needle +Nessus +NetAnts +Netcraft +netEstate\ NE\ Crawler +NetLyzer +NetMechanic +NetSpider +Nettrack +Net\ Vampire +Netvibes +NetZIP +NextGenSearchBot +Nibbler +NICErsPRO +Niki-bot +Nikto +NimbleCrawler +Nimbostratus +Ninja +Nuclei +Nmap +NPbot +Nutch +oBot +Octopus +Offline\ Explorer +Offline\ Navigator +OnCrawl +Openfind +OpenLinkProfiler +Openvas +OpenVAS +OPPO A33 +OrangeBot +OrangeSpider +OutclicksBot +OutfoxBot +PageAnalyzer +Page\ Analyzer +PageGrabber +page\ scorer +PageScorer +Pandalytics +Panscient +Papa\ Foto +Pavuk +pcBrowser +PECL::HTTP +PeoplePal +Petalbot +PHPCrawl +Picscout +Picsearch +PictureFinder +Pimonster +Pi-Monster +Pixray +PleaseCrawl +plumanalytics +Pockey +POE-Component-Client-HTTP +polaris\ version +Probethenet +ProPowerBot +ProWebWalker +Psbot +Pump +PxBroker +PyCurl +QueryN\ Metasearch +Quick-Crawler +RankActive +RankActiveLinkBot +RankFlex +RankingBot +RankingBot2 +Rankivabot +RankurBot +RealDownload +Reaper +RebelMouse +Recorder +RedesScrapy +ReGet +RepoMonkey +Ripper +RocketCrawler +Rogerbot +RSSingBot +s1z.ru +SalesIntelligent +satoristudio.net +SBIder +ScanAlert +Scanbot +scan.lol +ScoutJet +Scrapy +Screaming +ScreenerBot +Searchestate +SearchmetricsBot +SentiBot +SEOkicks +SEOkicks-Robot +SEOlyticsCrawler +Seomoz +SEOprofiler +seoscanners +SeoSiteCheckup +SEOstats +serpstatbot +sexsearcher +Shodan +Siphon +SISTRIX +Sitebeam +SiteCheckerBotCrawler +sitechecker.pro +SiteExplorer +Siteimprove +SiteLockSpider +SiteSnagger +SiteSucker +Site\ Sucker +Sitevigil +SlySearch +SmartDownload +SMTBot +Snake +Snapbot +Snoopy +SocialRankIOBot +Sociscraper +sogouspider +Sogou\ web\ spider +Sosospider +Sottopop +SpaceBison +Spammen +SpankBot +Spanner +sp_auditbot +Spbot +Spinn3r +SputnikBot +spyfu +Sqlmap +Sqlworm +Sqworm +Steeler +Stripper +Sucker +Sucuri +SuperBot +SuperHTTP +Surfbot +SurveyBot +Suzuran +Swiftbot +sysscan +Szukacz +T0PHackTeam +T8Abot +tAkeOut +Teleport +TeleportPro +Telesoft +Telesphoreo +Telesphorep +The\ Intraformant +TheNomad +Thumbor +TightTwatBot +Titan +Toata +Toweyabot +Tracemyfile +Trendiction +Trendictionbot +trendiction.com +trendiction.de +True_Robot +Turingos +Turnitin +TurnitinBot +TwengaBot +Twice +Typhoeus +UnisterBot +Upflow +URLy.Warning +URLy\ Warning +Vacuum +Vagabondo +VB\ Project +VCI +VelenPublicWebCrawler +VeriCiteCrawler +VidibleScraper +Virusdie +VoidEYE +Voil +Voltron +Wallpapers/3.0 +WallpapersHD +WASALive-Bot +WBSearchBot +Webalta +WebAuto +Web\ Auto +WebBandit +WebCollage +Web\ Collage +WebCopier +WEBDAV +WebEnhancer +Web\ Enhancer +WebFetch +Web\ Fetch +WebFuck +Web\ Fuck +WebGo\ IS +WebImageCollector +WebLeacher +WebmasterWorldForumBot +webmeup-crawler +WebPix +Web\ Pix +WebReaper +WebSauger +Web\ Sauger +Webshag +WebsiteExtractor +WebsiteQuester +Website\ Quester +Webster +WebStripper +WebSucker +Web\ Sucker +WebWhacker +WebZIP +WeSEE +Whack +Whacker +Whatweb +Who.is\ Bot +Widow +WinHTTrack +WiseGuys\ Robot +WISENutbot +Wonderbot +Woobot +Wotbox +Wprecon +WPScan +WWW-Collector-E +WWW-Mechanize +WWW::Mechanize +WWWOFFLE +x09Mozilla +x22Mozilla +Xaldon_WebSpider +Xaldon\ WebSpider +Xenu +xpymep1.exe +YoudaoBot +Zade +Zauba +zauba.io +Zermelo +Zeus +zgrab +Zitebot +ZmEu +ZoomBot +ZoominfoBot +ZumBot +ZyBorg \ No newline at end of file diff --git a/cloudflare_ips.txt b/cloudflare_ips.txt new file mode 100644 index 0000000..2800771 --- /dev/null +++ b/cloudflare_ips.txt @@ -0,0 +1,14 @@ +173.245.48.0/20 +103.21.244.0/22 +103.22.200.0/22 +103.31.4.0/22 +141.101.64.0/18 +108.162.192.0/18 +190.93.240.0/20 +188.114.96.0/20 +197.234.240.0/22 +198.41.128.0/17 +162.158.0.0/15 +104.16.0.0/12 +172.64.0.0/13 +131.0.72.0/22 diff --git a/http_path_traversal.txt b/http_path_traversal.txt new file mode 100644 index 0000000..28abc59 --- /dev/null +++ b/http_path_traversal.txt @@ -0,0 +1,32 @@ +../ +..\ +..\/ +%2e%2e%2f +%2E%2E%2F +%252e%252e%252f +%252E%252E%252F +/etc/passwd +/etc/hosts +/etc/shadow +/etc/groups +%2fetc%2fhosts +%2fetc%2fshadow +%2fetc%2fgroups +%2fetc%2fpasswd +%2Fetc%2Fhosts +%2Fetc%2Fshadow +%2Fetc%2Fgroups +%2Fetc%2Fpasswd +=file:// +=zip:// +=php:// +=expect:// +=data:// +/proc/self/ +/var/log/ +c:\win.ini +c:/win.ini +C:/inetpub/wwwroot/global.asa +C:\inetpub\wwwroot\global.asa +C:/boot.ini +C:\boot.ini \ No newline at end of file diff --git a/ip_seo_bots.txt b/ip_seo_bots.txt new file mode 100644 index 0000000..a7e9e17 --- /dev/null +++ b/ip_seo_bots.txt @@ -0,0 +1,15 @@ +# duckduckBot +23.21.227.69/32 +40.88.21.235/32 +50.16.241.113/32 +50.16.241.114/32 +50.16.241.117/32 +50.16.247.234/32 +52.204.97.54/32 +52.5.190.19/32 +54.197.234.188/32 +54.208.100.253/32 +54.208.102.37/32 +107.21.1.8/32 +#pinterest: https://help.pinterest.com/en/business/article/pinterest-crawler +54.236.1.0/24 diff --git a/rdns_seo_bots.regex b/rdns_seo_bots.regex new file mode 100644 index 0000000..f7caf2b --- /dev/null +++ b/rdns_seo_bots.regex @@ -0,0 +1,3 @@ +rate-limited-proxy-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}.google.com.$ +crawl-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}.googlebot.com.$ +google-proxy-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}.google.com.$ diff --git a/rdns_seo_bots.txt b/rdns_seo_bots.txt new file mode 100644 index 0000000..f6d94d8 --- /dev/null +++ b/rdns_seo_bots.txt @@ -0,0 +1,9 @@ +.googlebot.com. +.yandex.ru. +.yandex.net. +.yandex.com. +.search.msn.com. +.crawl.baidu.com. +.crawl.baidu.jp. +.crawl.yahoo.net. +.search.qwant.com. diff --git a/sensitive_data.txt b/sensitive_data.txt new file mode 100644 index 0000000..b194ac2 --- /dev/null +++ b/sensitive_data.txt @@ -0,0 +1,41 @@ +.sql +.sql.gz +.sql.tar +.sql.bzip2 +.sql.bz2 +.sql.zip +.sql.rar +.sql.7z +.bash_history +.bashrc +.cache +.config +.cvs +.cvsignore +.env +.forward +.git/HEAD +.git +.history +.hta +.htaccess +.htpasswd +.listing +.listings +.mysql_history +.passwd +.pwd +.perf +.profile +.rhosts +.sh_history +.ssh +.subversion +.svn +.svn/entries +.bak +.exe +.bat +.dll +.printer +.pac diff --git a/sqli_probe_patterns.txt b/sqli_probe_patterns.txt new file mode 100644 index 0000000..98c64ef --- /dev/null +++ b/sqli_probe_patterns.txt @@ -0,0 +1,18 @@ +%40%40version +..xp_cmdshell +information_schema.tables +%20union%20all%20select%20 +%20union%20select%20 +%2cnull%2cnull +benchmark%28 +load_file%28 +substr%28 +substring%28 +selectchar%28 +%7c%7cchr%28 +distinct%28 +pg_sleep%28 +sleep%28 +upper%28 +hex%28 +md5%28 diff --git a/xss_probe_patterns.txt b/xss_probe_patterns.txt new file mode 100644 index 0000000..cb5ef37 --- /dev/null +++ b/xss_probe_patterns.txt @@ -0,0 +1,34 @@ +