From 424523d59e334a1adcdf11e3aee855577d4dfa9d Mon Sep 17 00:00:00 2001 From: Cyril Brulebois Date: Thu, 2 Mar 2023 05:07:10 +0000 Subject: [PATCH] Import crowdsec_1.4.6.orig-data1.tar.gz [dgit import orig crowdsec_1.4.6.orig-data1.tar.gz] --- backdoors.txt | 193 ++++++++++++ bad_user_agents.regex.txt | 614 ++++++++++++++++++++++++++++++++++++ bad_user_agents.txt | 614 ++++++++++++++++++++++++++++++++++++ cloudflare_ips.txt | 24 ++ ip_seo_bots.txt | 15 + jira_cve_2021-26086.txt | 14 + log4j2_cve_2021_44228.txt | 35 ++ path_traversal.txt | 33 ++ rdns_seo_bots.txt | 10 + rnds_seo_bots.regex | 3 + sensitive_data.txt | 90 ++++++ sqli_probe_patterns.txt | 18 ++ thinkphp_cve_2018-20062.txt | 13 + xss_probe_patterns.txt | 36 +++ 14 files changed, 1712 insertions(+) create mode 100644 backdoors.txt create mode 100644 bad_user_agents.regex.txt create mode 100644 bad_user_agents.txt create mode 100644 cloudflare_ips.txt create mode 100644 ip_seo_bots.txt create mode 100644 jira_cve_2021-26086.txt create mode 100644 log4j2_cve_2021_44228.txt create mode 100644 path_traversal.txt create mode 100644 rdns_seo_bots.txt create mode 100644 rnds_seo_bots.regex create mode 100644 sensitive_data.txt create mode 100644 sqli_probe_patterns.txt create mode 100644 thinkphp_cve_2018-20062.txt create mode 100644 xss_probe_patterns.txt diff --git a/backdoors.txt b/backdoors.txt new file mode 100644 index 0000000..26c2268 --- /dev/null +++ b/backdoors.txt @@ -0,0 +1,193 @@ +c99.php +c99shell.php +r57.php +r58.php +dra.php +r00t.php +root.php +mma.php +filesman.php +Locus7s.php +c99-Ultimate.php +c100.php +Ekin0x.php +hacker.php +safe0ver.php +sniper.php +spyshell.php +CWShellDumper.php +angel.php +dq.php +cmd.php +liz0zim.php +simattacker.php +tryag.php +150.php +Ani-Shell.php +Crystal.php +Dx.php +FaTaLisTiCz_Fx.php +G5.php +NCC-Shell.php +NetworkFileManagerPHP.php +PHANTASMA.php +PHPJackal.php +PHPRemoteView.php +PHPSPY.php +Php_Backdoor.txt.php +Private-i3lue.php +SnIpEr_SA Shell.php +upl0ader.php +acid.php +antichat.php +shell.php +udp.php +ddos.php +b37.php +backupsql.php +bdotw44shell.php +bug.php +c37.php +c66.php +c99-shadows-mod.php +c99_PSych0.php +c99_locus7s.php +c99_madnet.php +c99_w4cking.php +c99madshell.php +c99ud.php +c99unlimited.php +c99v2.php +cbfphpsh.php +cihshell_fix.php +co.php +connect-back.php +cpg_143_incl_xpl.php +ctt_sh.php +cybershell.php +egy.php +erne.php +ex0shell.php +g00nv13.php +hkrkoz.php +ironshell.php +isko.php +iskorpitx.php +itsecteam_shell.php +locus.php +log.php +simple_cmd.php +zacosmall.php +weevely.php +AK-74.php +Ajax_PHP_Command_Shell.php +Antichat_Shell.php +Ayyildiz_Tim.php +CasuS-1.5.php +CrystalShell.php +DTool_Pro.php +Dive_Shell.php +GRP_WebShell.php +Gamma_Web_Shell.php +JspWebshell_1.2.php +KA_uShell_0.1.6.php +Loaderz_WEB_Shell.php +Mackers_Private_Shell.php +Moroccan_Spamers.php +MyShell.php +NGH.php +NTDaddy_v1.9.php +Non-alphanumeric.php +PHP_Shell.php +PHVayv.php +PhpSpy.php +Predator.php +Rootshell.v.1.0.php +STNC_WebShell_v0.8.php +Safe0ver_Shell.php +Safe_Mode_Bypass.php +SimShell.php +Simple_PHP_backdoor.php +Sincap_1.0.php +Small_Web_Shell.php +WinX_Shell.php +Worse_Linux_Shell.php +ZyklonShell.php +aZRaiLPhp_v1.0.php +alfa3.php +andela.php +aspydrv.php +bloodsecv4.php +cgitelnet.php +configkillerionkros.php +dC3_Security.php +g00nshell-v1.3.php +jspshell.jsp +kral.php +lifkaS.php +lolipop.php +lostDC.php +matamu.php +megabor.php +obfuscated-punknopass.php +pHpINJ.php +php-backdoor.php +punk-nopass.php +punkholic.php +pws.php +qsd-backdoor.php +ru24_post_sh.php +s72_Shell.php +simple-backdoor.php +smevk.php +soldierofallah.php +sosyete.php +spygrup.php +stres.php +wso2.8.5.php +zehir4.php +cgitelnet.pl +cmd.pl +dc.pl +list.pl +up.pl +wewo.pl +irc.pl +pws.pl +PerlWebShellbyRST-GHC.pl +JspWebshell 1.2.jsp +browser.jsp +cmd.jsp +cmd_win32.jsp +jspShell.jsp +jspbd.jsp +list.jsp +up.jsp +up_win32.jsp +3fexe.asp +ASpy.asp +EFSO.asp +RemExp.asp +aspxSH.asp +aspxshell.aspx +aspydrv.asp +cmd.asp +cmd.aspx +cmdexec.aspx +elmaliseker.asp +filesystembrowser.aspx +fileupload.aspx +ntdaddy.asp +spexec.aspx +sql.aspx +tool.asp +toolaspshell.asp +up.asp +zehir.asp +zehir.aspx +zehir4.asp +zehir4.aspx +xleet.php +xleet-shell.php +sh3llx.php +eval-stdin.php diff --git a/bad_user_agents.regex.txt b/bad_user_agents.regex.txt new file mode 100644 index 0000000..9f0f0d0 --- /dev/null +++ b/bad_user_agents.regex.txt @@ -0,0 +1,614 @@ +# MIT License +# +# Copyright (c) 2017 Mitchell Krog - mitchellkrog@gmail.com +# https://github.com/mitchellkrogza +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +\b360Spider\b +\b404checker\b +\b\b404enemy\b\b +\b80legs\b +\bAbonti\b +\bAboundex\b +\bAboundexbot\b +\bAcunetix\b +\bADmantX\b +\bAfD-Verbotsverfahren\b +\bAIBOT\b +\bAiHitBot\b +\bAipbot\b +\bAlexibot\b +\bAlligator\b +\bAllSubmitter\b +\bAlphaBot\b +\bAnarchie\b +\bAnkit\b +\bAnthill\b +\bApexoo\b +\barquivo.pt\b +\barquivo-web-crawler\b +\bAspiegel\b +\bASPSeek\b +\bAsterias\b +\bAttach\b +\bautoemailspider\b +\bAwarioRssBot\b +\bAwarioSmartBot\b +\bBackDoorBot\b +\bBacklink-Ceck\b +\bbacklink-check\b +\bBacklinkCrawler\b +\bBackStreet\b +\bBackWeb\b +\bBadass\b +\bBandit\b +\bBarkrowler\b +\bBatchFTP\b +\bBattleztar\ Bazinga\b +\bBBBike\b +\bBDCbot\b +\bBDFetch\b +\bBetaBot\b +\bBigfoot\b +\bBitacle\b +\bBlackboard\b +\bBlack\ Hole\b +\bBlackWidow\b +\bBLEXBot\b +\bBlow\b +\bBlowFish\b +\bBoardreader\b +\bBolt\b +\bBotALot\b +\bBrandprotect\b +\bBrandwatch\b +\bBuck\b +\bBuddy\b +\bBuiltBotTough\b +\bBuiltWith\b +\bBullseye\b +\bBunnySlippers\b +\bBuzzSumo\b +\bCalculon\b +\bCATExplorador\b +\bCazoodleBot\b +\bCCBot\b +\bCegbfeieh\b +\bCensysInspect\b +\bcheck1.exe\b +\bCheeseBot\b +\bCherryPicker\b +\bCheTeam\b +\bChinaClaw\b +\bChlooe\b +\bClaritybot\b +\bCliqzbot\b +\bCloud\ mapping\b +\bcoccocbot-web\b +\bCocolyzebot\b +\bCODE87\b +\bCogentbot\b +\bcognitiveseo\b +\bCollector\b +\bcolly\b +\bcom.plumanalytics\b +\bCopier\b +\bCopyRightCheck\b +\bCopyscape\b +\bCosmos\b +\bCraftbot\b +\bcrawler4j\b +\bcrawler.feedback\b +\bcrawl.sogou.com\b +\bCrazyWebCrawler\b +\bCrescent\b +\bCrunchBot\b +\bCSHttp\b +\bCurious\b +\bCusto\b +\bCyotekWebCopy\b +\bDatabaseDriverMysqli\b +\bDataCha0s\b +\bDBLBot\b +\bdemandbase-bot\b +\bDemon\b +\bDeusu\b +\bDevil\b +\bDigincore\b +\bDigitalPebble\b +\bDIIbot\b +\bDirbuster\b +\bDisco\b +\bDiscobot\b +\bDiscoverybot\b +\bDispatch\b +\bDittoSpyder\b +\bDnyzBot\b +\bDomainAppender\b +\bDomainCrawler\b +\bDomainSigmaCrawler\b +\bDomains\ Project\b +\bdomainsproject.org\b +\bDomainStatsBot\b +\bDotbot\b +\bDownload\ Wonder\b +\bDragonfly\b +\bDrip\b +\bDSearch\b +\bDTS\ Agent\b +\bEasyDL\b +\bEbingbong\b +\beCatch\b +\bECCP/1.0\b +\bEcxi\b +\bEirGrabber\b +\bEMail\ Siphon\b +\bEMail\ Wolf\b +\bEroCrawler\b +\bevc-batch\b +\bEvil\b +\bExabot\b +\bExpress\ WebPictures\b +\bExtLinksBot\b +\bExtractor\b +\bExtractorPro\b +\bExtreme\ Picture\ Finder\b +\bEyeNetIE\b +\bEzooms\b +\bfacebookscraper\b +\bFDM\b +\bFemtosearchBot\b +\bFHscan\b +\bFimap\b +\bFirefox/7.0\b +\bFlashGet\b +\bFlunky\b +\bFoobot\b +\bFreeuploader\b +\bFrontPage\b +\bFyberSpider\b +\bFyrebot\b +\bGalaxyBot\b +\bGenieo\b +\bGermCrawler\b +\bGetintent\b +\bGetRight\b +\bGetWeb\b +\bGigablast\b +\bGigabot\b +\bG-i-g-a-b-o-t\b +\bGo-Ahead-Got-It\b +\bgobuster\b +\bGotit\b +\bGoZilla\b +\bGo!Zilla\b +\bGrabber\b +\bGrabNet\b +\bGrafula\b +\bGrapeFX\b +\bGridBot\b +\bGT::WWW\b +\bHaansoft\b +\bHaosouSpider\b +\bHarvest\b +\bHavij\b +\bHEADMasterSEO\b +\bheritrix\b +\bHeritrix\b +\bHloader\b +\bHMView\b +\bHTMLparser\b +\bHTTP::Lite\b +\bHTTrack\b +\bHumanlinks\b +\bHybridBot\b +\bIblog\b +\bIDBot\b +\bIDBTE4M\b +\bId-search\b +\bIlseBot\b +\bImage\ Fetch\b +\bImage\ Sucker\b +\bIndeedBot\b +\bIndy\ Library\b +\bInfoNaviRobot\b +\bInfoTekies\b +\binstabid\b +\bIntelliseek\b +\bInterGET\b +\bInternet\ Ninja\b +\bInternetSeer\b +\binternetVista\ monitor\b +\bips-agent\b +\bIria\b +\bIRLbot\b +\bisitwp.com\b +\bIskanie\b +\bIstellaBot\b +\bJamesBOT\b +\bJbrofuzz\b +\bJennyBot\b +\bJetCar\b +\bJetty\b +\bJikeSpider\b +\bJOC\ Web\ Spider\b +\bJoomla\b +\bJorgee\b +\bJustView\b +\bJyxobot\b +\bKenjin\ Spider\b +\bKeyword\ Density\b +\bKinza\b +\bKozmosbot\b +\bLanshanbot\b +\bLarbin\b +\bLeechFTP\b +\bLeechGet\b +\bLexiBot\b +\bLftp\b +\bLibWeb\b +\bLibwhisker\b +\bLieBaoFast\b +\bLightspeedsystems\b +\bLikse\b +\bLinkbot\b +\bLinkdexbot\b +\bLinkextractorPro\b +\bLinkpadBot\b +\bLinkScan\b +\bLinksManager\b +\bLinkWalker\b +\bLinqiaMetadataDownloaderBot\b +\bLinqiaRSSBot\b +\bLinqiaScrapeBot\b +\bLipperhey\b +\bLipperhey\ Spider\b +\bLitemage_walker\b +\bLmspider\b +\bLNSpiderguy\b +\bLtx71\b +\blwp-request\b +\bLWP::Simple\b +\blwp-trivial\b +\bMagnet\b +\bMag-Net\b +\bmagpie-crawler\b +\bMajestic12\b +\bMajestic-SEO\b +\bMajestic\ SEO\b +\bMarkMonitor\b +\bMarkWatch\b +\bMasscan\b +\bmasscan\b +\bMass\ Downloader\b +\bMata\ Hari\b +\bMauiBot\b +\bMb2345Browser\b +\bmeanpathbot\b +\bMeanpathbot\b +\bMeanPath\ Bot\b +\bMediatoolkitbot\b +\bmediawords\b +\bMegaIndex.ru\b +\bMetauri\b +\bMFC_Tear_Sample\b +\bMicroMessenger\b +\bMicrosoft\ Data\ Access\b +\bMicrosoft\ URL\ Control\b +\bMIDown\ tool\b +\bMIIxpc\b +\bMister\ PiX\b +\bMJ12bot\b +\bMojeek\b +\bMojolicious\b +\bMorfeus\ Fucking\ Scanner\b +\bMozlila\b +\bMQQBrowser\b +\bMr.4x3\b +\bMSFrontPage\b +\bMSIECrawler\b +\bMsrabot\b +\bmuhstik-scan\b +\bMusobot\b +\bName\ Intelligence\b +\bNameprotect\b +\bNavroad\b +\bNearSite\b +\bNeedle\b +\bNessus\b +\bNetAnts\b +\bNetcraft\b +\bnetEstate\ NE\ Crawler\b +\bNetLyzer\b +\bNetMechanic\b +\bNetSpider\b +\bNettrack\b +\bNet\ Vampire\b +\bNetvibes\b +\bNetZIP\b +\bNextGenSearchBot\b +\bNibbler\b +\bNICErsPRO\b +\bNiki-bot\b +\bNikto\b +\bNimbleCrawler\b +\bNimbostratus\b +\bNinja\b +\bNuclei\b +\bNmap\b +\bNPbot\b +\bNutch\b +\boBot\b +\bOctopus\b +\bOffline\ Explorer\b +\bOffline\ Navigator\b +\bOnCrawl\b +\bOpenfind\b +\bOpenLinkProfiler\b +\bOpenvas\b +\bOpenVAS\b +\bOPPO A33\b +\bOrangeBot\b +\bOrangeSpider\b +\bOutclicksBot\b +\bOutfoxBot\b +\bPageAnalyzer\b +\bPage\ Analyzer\b +\bPageGrabber\b +\bpage\ scorer\b +\bPageScorer\b +\bPandalytics\b +\bPanscient\b +\bPapa\ Foto\b +\bPavuk\b +\bpcBrowser\b +\bPECL::HTTP\b +\bPeoplePal\b +\bPetalbot\b +\bPHPCrawl\b +\bPicscout\b +\bPicsearch\b +\bPictureFinder\b +\bPimonster\b +\bPi-Monster\b +\bPixray\b +\bPleaseCrawl\b +\bplumanalytics\b +\bPockey\b +\bPOE-Component-Client-HTTP\b +\bpolaris\ version\b +\bProbethenet\b +\bProPowerBot\b +\bProWebWalker\b +\bPsbot\b +\bPump\b +\bPxBroker\b +\bPyCurl\b +\bQueryN\ Metasearch\b +\bQuick-Crawler\b +\bRankActive\b +\bRankActiveLinkBot\b +\bRankFlex\b +\bRankingBot\b +\bRankingBot2\b +\bRankivabot\b +\bRankurBot\b +\bRealDownload\b +\bReaper\b +\bRebelMouse\b +\bRecorder\b +\bRedesScrapy\b +\bReGet\b +\bRepoMonkey\b +\bRipper\b +\bRocketCrawler\b +\bRogerbot\b +\bRSSingBot\b +\bs1z.ru\b +\bSalesIntelligent\b +\bsatoristudio.net\b +\bSBIder\b +\bScanAlert\b +\bScanbot\b +\bscan.lol\b +\bScoutJet\b +\bScrapy\b +\bScreaming\b +\bScreenerBot\b +\bSearchestate\b +\bSearchmetricsBot\b +\bSentiBot\b +\bSEOkicks\b +\bSEOkicks-Robot\b +\bSEOlyticsCrawler\b +\bSeomoz\b +\bSEOprofiler\b +\bseoscanners\b +\bSeoSiteCheckup\b +\bSEOstats\b +\bserpstatbot\b +\bsexsearcher\b +\bShodan\b +\bSiphon\b +\bSISTRIX\b +\bSitebeam\b +\bSiteCheckerBotCrawler\b +\bsitechecker.pro\b +\bSiteExplorer\b +\bSiteimprove\b +\bSiteLockSpider\b +\bSiteSnagger\b +\bSiteSucker\b +\bSite\ Sucker\b +\bSitevigil\b +\bSlySearch\b +\bSmartDownload\b +\bSMTBot\b +\bSnake\b +\bSnapbot\b +\bSnoopy\b +\bSocialRankIOBot\b +\bSociscraper\b +\bsogouspider\b +\bSogou\ web\ spider\b +\bSosospider\b +\bSottopop\b +\bSpaceBison\b +\bSpammen\b +\bSpankBot\b +\bSpanner\b +\bsp_auditbot\b +\bSpbot\b +\bSpinn3r\b +\bSputnikBot\b +\bspyfu\b +\bSqlmap\b +\bSqlworm\b +\bSqworm\b +\bSteeler\b +\bStripper\b +\bSucker\b +\bSucuri\b +\bSuperBot\b +\bSuperHTTP\b +\bSurfbot\b +\bSurveyBot\b +\bSuzuran\b +\bSwiftbot\b +\bsysscan\b +\bSzukacz\b +\bT0PHackTeam\b +\bT8Abot\b +\btAkeOut\b +\bTeleport\b +\bTeleportPro\b +\bTelesoft\b +\bTelesphoreo\b +\bTelesphorep\b +\bThe\ Intraformant\b +\bTheNomad\b +\bThumbor\b +\bTightTwatBot\b +\bTitan\b +\bToata\b +\bToweyabot\b +\bTracemyfile\b +\bTrendiction\b +\bTrendictionbot\b +\btrendiction.com\b +\btrendiction.de\b +\bTrue_Robot\b +\bTuringos\b +\bTurnitin\b +\bTurnitinBot\b +\bTwengaBot\b +\bTwice\b +\bTyphoeus\b +\bUnisterBot\b +\bUpflow\b +\bURLy.Warning\b +\bURLy\ Warning\b +\bVacuum\b +\bVagabondo\b +\bVB\ Project\b +\bVCI\b +\bVelenPublicWebCrawler\b +\bVeriCiteCrawler\b +\bVidibleScraper\b +\bVirusdie\b +\bVoidEYE\b +\bVoil\b +\bVoltron\b +\bWallpapers/3.0\b +\bWallpapersHD\b +\bWASALive-Bot\b +\bWBSearchBot\b +\bWebalta\b +\bWebAuto\b +\bWeb\ Auto\b +\bWebBandit\b +\bWebCollage\b +\bWeb\ Collage\b +\bWebCopier\b +\bWEBDAV\b +\bWebEnhancer\b +\bWeb\ Enhancer\b +\bWebFetch\b +\bWeb\ Fetch\b +\bWebFuck\b +\bWeb\ Fuck\b +\bWebGo\ IS\b +\bWebImageCollector\b +\bWebLeacher\b +\bWebmasterWorldForumBot\b +\bwebmeup-crawler\b +\bWebPix\b +\bWeb\ Pix\b +\bWebReaper\b +\bWebSauger\b +\bWeb\ Sauger\b +\bWebshag\b +\bWebsiteExtractor\b +\bWebsiteQuester\b +\bWebsite\ Quester\b +\bWebster\b +\bWebStripper\b +\bWebSucker\b +\bWeb\ Sucker\b +\bWebWhacker\b +\bWebZIP\b +\bWeSEE\b +\bWhack\b +\bWhacker\b +\bWhatweb\b +\bWho.is\ Bot\b +\bWidow\b +\bWindows\ NT\ 5.0\b +\bWinHTTrack\b +\bWiseGuys\ Robot\b +\bWISENutbot\b +\bWonderbot\b +\bWoobot\b +\bWotbox\b +\bWprecon\b +\bWPScan\b +\bWWW-Collector-E\b +\bWWW-Mechanize\b +\bWWW::Mechanize\b +\bWWWOFFLE\b +\bx09Mozilla\b +\bx22Mozilla\b +\bXaldon_WebSpider\b +\bXaldon\ WebSpider\b +\bXenu\b +\bxpymep1.exe\b +\bYoudaoBot\b +\bZade\b +\bZauba\b +\bzauba.io\b +\bZermelo\b +\bZeus\b +\bzgrab\b +\bZitebot\b +\bZmEu\b +\bZoomBot\b +\bZoominfoBot\b +\bZumBot\b +\bZyBorg\b diff --git a/bad_user_agents.txt b/bad_user_agents.txt new file mode 100644 index 0000000..28b06cd --- /dev/null +++ b/bad_user_agents.txt @@ -0,0 +1,614 @@ +# MIT License +# +# Copyright (c) 2017 Mitchell Krog - mitchellkrog@gmail.com +# https://github.com/mitchellkrogza +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +360Spider +404checker +404enemy +80legs +Abonti +Aboundex +Aboundexbot +Acunetix +ADmantX +AfD-Verbotsverfahren +AIBOT +AiHitBot +Aipbot +Alexibot +Alligator +AllSubmitter +AlphaBot +Anarchie +Ankit +Anthill +Apexoo +arquivo.pt +arquivo-web-crawler +Aspiegel +ASPSeek +Asterias +Attach +autoemailspider +AwarioRssBot +AwarioSmartBot +BackDoorBot +Backlink-Ceck +backlink-check +BacklinkCrawler +BackStreet +BackWeb +Badass +Bandit +Barkrowler +BatchFTP +Battleztar\ Bazinga +BBBike +BDCbot +BDFetch +BetaBot +Bigfoot +Bitacle +Blackboard +Black\ Hole +BlackWidow +BLEXBot +Blow +BlowFish +Boardreader +Bolt +BotALot +Brandprotect +Brandwatch +Buck +Buddy +BuiltBotTough +BuiltWith +Bullseye +BunnySlippers +BuzzSumo +Calculon +CATExplorador +CazoodleBot +CCBot +Cegbfeieh +CensysInspect +check1.exe +CheeseBot +CherryPicker +CheTeam +ChinaClaw +Chlooe +Claritybot +Cliqzbot +Cloud\ mapping +coccocbot-web +Cocolyzebot +CODE87 +Cogentbot +cognitiveseo +Collector +colly +com.plumanalytics +Copier +CopyRightCheck +Copyscape +Cosmos +Craftbot +crawler4j +crawler.feedback +crawl.sogou.com +CrazyWebCrawler +Crescent +CrunchBot +CSHttp +Curious +Custo +CyotekWebCopy +DatabaseDriverMysqli +DataCha0s +DBLBot +demandbase-bot +Demon +Deusu +Devil +Digincore +DigitalPebble +DIIbot +Dirbuster +Disco +Discobot +Discoverybot +Dispatch +DittoSpyder +DnyzBot +DomainAppender +DomainCrawler +DomainSigmaCrawler +Domains\ Project +domainsproject.org +DomainStatsBot +Dotbot +Download\ Wonder +Dragonfly +Drip +DSearch +DTS\ Agent +EasyDL +Ebingbong +eCatch +ECCP/1.0 +Ecxi +EirGrabber +EMail\ Siphon +EMail\ Wolf +EroCrawler +evc-batch +Evil +Exabot +Express\ WebPictures +ExtLinksBot +Extractor +ExtractorPro +Extreme\ Picture\ Finder +EyeNetIE +Ezooms +facebookscraper +FDM +FemtosearchBot +FHscan +Fimap +Firefox/7.0 +FlashGet +Flunky +Foobot +Freeuploader +FrontPage +FyberSpider +Fyrebot +GalaxyBot +Genieo +GermCrawler +Getintent +GetRight +GetWeb +Gigablast +Gigabot +G-i-g-a-b-o-t +Go-Ahead-Got-It +gobuster +Gotit +GoZilla +Go!Zilla +Grabber +GrabNet +Grafula +GrapeFX +GridBot +GT::WWW +Haansoft +HaosouSpider +Harvest +Havij +HEADMasterSEO +heritrix +Heritrix +Hloader +HMView +HTMLparser +HTTP::Lite +HTTrack +Humanlinks +HybridBot +Iblog +IDBot +IDBTE4M +Id-search +IlseBot +Image\ Fetch +Image\ Sucker +IndeedBot +Indy\ Library +InfoNaviRobot +InfoTekies +instabid +Intelliseek +InterGET +Internet\ Ninja +InternetSeer +internetVista\ monitor +ips-agent +Iria +IRLbot +isitwp.com +Iskanie +IstellaBot +JamesBOT +Jbrofuzz +JennyBot +JetCar +Jetty +JikeSpider +JOC\ Web\ Spider +Joomla +Jorgee +JustView +Jyxobot +Kenjin\ Spider +Keyword\ Density +Kinza +Kozmosbot +Lanshanbot +Larbin +LeechFTP +LeechGet +LexiBot +Lftp +LibWeb +Libwhisker +LieBaoFast +Lightspeedsystems +Likse +Linkbot +Linkdexbot +LinkextractorPro +LinkpadBot +LinkScan +LinksManager +LinkWalker +LinqiaMetadataDownloaderBot +LinqiaRSSBot +LinqiaScrapeBot +Lipperhey +Lipperhey\ Spider +Litemage_walker +Lmspider +LNSpiderguy +Ltx71 +lwp-request +LWP::Simple +lwp-trivial +Magnet +Mag-Net +magpie-crawler +Majestic12 +Majestic-SEO +Majestic\ SEO +MarkMonitor +MarkWatch +Masscan +masscan +Mass\ Downloader +Mata\ Hari +MauiBot +Mb2345Browser +meanpathbot +Meanpathbot +MeanPath\ Bot +Mediatoolkitbot +mediawords +MegaIndex.ru +Metauri +MFC_Tear_Sample +MicroMessenger +Microsoft\ Data\ Access +Microsoft\ URL\ Control +MIDown\ tool +MIIxpc +Mister\ PiX +MJ12bot +Mojeek +Mojolicious +Morfeus\ Fucking\ Scanner +Mozlila +MQQBrowser +Mr.4x3 +MSFrontPage +MSIECrawler +Msrabot +muhstik-scan +Musobot +Name\ Intelligence +Nameprotect +Navroad +NearSite +Needle +Nessus +NetAnts +Netcraft +netEstate\ NE\ Crawler +NetLyzer +NetMechanic +NetSpider +Nettrack +Net\ Vampire +Netvibes +NetZIP +NextGenSearchBot +Nibbler +NICErsPRO +Niki-bot +Nikto +NimbleCrawler +Nimbostratus +Ninja +Nuclei +Nmap +NPbot +Nutch +oBot +Octopus +Offline\ Explorer +Offline\ Navigator +OnCrawl +Openfind +OpenLinkProfiler +Openvas +OpenVAS +OPPO A33 +OrangeBot +OrangeSpider +OutclicksBot +OutfoxBot +PageAnalyzer +Page\ Analyzer +PageGrabber +page\ scorer +PageScorer +Pandalytics +Panscient +Papa\ Foto +Pavuk +pcBrowser +PECL::HTTP +PeoplePal +Petalbot +PHPCrawl +Picscout +Picsearch +PictureFinder +Pimonster +Pi-Monster +Pixray +PleaseCrawl +plumanalytics +Pockey +POE-Component-Client-HTTP +polaris\ version +Probethenet +ProPowerBot +ProWebWalker +Psbot +Pump +PxBroker +PyCurl +QueryN\ Metasearch +Quick-Crawler +RankActive +RankActiveLinkBot +RankFlex +RankingBot +RankingBot2 +Rankivabot +RankurBot +RealDownload +Reaper +RebelMouse +Recorder +RedesScrapy +ReGet +RepoMonkey +Ripper +RocketCrawler +Rogerbot +RSSingBot +s1z.ru +SalesIntelligent +satoristudio.net +SBIder +ScanAlert +Scanbot +scan.lol +ScoutJet +Scrapy +Screaming +ScreenerBot +Searchestate +SearchmetricsBot +SentiBot +SEOkicks +SEOkicks-Robot +SEOlyticsCrawler +Seomoz +SEOprofiler +seoscanners +SeoSiteCheckup +SEOstats +serpstatbot +sexsearcher +Shodan +Siphon +SISTRIX +Sitebeam +SiteCheckerBotCrawler +sitechecker.pro +SiteExplorer +Siteimprove +SiteLockSpider +SiteSnagger +SiteSucker +Site\ Sucker +Sitevigil +SlySearch +SmartDownload +SMTBot +Snake +Snapbot +Snoopy +SocialRankIOBot +Sociscraper +sogouspider +Sogou\ web\ spider +Sosospider +Sottopop +SpaceBison +Spammen +SpankBot +Spanner +sp_auditbot +Spbot +Spinn3r +SputnikBot +spyfu +Sqlmap +Sqlworm +Sqworm +Steeler +Stripper +Sucker +Sucuri +SuperBot +SuperHTTP +Surfbot +SurveyBot +Suzuran +Swiftbot +sysscan +Szukacz +T0PHackTeam +T8Abot +tAkeOut +Teleport +TeleportPro +Telesoft +Telesphoreo +Telesphorep +The\ Intraformant +TheNomad +Thumbor +TightTwatBot +Titan +Toata +Toweyabot +Tracemyfile +Trendiction +Trendictionbot +trendiction.com +trendiction.de +True_Robot +Turingos +Turnitin +TurnitinBot +TwengaBot +Twice +Typhoeus +UnisterBot +Upflow +URLy.Warning +URLy\ Warning +Vacuum +Vagabondo +VB\ Project +VCI +VelenPublicWebCrawler +VeriCiteCrawler +VidibleScraper +Virusdie +VoidEYE +Voil +Voltron +Wallpapers/3.0 +WallpapersHD +WASALive-Bot +WBSearchBot +Webalta +WebAuto +Web\ Auto +WebBandit +WebCollage +Web\ Collage +WebCopier +WEBDAV +WebEnhancer +Web\ Enhancer +WebFetch +Web\ Fetch +WebFuck +Web\ Fuck +WebGo\ IS +WebImageCollector +WebLeacher +WebmasterWorldForumBot +webmeup-crawler +WebPix +Web\ Pix +WebReaper +WebSauger +Web\ Sauger +Webshag +WebsiteExtractor +WebsiteQuester +Website\ Quester +Webster +WebStripper +WebSucker +Web\ Sucker +WebWhacker +WebZIP +WeSEE +Whack +Whacker +Whatweb +Who.is\ Bot +Widow +Windows\ NT\ 5.0 +WinHTTrack +WiseGuys\ Robot +WISENutbot +Wonderbot +Woobot +Wotbox +Wprecon +WPScan +WWW-Collector-E +WWW-Mechanize +WWW::Mechanize +WWWOFFLE +x09Mozilla +x22Mozilla +Xaldon_WebSpider +Xaldon\ WebSpider +Xenu +xpymep1.exe +YoudaoBot +Zade +Zauba +zauba.io +Zermelo +Zeus +zgrab +Zitebot +ZmEu +ZoomBot +ZoominfoBot +ZumBot +ZyBorg diff --git a/cloudflare_ips.txt b/cloudflare_ips.txt new file mode 100644 index 0000000..38067f6 --- /dev/null +++ b/cloudflare_ips.txt @@ -0,0 +1,24 @@ +# https://www.cloudflare.com/ips-v4 @ 2022-12-15 +173.245.48.0/20 +103.21.244.0/22 +103.22.200.0/22 +103.31.4.0/22 +141.101.64.0/18 +108.162.192.0/18 +190.93.240.0/20 +188.114.96.0/20 +197.234.240.0/22 +198.41.128.0/17 +162.158.0.0/15 +104.16.0.0/13 +104.24.0.0/14 +172.64.0.0/13 +131.0.72.0/22 +# https://www.cloudflare.com/ips-v6 @ 2022-12-15 +2400:cb00::/32 +2606:4700::/32 +2803:f800::/32 +2405:b500::/32 +2405:8100::/32 +2a06:98c0::/29 +2c0f:f248::/32 diff --git a/ip_seo_bots.txt b/ip_seo_bots.txt new file mode 100644 index 0000000..814203b --- /dev/null +++ b/ip_seo_bots.txt @@ -0,0 +1,15 @@ +#crawler:seo:duckduckbot (https://help.duckduckgo.com/duckduckgo-help-pages/results/duckduckbot/) +23.21.227.69/32 +40.88.21.235/32 +50.16.241.113/32 +50.16.241.114/32 +50.16.241.117/32 +50.16.247.234/32 +52.204.97.54/32 +52.5.190.19/32 +54.197.234.188/32 +54.208.100.253/32 +54.208.102.37/32 +107.21.1.8/32 +#crawler:media:pinterest https://help.pinterest.com/en/business/article/pinterest-crawler +54.236.1.0/24 diff --git a/jira_cve_2021-26086.txt b/jira_cve_2021-26086.txt new file mode 100644 index 0000000..226526b --- /dev/null +++ b/jira_cve_2021-26086.txt @@ -0,0 +1,14 @@ +/_/;/WEB-INF/web.xml +/_/;/WEB-INF/decorators.xml +/_/;/WEB-INF/classes/seraph-config.xml +/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties +/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.xml +/_/;/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml +/_/;/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.properties +/_/%3B/WEB-INF/web.xml +/_/%3B/WEB-INF/decorators.xml +/_/%3B/WEB-INF/classes/seraph-config.xml +/_/%3B/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties +/_/%3B/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.xml +/_/%3B/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml +/_/%3B/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.properties \ No newline at end of file diff --git a/log4j2_cve_2021_44228.txt b/log4j2_cve_2021_44228.txt new file mode 100644 index 0000000..6f58500 --- /dev/null +++ b/log4j2_cve_2021_44228.txt @@ -0,0 +1,35 @@ +${jndi: +${${::-j}${::-n}${::-d}${::-i}: +${${::-j}ndi +${${lower:jndi}: +${${lower:${lower:jndi}}: +${${lower:j}${lower:n}${lower:d}i: +${${lower:j}${upper:n}${lower:d}${upper:i}: +${${upper:j}${upper:n}${upper:d}${upper:i}: +${j${${:-l}${:-o}${:-w}${:-e}${:-r}:n}di: +${${date:'j'}${date:'n'}${date:'d'}${date:'i'}: +${jnd${sys:SYS_NAME:-i}: +$%7Bjndi: +$%7B$%7B:-j%7D$%7B:-n%7D$%7B:-d%7D$%7B:-i%7D: +$%7B$%7B::-j%7D$%7B::-n%7D$%7B::-d%7D$%7B::-i%7D: +$%7B$%7B::-j%7Dndi +$%7B$%7Blower:jndi%7D: +$%7B$%7Blower:$%7Blower:jndi%7D%7D: +$%7B$%7Blower:j%7D$%7Blower:n%7D$%7Blower:d%7Di: +$%7B$%7Blower:j%7D$%7Bupper:n%7D$%7Blower:d%7D$%7Bupper:i%7D: +$%7B$%7Bupper:j%7D$%7Bupper:n%7D$%7Bupper:d%7D$%7Bupper:i%7D: +$%7Bj$%7B$%7B:-l%7D$%7B:-o%7D$%7B:-w%7D$%7B:-e%7D$%7B:-r%7D:n%7Ddi: +$%7B$%7Bdate:'j'%7D$%7Bdate:'n'%7D$%7Bdate:'d'%7D$%7Bdate:'i'%7D: +$%7Bjnd$%7Bsys:SYS_NAME:-i%7D: +%24%7Bjndi: +%24%7B%24%7B::-j%7D%24%7B::-n%7D%24%7B::-d%7D%24%7B::-i%7D: +%24%7B%24%7B::-j%7Dndi +%24%7B%24%7Blower:jndi%7D: +%24%7B%24%7Blower:%24%7Blower:jndi%7D%7D: +%24%7B%24%7Blower:j%7D%24%7Blower:n%7D%24%7Blower:d%7Di: +%24%7B%24%7Blower:j%7D%24%7Bupper:n%7D%24%7Blower:d%7D%24%7Bupper:i%7D: +%24%7B%24%7Bupper:j%7D%24%7Bupper:n%7D%24%7Bupper:d%7D%24%7Bupper:i%7D: +%24%7Bj%24%7B%24%7B:-l%7D%24%7B:-o%7D%24%7B:-w%7D%24%7B:-e%7D%24%7B:-r%7D:n%7Ddi: +%24%7B%24%7Bdate:'j'%7D%24%7Bdate:'n'%7D%24%7Bdate:'d'%7D%24%7Bdate:'i'%7D: +%24%7Bjnd%24%7Bsys:SYS_NAME:-i%7D: +${jnd${upper:ı}: diff --git a/path_traversal.txt b/path_traversal.txt new file mode 100644 index 0000000..54ea252 --- /dev/null +++ b/path_traversal.txt @@ -0,0 +1,33 @@ +../ +..\ +..\/ +%2e%2e%2f +%2E%2E%2F +%252e%252e%252f +%252E%252E%252F +/etc/passwd +/etc/hosts +/etc/shadow +/etc/groups +%2fetc%2fhosts +%2fetc%2fshadow +%2fetc%2fgroups +%2fetc%2fpasswd +%2Fetc%2Fhosts +%2Fetc%2Fshadow +%2Fetc%2Fgroups +%2Fetc%2Fpasswd +=file:// +=zip:// +=php:// +=expect:// +=data:// +/proc/self/ +/var/log/ +windows/win.ini +Windows/win.ini +%25SYSTEMROOT%25%5Cwin.ini +C:/inetpub/wwwroot/global.asa +C:\inetpub\wwwroot\global.asa +C:/boot.ini +C:\boot.ini diff --git a/rdns_seo_bots.txt b/rdns_seo_bots.txt new file mode 100644 index 0000000..0d3bdeb --- /dev/null +++ b/rdns_seo_bots.txt @@ -0,0 +1,10 @@ +.googlebot.com. +.yandex.ru. +.yandex.net. +.yandex.com. +.search.msn.com. +.crawl.baidu.com. +.crawl.baidu.jp. +.crawl.yahoo.net. +.search.qwant.com. +.babbar.eu. \ No newline at end of file diff --git a/rnds_seo_bots.regex b/rnds_seo_bots.regex new file mode 100644 index 0000000..f7caf2b --- /dev/null +++ b/rnds_seo_bots.regex @@ -0,0 +1,3 @@ +rate-limited-proxy-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}.google.com.$ +crawl-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}.googlebot.com.$ +google-proxy-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}.google.com.$ diff --git a/sensitive_data.txt b/sensitive_data.txt new file mode 100644 index 0000000..429dda6 --- /dev/null +++ b/sensitive_data.txt @@ -0,0 +1,90 @@ +.sql +.sql.gz +.sql.tar +.sql.bzip2 +.sql.bz2 +.sql.zip +.sql.rar +.sql.7z +.bash_history +.bashrc +.cache +.config +.cvs +.cvsignore +.env +.env.backup +env.bak +env.backup +.env.dev +.env.development.local +.env.dist +.env.docker.dev +.env.local +.env.php +.env.prod +.env.production.local +.env.sample.php +.env.save +.env.stage +.env.test +.environment +.envrc +.envs +.env~ +env.production.js +env.test.js +env.dev.js +test-env.json +env.json +.forward +.jupyter/jupyter_notebook_config.json +.git/HEAD +.git/config +.git +.gitlab-ci/.env +.history +.hta +.htaccess +.htpasswd +.lanproxy/config.json +.listing +.listings +.msmtprc +.mysql_history +.passwd +.pwd +.perf +.profile +.rhosts +.sh_history +.ssh +.subversion +.svn +.svn/entries +.s3cfg +.bak +.exe +.bat +.dll +.printer +.pac +.aws +.aws/config +.awscfg +aws-key.yml +config/aws.yml +secrets.yml +secrets.json +aws/credentials +.config/gatsby/config.json +.deployment-config.json +.docker/config.json +.docker/.env +.docker/daemon.json +.cordova/config.json +.vscode/sftp.json +_wpeprivate/config.json +composer.json +composer.lock +debug.log diff --git a/sqli_probe_patterns.txt b/sqli_probe_patterns.txt new file mode 100644 index 0000000..98c64ef --- /dev/null +++ b/sqli_probe_patterns.txt @@ -0,0 +1,18 @@ +%40%40version +..xp_cmdshell +information_schema.tables +%20union%20all%20select%20 +%20union%20select%20 +%2cnull%2cnull +benchmark%28 +load_file%28 +substr%28 +substring%28 +selectchar%28 +%7c%7cchr%28 +distinct%28 +pg_sleep%28 +sleep%28 +upper%28 +hex%28 +md5%28 diff --git a/thinkphp_cve_2018-20062.txt b/thinkphp_cve_2018-20062.txt new file mode 100644 index 0000000..8e1116a --- /dev/null +++ b/thinkphp_cve_2018-20062.txt @@ -0,0 +1,13 @@ +index/\\think\\app/invokefunction&function=call_user_func_array&vars +index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars +index/\\x5Cthink\\x5Capp/invokefunction&function=call_user_func_array&vars +index/\\\\think\\\\app/invokefunction&function=call_user_func_array&vars +index/\\think\\view\\driver\\Php/display&content=<\?php +index/\\x5Cthink\\x5Cview\\x5Cdriver\\x5CPhp/display&content=<\?php +index/\\\\x5Cthink\\\\x5Cview\\\\x5Cdriver\\\\x5CPhp/display&content=<\?php +index/%5Cthink%5Cview%5Cdriver%5CPhp/display&content=%3C\?php +index/\\think\\Container/invokefunction&function=call_user_func_array&vars +index/%5Cthink%5CContainer/invokefunction&function=call_user_func_array&vars +index/\\x5Cthink\\x5CContainer/invokefunction&function=call_user_func_array&vars +index/\\\\think\\\\Container/invokefunction&function=call_user_func_array&vars +index/\\x09hink\\x07pp/invokefunction&function=call_user_func_array&vars diff --git a/xss_probe_patterns.txt b/xss_probe_patterns.txt new file mode 100644 index 0000000..c03a93d --- /dev/null +++ b/xss_probe_patterns.txt @@ -0,0 +1,36 @@ +