DPS检测
2021-06-22 15:16:47 # DPS 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
1.nmap扫描
http.user-agent==*nmap.org* || http.uri == *nmaplowercheck* || http.user-agent == *python*
2.sqlmap扫描
http.user-agent==*sqlmap.org*
3.zgrab扫描
http.user-agent == *zgrab/*
4.后台扫描
(http.uri == *admin* || http.uri==*phpmyadmin* || http.uri==*wpadmin*) && (http.uri == *index* || http.uri==*php* || http.uri==*asp* || http.uri==*aspx* || http.uri==*jsp*)
5.敏感信息扫描
http.uri==*readme.txt* || http.uri==*robots.txt* || http.uri == "*.php.bak*" || http.uri == "*/bin/cat*" || http.uri == */webdav/*
http.statuscode == 404 && (http.uri == "*.sql" || http.uri == *.zip || http.uri == *.tar || http.uri == *.rar || http.uri == *.7z || http.uri == *.bak || http.uri == *.gz || http.uri == *.git*)
6.sql注入
(http.uri==*infomation_schema* || http.uri==*select* && http.uri==*from*)&&
(http.uri==*length* || http.uri==*ascii* || http.uri==*substr* || http.uri==*sleep*) && (http.uri==*database* || http.uri==*table*)
7.XSS 
(http.uri==*script* && http.uri==*alert*) || (http.uri==*img* && http.uri==*onerror*) || (http.uri==*javascript* && http.uri==*alert*)
8.文件读取  目录穿越  wu
http.uri==*../* && (http.uri==*passwd* || http.uri==*shadow*)        linux读文件
(http.uri==*file://* || http.uri == *../*) && (http.uri == *php.ini* || http.uri==*boot.ini* || http.uri==*my.ini*)   //Windows
9.远程文件包含
(http.uri==*?file* || http.uri==*?filename*) && (http.uri==*file://* || http.uri==*php://* || http.uri==*zip://* || http.uri==*data://*)
10.Webshell
(http.uri==*GET* || http.uri==*POST*) && http.uri==*eval*
11.命令执行
(http.uri==*cat* && http.uri==*passwd*) || (http.uri==*/bin/bash* && http.uri==*nc*) || (http.uri=="*bash-i*" && http.uri==*/dev/tcp*) || (http.uri==*rm* && http.uri==*rf* && http.uri==*wget*)
12.端口扫描
databytes == 0 && packets < 10 && port.dst==[22,23,25,53,143,161,389,445,1433,1521,3306,3389,5432,6379,7001,8069,8080,8089]
url扫描:http.uri == */test* && http.uri == */*  http.uri == */test/* || http.uri == */test/a/*   http.uri ==*.action*  
一句话木马上传:http.uri == [*eval*,*replace*,*assert*]
文件读取:(http.uri == *../* && http.uri == *passwd*) || (http.uri == *../* && http.uri == *system*)
命令执行写shell:http.uri == *phpinfo* || (http.uri == *eval* && http.uri == *@*)
xss:(http.uri == *script* && http.uri == *alent*) || (http.uri == *ing* && http.uri == *onerror*) || (http.uri == *javascript* && http.uri == *alert*)
命令执行:http.uri == *rm* && http.uri == *rf* && http.uri == *wget*
上一页
2021-06-22 15:16:47 # DPS
下一页