# - Ruleset Common - # Do NOT edit this file as it is generated every time the module starts # and provides the 'ruleset-Common' function # ruleset-Common() { local funtag="[${FUNCNAME[0]}]" : FILTER_STATE=Initial : FILTER_DATE=2024-01-10T13:27:31+01:00 RULE="Shodan-Scanner" Pattern='.shodan.io[' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE="Censys-Scanner" Pattern='.censys-scanner.com[' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE="Cyberresilience-Scanner" Pattern='.cyberresilience.io[' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE="BinaryEdge-Scanner" Pattern='.binaryedge.ninja[' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE="Anthropic-AI" Pattern='"anthropic-ai"' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi WEB_CLASS=Destroyer RULE=PROPFIND Pattern="GET /shell" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=NMAP-Attack Pattern="(compatible; Nmap" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=FAKE-Referer1 Pattern="ALittle Client" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi WEB_CLASS=Illegal-Wordpress RULE=WP-inludes Pattern="/wp-inludes/" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=WP Pattern="GET /wp/" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=WEBSITE Pattern="GET /website/" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=WORDPRESS Pattern="GET /wordpress/" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=WP-admin Pattern="GET /wp-admin/" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=WP-Login Pattern="GET /wp-login.php" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=WP-JSON Pattern="GET /wp-json" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi WEB_CLASS=Aggressor RULE=PROPFIND Pattern="PROPFIND /" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=POST-admin-index Pattern="POST /administrator/index.php" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=POST-autodiscover Pattern="POST /Autodiscover/" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=POST-phpunit Pattern="POST /vendor/phpunit/" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=POST-cgi-bin Pattern="POST /cgi-bin/" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=POST-wp-includes Pattern="POST /wp-includes/" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=POST-db-init Pattern="POST /db.init.php" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=POST-db-session Pattern="POST /db_session.init.php" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=POST-Black+white Pattern="POST /editBlackAndWhiteList" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi WEB_CLASS=Scanner RULE=HEAD-Scanner Pattern="HEAD /" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 3; return $?; fi WEB_CLASS=Trialbaloons RULE=Double-Dash Pattern="GET //" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=BREAK-vendor Pattern="GET /vendor/" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=BREAK-webdav Pattern="GET /webdav/" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=BREAK-owa Pattern="GET /owa/" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=BREAK-junk-2 Pattern="GET /.env" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=PMA-1 Pattern="GET /phpMyadmin" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=PMA-2 Pattern="GET /phpmyadmin" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=PMA-3 Pattern="GET /pma/" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=PMA-4 Pattern="GET /PMA/" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi RULE=Agent Pattern="GET /agent/" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=Agent2 Pattern="GET /agc/" if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi WEB_CLASS=Bot RULE=PALO-ALTO-1 Pattern='@expanseinc.com' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=PALO-ALTO-2 Pattern='Expanse, ' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=Dataprovider Pattern='compatible; Dataprovider.com' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=Petal-Bot Pattern='PetalBot;' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=Semrush-Bot Pattern='; SemrushBot' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=Ahrefs-Bot Pattern='; AhrefsBot/' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=Majestic-Bot Pattern='; MJ12bot/' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=SEO-Scanner.net Pattern='; adscanner/' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=Zoominfo-Bot Pattern='ZoominfoBot' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=Dot-Bot Pattern='compatible; DotBot/' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=Seznam-Bot Pattern='; SeznamBot/' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=Megaindex-BOT Pattern='compatible; MegaIndex.ru/' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=MailRU-Bot Pattern='; Mail.RU_Bot/' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=Well-Known-Bot Pattern='; WellKnownBot/' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=NC-Survey-Agent Pattern='compatible; NetcraftSurveyAgent/' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=BLEX-Bot Pattern='compatible; BLEXBot/' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=Barkrowler-Bot Pattern='compatible; Barkrowler/' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=SerpStat-Bot Pattern='serpstatbot/' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=Bytespider-Bot Pattern='compatible; Bytespider;' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=Facebook-Bot Pattern='facebookexternalhit/' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=SEOkicks-Bot Pattern='(compatible; SEOkicks' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=BLEXBot Pattern='(compatible; BLEXBot/' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=Python-Request Pattern='python-requests/' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE="Spawning-AI" Pattern='"Spawning-AI"' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE="GeedoBot" Pattern='compatible; GeedoBot;' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE="DataForSeoBot" Pattern='compatible; DataForSeoBot/' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE="BytespiderBot" Pattern='compatible; Bytespider' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi WEB_CLASS=Forbidden RULE=401 Pattern=' 401 ' if [[ "$REPLY" =~ "$Pattern" ]]; then inject; return $?; fi RULE=403 Pattern=' 403 ' if [[ "$REPLY" =~ "$Pattern" ]]; then inject; return $?; fi WEB_CLASS=Robots-Txt RULE=Robots-Txt Pattern='GET /robots.txt' if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE=NO_RULESET_MATCH-$funtag return 0 }