# - 010-Scanner.rule - # Special ruleset to catch scanners # i.e. it does call 'inject' with 5 (= $MAX_AFFAIRS) # The next occurence triggers a shoot-down # # Alternative to an entry in the module's superfluous_map file WEB_CLASS=Scanner # RULE="Shodan-Scanner" Pattern='.shodan.io[' #--------------- if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE="Censys-Scanner" Pattern='.censys-scanner.com[' #--------------- if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE="Cyberresilience-Scanner" Pattern='.cyberresilience.io[' #--------------- if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE="BinaryEdge-Scanner" Pattern='.binaryedge.ninja[' #--------------- if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi RULE="Anthropic-AI" Pattern='"anthropic-ai"' #--------------- if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi