# - Ruleset Common -
# Do NOT edit this file as it is generated every time the module starts
# and provides the 'ruleset-Common' function
#
ruleset-Common() {
local funtag="[${FUNCNAME[0]}]"
: FILTER_STATE=Initial
: FILTER_DATE=2025-12-12T09:42:55+01:00
local debugs="@nodebug|@notrace|@alloff|@debug|@debug2|@trace"
local debfun
RULE=SetDebug
if [[ "$REPLY" =~ ($debugs) ]]
then
    debfun=${BASH_REMATCH[1]}	# Extract found matches
    trace "$funtag Debuging $debfun wanted"
    setdebug "$debfun"
    Pattern="$debfun"		# Let the post processor know the choice ...
    return 241   
fi
WEB_CLASS=Scanner
RULE="Shodan-Scanner"
Pattern='.shodan.io['
if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi
RULE="Censys-Scanner"
Pattern='.censys-scanner.com['
if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi
RULE="Cyberresilience-Scanner"
Pattern='.cyberresilience.io['
if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi
RULE="BinaryEdge-Scanner"
Pattern='.binaryedge.ninja['
if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi
RULE="Anthropic-AI"
Pattern='"anthropic-ai"'
if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi
WEB_CLASS=Destroyer
RULE=PROPFIND
Pattern="GET /shell"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=NMAP-Attack
Pattern="(compatible; Nmap"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=FAKE-Referer1
Pattern="ALittle Client"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=Dot-env
Pattern="GET /.env"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=APP-Dot-env
Pattern="GET /app/.env"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=Dot-git
Pattern="GET /.git"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=Dot-aws
Pattern="GET /.aws"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
WEB_CLASS=Illegal-Wordpress
RULE=WP-inludes
Pattern="/wp-inludes/"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=WP
Pattern="GET /wp/"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=WEBSITE
Pattern="GET /website/"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=WORDPRESS
Pattern="GET /wordpress/"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=WP-admin
Pattern="GET /wp-admin/"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=WP-Login
Pattern="GET /wp-login.php"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=WP-JSON
Pattern="GET /wp-json"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=WP-CONTENT
Pattern="GET /wp-content"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=WP-INCLUDES
Pattern="GET /wp-includes"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
WEB_CLASS=Aggressor
RULE=PROPFIND
Pattern="PROPFIND /"
if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi
RULE=POST-admin-index
Pattern="POST /administrator/index.php"
if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi
RULE=POST-autodiscover
Pattern="POST /Autodiscover/"
if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi
RULE=POST-phpunit
Pattern="POST /vendor/phpunit/"
if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi
RULE=POST-cgi-bin
Pattern="POST /cgi-bin/"
if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi
RULE=POST-wp-includes
Pattern="POST /wp-includes/"
if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi
RULE=POST-db-init
Pattern="POST /db.init.php"
if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi
RULE=POST-db-session
Pattern="POST /db_session.init.php"
if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi
RULE=POST-Black+white
Pattern="POST /editBlackAndWhiteList"
if [[ "$REPLY" =~ "$Pattern" ]]; then inject 4; return $?; fi
RULE=POST-loginregister
Pattern="POST /login-register/"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=POST_en_login
Pattern="POST /en/log-in"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
WEB_CLASS=HEADscan
RULE=HEAD-Scanner
Pattern="HEAD /"
if [[ "$REPLY" =~ "$Pattern" ]]; then inject 3; return $?; fi
WEB_CLASS=Trialbaloons
RULE=Double-Dash
Pattern="GET //"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=BREAK-vendor
Pattern="GET /vendor/"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=BREAK-webdav
Pattern="GET /webdav/"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=BREAK-owa
Pattern="GET /owa/"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=PMA-1
Pattern="GET /phpMyadmin"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=PMA-2
Pattern="GET /phpmyadmin"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=PMA-3
Pattern="GET /pma/"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=PMA-4
Pattern="GET /PMA/"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=Agent
Pattern="GET /agent/"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=Agent2
Pattern="GET /agc/"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
RULE=Illegal_css
Pattern="GET /css/"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
WEB_CLASS=Fake-Request
RULE=Double-Dash
Pattern="GET /en/produkte/"
if [[ "$REPLY" =~ "$Pattern" ]]; then kickoff; return $?; fi
WEB_CLASS=Forbidden
RULE=401
Pattern=' 401 '
if [[ "$REPLY" =~ "$Pattern" ]]; then inject; return $?; fi
RULE=403
Pattern=' 403 '
if [[ "$REPLY" =~ "$Pattern" ]]; then inject; return $?; fi
WEB_CLASS=Robots-Txt
RULE=Robots-Txt
Pattern='GET /robots.txt' 
if [[ "$REPLY" =~ "$Pattern" ]]; then inject 5; return $?; fi

RULE=NO_RULESET_MATCH-$funtag
return 0
}
