-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathsecurity_patterns.json
More file actions
22 lines (22 loc) · 1.01 KB
/
security_patterns.json
File metadata and controls
22 lines (22 loc) · 1.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
{
"config_exposure": {
"description": "Direct requests for secrets, environment files, or version control metadata.",
"patterns": ["/\\.env", "/\\.git", "/\\.svn", "/\\.htaccess", "/\\.htpasswd", "/\\.ssh", "/\\.passwords"]
},
"webshells": {
"description": "Common webshell and dropper filenames.",
"patterns": ["/(w(uwu|c|s|shell)|x(w|s|shell)|qq|ak47|phpstudy|system|cmd|mx|lindex|hm|sheep|defect)\\.php$"]
},
"wordpress": {
"description": "WordPress brute force and exploit probes.",
"patterns": ["/wp-login\\.php", "/xmlrpc\\.php", "/wp-content/uploads/.*\\.php", "/wp-includes/.*\\.php"]
},
"known_exploits": {
"description": "Paths associated with known vulnerabilities in frameworks and admin consoles.",
"patterns": ["/vendor/phpunit", "/solr/admin", "/manager/html", "/HNAP1", "/owa/auth/logon\\.aspx"]
},
"http_methods": {
"description": "Suspicious HTTP verbs often used in scanning or exploitation attempts.",
"patterns": ["^(PUT|DELETE|OPTIONS|TRACE|CONNECT) "]
}
}