/Hunt Catalog/web.md
https://github.com/randomuserid/Adama · Markdown · 117 lines · 116 code · 1 blank · 0 comment · 0 complexity · 934cf68fd55e39ab93d6281b21ff1115 MD5 · raw file
- Searches for attacks on web servers and applications using web service logs
- | Category | Search Name |
- |----------------------|--------------------------------------------------------------------------------|
- | Execution | .htaccess access |
- | Execution | .htaccess request |
- | Execution | /etc/shadow detected in uri |
- | Behavioral Detection | /system32/ in uri - possible protected directory access attempt |
- | Behavioral Detection | coldfusion adminapi access |
- | Behavioral Detection | coldfusion adminapi access |
- | Behavioral Detection | coldfusion adminapi access |
- | Behavioral Detection | coldfusion administrator access |
- | Behavioral Detection | coldfusion administrator access |
- | Behavioral Detection | coldfusion administrator access |
- | Behavioral Detection | coldfusion administrator access |
- | Behavioral Detection | coldfusion administrator access |
- | Behavioral Detection | coldfusion componentutils access |
- | Execution | crlf injection - newline characters in url - %0d%0a |
- | Execution | exploit suspected php injection attack (cmd=) |
- | Behavioral Detection | http pass= in cleartext |
- | Execution | php easteregg request |
- | Behavioral Detection | php setup activity |
- | Execution | tilde in uri - potential .php~ source disclosure vulnerability |
- | Behavioral Detection | web-php phpinfo access |
- | Behavioral Detection | web-php phpinfo access |
- | Execution | wordpress google doc embedder local file inclusion attempt |
- | Execution | wp generic revslider arbitrary file download |
- | Execution | /cgi-bin/../in uri - possible protected directory access attempt |
- | Execution | /etc/ activity in web requests |
- | Execution | /etc/passwd in web request |
- | Behavioral Detection | Anomalous encoding in request |
- | Behavioral Detection | Anomalous referrer |
- | Behavioral Detection | Anonymizer activity |
- | Behavioral Detection | Asterix |
- | Execution | Attempt to get sql server version in uri using select version |
- | Execution | Binary data in web request |
- | Behavioral Detection | Bugzilla |
- | Behavioral Detection | Burp activity |
- | Behavioral Detection | Cgi scripts |
- | Behavioral Detection | Cisco telephony service |
- | Behavioral Detection | Citrix |
- | Behavioral Detection | Cold fusion |
- | Execution | Cross site scripting (xss) |
- | Behavioral Detection | Denied by server configuration |
- | Behavioral Detection | Directory index forbidden |
- | Execution | Directory traversal |
- | Execution | Downloads from ip addresses |
- | Behavioral Detection | Dprk / apt37 user agent |
- | Execution | Drupal 2019-6340 |
- | Execution | Drupalgeddon |
- | Execution | Drupalgeddon 2 |
- | Behavioral Detection | Excessive use of a feature of method |
- | Execution | Exploits - xss |
- | Execution | Exploits - xss |
- | Behavioral Detection | Extraclient access: unvalidated data in request |
- | Behavioral Detection | Flash activity |
- | Behavioral Detection | Invalid uri "invalid uri in request" or "uri too long" or "file name too long" |
- | Behavioral Detection | Jsp |
- | Behavioral Detection | Kubernetes access from the internet |
- | Execution | Large http request |
- | Behavioral Detection | Linux /tmp reference - /tmp |
- | Behavioral Detection | Linux commands - curl,chmod,echo,exec, wget |
- | Behavioral Detection | Long byte counts in web requests |
- | Behavioral Detection | Long uris with null referrers |
- | Behavioral Detection | Long user agent strings |
- | Behavioral Detection | Magento admin request |
- | Behavioral Detection | Metadata request |
- | Execution | Mssql command shell - xp_cmdshell |
- | Behavioral Detection | Mysqlmanager activity |
- | Execution | Noop sled - /x90 |
- | Execution | Null user agents |
- | Behavioral Detection | One time token reuse |
- | Execution | Pass= or passw= or password= in uri |
- | Execution | Passw=' or pass=' in uri |
- | Execution | Pcrat/gh0st |
- | Execution | Php errors - php warning: php fatal error: php parse error: |
- | Behavioral Detection | Php net utils |
- | Behavioral Detection | Phpmyadmin activity |
- | Behavioral Detection | Phpmyadmin activity |
- | Behavioral Detection | Phpmyadmin activity |
- | Execution | Possible php attack |
- | Execution | Process activity in web requests |
- | Execution | Rci - environment variable in http request |
- | Behavioral Detection | Rdp request |
- | Execution | Remote command injection |
- | Execution | Remote command injection |
- | Execution | Rm or rm -rf activity |
- | Execution | Script interpreter user agent |
- | Execution | Sensitive file access |
- | Execution | Server side template injection |
- | Execution | Shell commands in web request |
- | Execution | Shell_exec in web request |
- | Execution | Sql command in uri |
- | Execution | Sql injection |
- | Execution | Sql injection - windows |
- | Execution | Sql injection local file access attempt using load_file |
- | Execution | Sql statements in uris |
- | Execution | Suspicious user agents |
- | Execution | Thinkphp getshell rci |
- | Behavioral Detection | Token use by different ip addresses |
- | Behavioral Detection | Token use by different user agents |
- | Behavioral Detection | Tomcat admin access |
- | Behavioral Detection | Unauthorized response codes to scripted requests |
- | Behavioral Detection | Uri contains ephemeral port |
- | Behavioral Detection | Uri contains jsesssionid= |
- | Behavioral Detection | Uri contains password or pass string |
- | Behavioral Detection | Uri contains username string |
- | Execution | Waf alert |
- | Execution | Waf deny |
- | Behavioral Detection | Web scanner |
- | Execution | Web shells |
- | Execution | Wget or curl commands in web request |
- | Execution | Windows command - cmd.exe or cmd |
- | Behavioral Detection | Wordpress |
- | Execution | Wordpress / wordfence attack detect |
- | Execution | Wp jetpack twenty fifteen xss |
- | Behavioral Detection | Yabb activity |