Bash Scanner!

Idea behind this file, i downloaded a shell script from the internet, and i don't revive the source code of the file, and run it, but the file is contains `rm -rf .` command, after running the file, my all files are deleted in current directory. :-(

file/bash/bash.yaml

@@ -0,0 +1,50 @@
+id: bash-scanner
+
+info:
+  name: bash-scanner
+  author: ransomsec
+  severity: info
+  description: "Indicator for bash Dangerous Commands – You Should Never Execute on Linux"
+  tags: bash,shell,sh
+  reference:
+    - "https://www.tecmint.com/10-most-dangerous-commands-you-should-never-execute-on-linux/"
+    - "https://phoenixnap.com/kb/dangerous-linux-terminal-commands"
+
+
+file:
+  - extensions:
+    - sh
+
+
+    extractors:
+      - type: regex
+        name: fork-bomb
+        regex:
+          - ":(){:|:&};:"
+
+      - type: regex
+        name: rm commad found
+        regex:
+          - "rm -(f|r)"
+          - "rm -(fr|rf)"
+
+
+      - type: regex
+        name: code injection
+        regex:
+          - "/bin/(sh|bash) -"
+          - "eval"
+          - "echo -c"
+          - "/bin/(sh|bash) -c"
+          - "(sh|bash) -"
+          - "(sh|bash) -c"
+
+      - type: regex
+        name: file manipulation
+        regex:
+          - "cat /dev/null >"
+
+      - type: regex
+        name: unknown-file-download
+        regex:
+          - '(wget|curl) (https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]\.[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]$'