Update bash.yaml
parent
1d63590c93
commit
2d2b5515a1
|
@ -1,21 +1,19 @@
|
|||
id: bash-scanner
|
||||
|
||||
info:
|
||||
name: bash-scanner
|
||||
name: Bash Scanner
|
||||
author: ransomsec
|
||||
severity: info
|
||||
description: "Indicator for bash Dangerous Commands – You Should Never Execute on Linux"
|
||||
tags: bash,shell,sh
|
||||
description: Indicator for bash Dangerous Commands – You Should Never Execute on Linux
|
||||
reference:
|
||||
- "https://www.tecmint.com/10-most-dangerous-commands-you-should-never-execute-on-linux/"
|
||||
- "https://phoenixnap.com/kb/dangerous-linux-terminal-commands"
|
||||
|
||||
- https://www.tecmint.com/10-most-dangerous-commands-you-should-never-execute-on-linux/
|
||||
- https://phoenixnap.com/kb/dangerous-linux-terminal-commands
|
||||
tags: bash,shell,sh
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- sh
|
||||
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: fork-bomb
|
||||
|
@ -28,7 +26,6 @@ file:
|
|||
- "rm -(f|r)"
|
||||
- "rm -(fr|rf)"
|
||||
|
||||
|
||||
- type: regex
|
||||
name: code injection
|
||||
regex:
|
||||
|
@ -45,6 +42,6 @@ file:
|
|||
- "cat /dev/null >"
|
||||
|
||||
- type: regex
|
||||
name: unknown-file-download
|
||||
name: unknown filedownload
|
||||
regex:
|
||||
- '(wget|curl) (https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]\.[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]$'
|
||||
|
|
Loading…
Reference in New Issue