nuclei-templates/file/bash/bash-scanner.yaml

48 lines
1.1 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

id: bash-scanner
info:
name: Bash Scanner
author: ransomsec
severity: info
description: Indicator for bash Dangerous Commands You Should Never Execute on Linux
reference:
- https://www.tecmint.com/10-most-dangerous-commands-you-should-never-execute-on-linux/
- https://phoenixnap.com/kb/dangerous-linux-terminal-commands
tags: bash,shell,sh
file:
- extensions:
- sh
extractors:
- type: regex
name: fork-bomb
regex:
- ":(){:|:&};:"
- type: regex
name: rm command found
regex:
- "rm -(f|r)"
- "rm -(fr|rf)"
- type: regex
name: code injection
regex:
- "/bin/(sh|bash) -"
- "eval"
- "echo -c"
- "/bin/(sh|bash) -c"
- "(sh|bash) -"
- "(sh|bash) -c"
- type: regex
name: file manipulation
regex:
- "cat /dev/null >"
- type: regex
name: unknown filedownload
regex:
- '(wget|curl) (https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]\.[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]$'