xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
添加工具English Version

logs2intrusions.zip


提交时间:2005-01-19
提交用户:NetU0
工具分类:扫 描 器
运行平台:Windows
工具大小:886500 Bytes
文件MD5 :92c5caeb695da32c29a46c96b18800a6
工具来源:http://www.trsecurity.net/logs2intrusions

iis4,iis5,apache日志分析器。

可以识别以下攻击,(当然你也可以自己增加新的攻击方式的特征字符串,直接写到安装目录下的sign.txt文件中就可以了。):
unlg1.2
rwwwshell.pl
gH.cgi
phf
phf.cgi
Count.cgi
test-cgi
nph-test-cgi
nph-publish
php.cgi
handler
webgais
websendmail
webdist.cgi
faxsurvey
htmlscript
pfdisplay
perl.exe
wwwboard.cgi
wwwboard.pl
www-sql
view-source
campas
aglimpse
glimpse
man.sh
AT-admin.cgi
filemail.cgi
maillist.cgi
info2www
files.pl
finger
bnbform.cgi
survey.cgi
AnyForm2
textcounter.pl
classifieds.cgi
environ.cgi
wrap
cgiwrap
guestbook.cgi
guestbook.pl
edit.pl
perlshop.cgi
webbbs.cgi
whois_raw.cgi
AnyBoard.cgi
dumpenv.pl
login.cgi
/test/test.cgi
/_vti_pvt/users.pwd
/_vti_pvt/service.pwd
/_vti_pvt/authors.pwd
/_vti_pvt/admin.pwd
/_vti_pwd/administrators.pwd
/_vti_bin/shtml.exe
/cgi-dos/args.bat
/cgi-win/uploader.exe
rguest.exe
wguest.exe
scripts/issadmin/bdir.htr
scripts/CGImail.exe
scripts/tools/newdsn.exe
scripts/tools/getdrvrs.exe
/publisher/
mlog.phtml
/ssi/envout.bat
archie
bb-hist.sh
ultraboard.pl
scripts/cart32.exe/cart32clientlist
scripts/c32web.exe/ChangeAdminPassword
scripts/c32web.exe
/getdrvrs.exe
scripts/fpcount.exe
scripts/counter.exe
scripts/visadmin.exe
scripts/perl.exe
scripts/../../cmd.exe?%2FC+echo+\'hacked!\'>c:\\hello.bat
/usersscripts/submit.cgi
/cfdocs/expelval/openfile.cfm
/cfdocs/expelval/exprcalc.cfm
/cfdocs/expelval/displayopenedfile.cfm
/cfdocs/expelval/sendmail.cfm
/cfdocs/examples/parks/detail.cfm
/cfdocs/snippets/fileexists.cfm
/cfdocs/examples/mainframeset.cfm
/iissamples/exair/howitworks/codebrws.asp
/iissamples/sdk/asp/docs/codebrws.asp
/msads/Samples/SELECTOR/showcode.asp
/search97.vts
/carbo.dll
/domcfg.nsf/?open
/?PageServices
/....../autoexec.bat
/cfdocs/zero.cfm
/cfdocs/root.cfm
/cfdocs/expressions.cfm
/cfdocs/expeval/eval.cfm
/cfdocs/exampleapp/publish/admin/addcontent.cfm
/cfdocs/exampleapp/email/getfile.cfm?filename:=c:\boot.ini
/cfdocs/exampleapp/publish/admin/application.cfm
/cfdocs/exampleapp/email/application.cfm
/cfdocs/exampleapp/docs/sourcewindow.cfm
/cfdocs/examples/parks/detail.cfm
/cfdocs/examples/cvbeans/beaninfo.cfm
/cfdocs/cfmlsyntaxcheck.cfm
/cfdocs/snippets/viewexample.cfm
/cfdocs/snippets/gettempdirectory.cfm
/cfdocs/snippets/fileexists.cfm
/cfdocs/snippets/evaluate.cfm
/cfusion/cfapps/forums/forums_.mdb
/cfusion/cfapps/security/realm_.mdb
/cfusion/cfapps/forums/data/forums.mdb
/cfusion/cfapps/security/data/realm.mdb
/cfusion/database/cfexamples.mdb
/cfusion/database/cfsnippets.mdb
/cfusion/database/smpolicy.mdb
/cfusion/database/cypress.mdb
/database.nsf/
cgi-lib.pl
minimal.exe
redir.exe
stats.prg
statsconfig
visitor.exe
htmldocs
/_vti_bin/_vti_adm
/_vti_bin/_vti_aut
/srchadm
/iisadmin
/html/?PageServices
scripts/run.exe
scripts/iisadmin/samples/ctgestb.htx
scripts/iisadmin/samples/ctgestb.idc
scripts/iisadmin/samples/details.htx
scripts/iisadmin/samples/details.idc
scripts/iisadmin/samples/query.htx
scripts/iisadmin/samples/query.idc
scripts/iisadmin/samples/register.htx
scripts/iisadmin/samples/register.idc
scripts/iisadmin/samples/sample.htx
scripts/iisadmin/samples/sample.idc
scripts/iisadmin/samples/sample2.htx
scripts/iisadmin/samples/viewbook.htx
scripts/iisadmin/samples/viewbook.idc
scripts/iisadmin/tools/ct.htx
scripts/iisadmin/tools/ctss.idc
scripts/iisadmin/tools/dsnform.exe
scripts/iisadmin/tools/getdrvrs.exe
scripts/iisadmin/tools/mkilog.exe
scripts/iisadmin/tools/newdsn.exe
/IISADMPWD/achg.htr
/IISADMPWD/aexp.htr
/IISADMPWD/aexp2.htr
/IISADMPWD/aexp2b.htr
/IISADMPWD/aexp3.htr
/IISADMPWD/aexp4.htr
/IISADMPWD/aexp4b.htr
/IISADMPWD/anot.htr
/IISADMPWD/anot3.htr
/_vti_pvt/writeto.cnf
/_vti_pvt/svcacl.cnf
/_vti_pvt/services.cnf
/_vti_pvt/service.stp
/_vti_pvt/service.cnf
/_vti_pvt/access.cnf
/_private/registrations.txt
/_private/registrations.htm
/_private/register.txt
/_private/register.htm
/_private/orders.txt
/_private/orders.htm
/_private/form_results.htm
/_private/form_results.txt
/_vti_bin/_vti_adm/admin.dll
scripts/perl?
passwd
passwd.txt
password
password.txt
ax.cgi
ax-admin.cgi
scripts/convert.bas
/session/admnlogin
cachemgr.cgi
rpm_query
dbmlparser.exe
flexform.cgi
responder.cgi
imagemap.exe
/cfdocs/cfmlsyntaxcheck.cfm
/cfdocs/snippets/fileexist.cfm
/cfappman/index.cfm
scripts/cpshost.dll
/samples/search/queryhit.htm
/msadc/msadcs.dll
scripts/proxy/w3proxy.dll
MachineInfo
lwgate
lwgate.cgi
LWGate
LWGate.cgi
nlog-smb.cgi
axs.cgi
nph-error.pl
post_query
ppdscgi.exe
webmap.cgi
scripts/tools/getdrvs.exe
upload.pl
scripts/pu3.pl
/WebShop/logs/cc.txt
/WebShop/templates/cc.txt
/quikstore.cfg
/PDG_Cart/shopper.conf
/PDG_Cart/order.log
/pw/storemgr.pw
/iissamples/iissamples/query.asp
/iissamples/exair/search/advsearch.asp
/iisadmpwd/aexp2.htr
/adsamples/config/site.csc
/.html/............../config.sys
add_ftp.cgi
architext_query.cgi
w3-msql/
bigconf.cgi
get32.exe
alibaba.pl
tst.bat
scripts/samples/search/webhits.exe
/aux
/com1
/com2
/com3
/lpt
/ss.cfg
/ncl_items.html
scripts/submit.cgi
/adminlogin?RCpage:=/sysadmin/index.stm
scripts/srchadm/admin.idq
/samples/search/webhits.exe
/secure/.htaccess
/secure/.wwwacl
/adsamples/config/site.csc
/officescan/cgi/jdkRqNotify.exe
/ASPSamp/AdvWorks/equipment/catalog_type.asp
/AdvWorks/equipment/catalog_type.asp
/tools/newdsn.exe
scripts/iisadmin/ism.dll
scripts/uploadn.asp
scripts/uploadx.asp
scripts/upload.asp
scripts/repost.asp
scripts/postinfo.asp
scripts/iisadmin/default.htm
scripts/samples/details.idc
scripts/samples/ctguestb.idc
scripts/convert.bas
scripts/Fpadmcgi.exe
/samples/isapi/srch.htm
/index.asp::$DATA
/main.asp%81
/domlog.nsf
/log.nsf
/catalog.nsf
/names.nsf
/domcfg.nsf
/today.nsf
pfdispaly.cgi
input.bat
/CFIDE/Administrator/startstop.html
/GetFile.cfm
/../../config.sys
/orders/import.txt
/config/import.txt
/orders/checks.txt
/config/check.txt
/webcart/
/msadc/samples/adctest.asp
/admisapi/fpadmin.htm
/admcgi/contents.htm
/_private/form_results.txt
/_private/form_results.htm
/_private/register.htm
/_vti_pvt/service.cnf
/_vti_pvt/service.stp
/_vti_pvt/services.cnf
/_vti_pvt/svcacl.cnf
/_vti_pvt/writeto.cnf
/_vti_pvt/access.cnf
AnForm2
calendar
w3tvars.pm
w2-msql
wais.pl
/cgi-win/wwwuploader.exe
MachineInfo
snorkerz.cmd
snorkerz.bat
AT-generate.cgi
/con/con
/......../
/cgi-shl/win-c-sample.exe
../..
classified.cgi
download.cgi
../../boot.ini
/default.asp. HTTP/1.0
/xxxxxxx.....xxxxxxxxx/
testcgi.exe
FormHandler.cgi
cgitest.exe
meta.pl
test-cgi.tcl
day5datacopier.cgi
test.bat
hello.bat
webutils.pl
tigvote.cgi
/cgi-dos/args.cmd
/neowebscript/test/senvironment.nhtml
/neowebscript/tests/load_webenv.nhtml
/neowebscript/tests/mailtest.nhtml
/WebSTART%20LOG
webwho.pl
htsearch
plusmail
rmp_query
w3-msql
tpgnrock
/manage/cgi/cgiproc
/_vti_bin/_vti_aut/dvwssr.dll
scripts/cart32.exe
ultraboard.cgi
message.cgi
.cobalt/siteUserMod/siteUserMod.cgi
.fhp
getdoc.cgi
bizdb1-search.cgi
cart.pl
maillist.pl
fpexplore.exe
whois.cgi
GW5/GWWEB.EXE
search/tidfinder.cgi
tablebuild.pl
displayTC.pl
cvsweb/src/usr.bin/rdist/expand.c
c_download.cgi
ntitar.pl
enter.cgi
printenv
dasp/fm_shell.asp
cgiback.cgi
infosrch.cgi
scripts/webbbs.exe
/config/mountain.cfg
/orders/mountain.cfg
/admin.php3
/code.php3
/bb-dnbd/bb-hist.sh
/reviews/newpro.cgi
/eatme.idc
/eatme.ida
/eatme.pl
/eatme.idq
/eatme.idw
/status.cgi
/PSUser/PSCOErrPage.htm
/piranha/secure/passwd.php3
sojourn.cgi
dfire.cgi
spin_client.cgi
echo.bat
404

>> 下载 <<