Show signatures

ID	Sign
1	(\d+\s,\s){4,}
2	\W&&\W
3	\W@@\w
4	\W\\|\\|\W
5	\{\{.+\}\}
6	(\.)+(\\\|\/)+(\.)+(\\\|\/)+
7	\\x[0-9a-z]{2,2}
8	(\\\|%)u[0-9a-f]{4,4}
9	[&=<]\.0
10	[\^<>]0\.
11	(\s\|\.)src(\s\|\+)*=
12	(^\|\W)eval\(\|@eval\W
13	<svg(\s\|\+)
14	(^\|\W)alert\/?(\.(source\|call\|apply\|bind\|valueof))?[\(\`\&\]]
15	array\.(map\|from\|prototype)
16	(^\|\W)document(\.[a-z]+)+\(
17	<img(\s\|\+)
18	<base(\s\|\+)
19	<i?frame\W
20	on(error\|cut\|begin\|wheel\|blur\|change\|input\|reset\|select\|down\|keypress\|keyup\|paste\|copy\|toggle)(\s\|\+)*\=
21	onmouse(down\|enter\|leave\|move\|out\|over\|up\|wheel)(\s\|\+)*\=
22	<script(\s\|\+\|\/\|\>)
23	on(aux\|dbl)?click(\s\|\+)*\=
24	ontouchcancel(\s\|\+)*\=
25	(^\|\W)set(Timeout\|Interval\|Immediate)\(
26	(^\|\W)execscript\(
27	window[?]?\.(location\|alert\|name)
28	document[.;](location\|domain\|cookie)
29	(^\|\W)location\.(assign\|reload\|replace\|tostring)\(
30	(^\|\W)history(\.[a-z]+)+\(
31	(^\|\W)(local\|session)Storage\(
32	(^\|\W)createElement\(
33	[^-:=\.\w\\|]where[^-:=\.\w\\|]
34	[^-:=\.\w\\|]update[^-:=\.\w\\|]
35	[^-:=\.\w\\|]table[^-:=\.\w\\|]
36	group[^-:=\.\w\\|/]+by
37	order[^-:=\.\w\\|]+by
38	[^-:=\.\w\\|]limit[^-:=\.\w\\|]
39	[^-:=\.\w\\|]select[^-:=\.\w\\|]
40	[^-:=\.\w\\|]insert[^-:=\.\w\\|]
41	[^-:=\.\w\\|]truncate[^-:=\.\w\\|]
42	(^\|\W)benchmark\(
43	(^\|\W)((var)?char\|chr)\W*[(@]+[\d\s]
44	[^-:=\.\w\\|]if[^-:=\.\w\\|]
45	select[^-:=\.\w\\|]{1,50}(.\|\s){0,50}from
46	(^\|\W)concat\(
47	(^\|\W)system\(
48	(^\|\W)elt\(
49	(encode\|decode)\W*[]
50	\Wrlike\(
51	[^-:=\.\w\\|]database[^-:=\.\w\\|]
52	(^\|\W)not\W+in\(
53	json(_\w+){1,2}\(
54	[^-:=\.\w\\|]contains[^-:=\.\w\\|]
55	[^-:=\.\w\\|]sleep[^-:=\.\w\\|]
56	\`\`\s*\`\`
57	_(en\|de)crypt\(
58	log\d+\W*($\|$)
59	/(bin\|sbin)/
60	[^-:=\.\w\\|]replace[^-:=\.\w\\|]
61	\d+[\'\`]
62	(^\|\W)print(_r\|ln)?\(
63	\d\'\s*\w+=(\d+\|\')
64	=(\-\w+\|\w+[\'\)\"])(.\|\s){0,30}\s+where\s+(.\|\s){0,30}\s+(OR\|AND)
65	ctx=web\&cache_filename=.+\.php.+IMresizedData=\<\?php
66	\w+=\d+\'($\|\s)
67	(\b(m(s(ysaccessobjects\|ysaces\|ysobjects\|ysqueries\|ysrelationships\|ysaccessstorage\|ysaccessxml\|ysmodules\|ysmodules2\|db)\|aster\.\.sysdatabases\|ysql\.db)\b\|s(ys(\.database_name\|aux)\b\|chema(\W\(\|_name\b)\|qlite(_temp)?_master\b)\|d(atabas\|b_nam)e\W\(\|information_schema\b\|pg_(catalog\|toast)\b\|northwind\b\|tempdb\b))
68	sleep$(\s?)(\d?)(\s*?)$\|benchmark$(.{0,50}?),(.{0,50}?)$
69	(((select\|;)\s+(benchmark\|if\|sleep)\s?\(\s?\(?\s*?\w+))
70	((alter\s?\w+.{0,50}?(character\|char)\s+set\s+\w+)\|([\"'`];?\s?waitfor\s+(time\|delay)\s+[\"'`])\|([\"'`];.{0,50}\s?\Wgoto\W))
71	(^\|\W)union(.\|\s){1,50}select(.\|\s){1,50}from\W
72	((select\s?pg_sleep)\|(waitfor\s?delay\s?[\"'`]+\s?\d)\|(;\s?shutdown\s?(;\|--\|#\|\/\*\|\{)))
73	["\[]\$(ne\|eq\|lte?\|gte?\|n?in\|mod\|all\|size\|exists\|type\|slice\|x?or\|div\|like\|between\|and\|where)["\]]
74	((procedure\s+analyse\s?$)\|(;\s?(declare\|open)\s+[\w-]+)\|(create\s+(procedure\|function)\s?\w+\s?\(\s?$\s?-)\|(declare[^\w]+[@#]\s?\w+)\|(exec\s?\(\s*?@))
75	xp_(servicecontrol\|regread\|regwrite\|regdeletevalue\|regdeletekey\|fileexist\|enumerrorlogs\|readerrorlogs\|enumdsn\|enumgroups\|ntsec_enumdomains)
76	(^\|&)src=[^&]*?(http\|ftp)
77	[?&]home=[^&]*?(http\|ftp)
78	[?&]size=[^&]*?\x3b
79	\[\#markup\]\=\S+\s+\S+
80	information(_\|\.)schema
81	(\s\|\+)(infile\|outfile\|dumpfile)(\s\|\+)
82	\s;\s
83	/%?\(.\|\s){0,50}\%?/
84	((/%?\(.\|\s){0,50}\%?/)(.\|\s){0,50}){3,}
85	name\[\d+.{20,}\]
86	admin(istrator)?'--
87	^(file\|ftps?\|https?)://(.{0,500})$
88	%0(.\|\s){0,50}([a-z]%){3,}
89	(%\w%.{0,50}){5,}
90	(^\|\W)response\.(write\|flush\|clear)\(
91	\w=\/?\.{1,2}(\\\|\/)
92	\$_\w{1,15}\[
93	auto_prepend_file\|auto_append_file
94	include.?dir\x3D
95	path=(https?\|ftps?\|php)
96	php\?goto=(https?\|ftps?\|php)
97	/(admin/addcontent\.inc\|images/psg)\.php
98	[^-:\.\w\\|]exec[^-:\.\w\\|\/]
99	(^\|\W)die\(
100	(.{1,50}$.{1,50}$){3,}
101	\.(.{0,250})~($\|\s)
102	src=https?\x3a\x2f[^\x26\x20]*?(\x24\x28\|%24%28)
103	\.(gemfile\|gemfile\|rb\|irbrc)($\|\s\|\:)
104	\.(bzr\|project\|sublime(-workspace)?\|md\|svn\|gitkeep\|s3cfg\|(git\|hg\|cvs)(ignore)?\|subversion\|csproj\|(ftp)?config\|cfg\|atom\|vb\|vscode\|circleci\|npmrc)($\|\s\|\/\|\:)
105	\.php[^3-7\/s][\w\-\_~]*(\.\w+)?$
106	\.(py\|pl\|cgi)($\|\s\|\:)
107	\.(jar\|jsp\|jspx\|jspf\|java\|coffee\|war\|yml\|cfm)($\|\s\|\:)
108	\.(conf\|ssh\|ini\|inc\|env\|inc\|viminfo\|properties\|dead\.letter\|passwd\|schema)($\|\s\|\:)
109	\.(phpinc\|save\|sav\|swp\|swo\|lock\|old\|orig\|log\|tmp\|temp\|restore\|suspected)($\|\s\|\:)
110	\.(bz2\|gz\|tar\|xz\|lzma)($\|\s\|\:)
111	^/wp-content/plugins/($\|\s)
112	/wp-content/plugins/.{1,50}/cache/
113	\.(mdb\|db\|sqlite\|sql)($\|\s\|\:)
114	id_(rsa\|dsa)\.ppk($\|\s\|\:)
115	etc/(passwd\|shadow)
116	\W(win\|system\|php)\.ini
117	\.(ksh\|rsh\|tcsh\|csh\|zsh\|zshrc\|bash\|bash_profile\|rksh\|sh_history)($\|\s\|\:)
118	\.(bat\|exe\|dll\|dat)($\|\s\|\:)
119	%psmodulepath%\|%public%\|%appdata%\|%localappdata%
120	%allusersprofile%\|%userdata%\|%username%\|%userprofile%
121	%homedrive%\|%homepath%
122	%systemdrive%\|%systemroot%\|%windir%\|%comspec%
123	%path%\|%pathext%
124	%computername%\|%logonserver%\|%prompt%\|%userdomain%
125	/(global\|dnewsweb\|swsrv\|ikonboard)\.cgi
126	/(ksh\|rsh\|tcsh\|csh\|zsh\|zshrc\|bash\|bash_profile\|rksh)($\|\s)
127	\/(math_sum.mscgi\|htsearch\|printenv\|db2www\|document.d2w)
128	php(pg\|my)admin
129	stdin\|stdout\|stderr
130	/dev/(tcp\|udp)
131	(^\|\W)php(_uname\|credits\|info\|version)\(
132	/~(root\|ftp\|nobody)
133	[^/]https?:/
134	(phpinfo\|phpsysinfo)\.php
135	phpe9568f3(4\|5\|6)-d428-11d2-a769-00aa001acf42
136	/_vti_(adm\|bin)/
137	act=\S+&(d\|f)=
138	act=(fxmailselfremove\|encoder\|eval\|sql\|phpinfo)
139	_act=(execute\|list\s+files\|upload)
140	(\s\|\+\|#)cmd=
141	c999sh_surl\|c999shvars
142	adminer.*\.php
143	(wso\|r57\|r57shell)\.php
144	/plugins/system/.{1,50}\.php
145	\.(key\|pem\|id_rsa\|id_dsa)($\|\s)
146	\.(sh\|bash\|nano\|irb\|psql\|mysql)_history($\|\s)
147	\.(bac\|bak\|bkp\|bkf\|bkp\|back\|backup\|bakup)($\|\s)
148	\.(history\|histfile)($\|\s)
149	nessus\|acunetix\|nmap\|sqlmap\|[nw]ikto\|dirbuster\|gobuster\|w3af\|webster\|openvas\|meterpreter\|network-services-auditor\|wpscan\|hydra\|XSpider\|Nuclei\|l9explore
150	absinthe\|autogetcolumn\|bsqlbf\|cisco-torch\|crimscanner\|appscan_fingerprint\|amiga-aweb\|digimarc webreader
151	sql\s+power\s+injector\|dav\.pm\|prog.customcrawler\|whcc\|grendel-scan\|masscan
152	shellshock-scan\|thanks-rob\|WebCruiser\|webinspect\|whisker\|chinaclaw\|whatweb\|wordpress hash grabber
153	mysqloit\|netsparker\|paros\|pavuk\|uil2pn\|friendly-scanner\|sundayddr\|zmeu\|sqlspider\|Evasions
154	apachebench\|datacha0s\|nv32ts\|brutus\|arachni\|synapse\|havij\|sucuri\|sitelock\|scanalert
155	http_get_vars\|n-stealth\|picscout\|t34mh4k\|webshag\|mozilla/\d+\.\d+\s+sf
156	php/\d+\.\|python-httplib\|winhttprequest\|pymills-spider/\|^\.
157	boundary=\S+[,\|;]
158	(\\[0-7]{1,3}){3,}
159	&#\d+;?
160	(&#x[2-7]\w;(.\|\s){0,50}){5,}
161	(file\|ftps?\|https?)://(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
162	((merge.{0,50}?using\s?\()\|(execute\s?immediate\s?[\"'`])\|(match\s?[\w(),+-]+\s?against\s?\())
163	(^\|\W)(un)?hex\(
164	<[\s\+]![\s\+](doctype\|entity)[\s\+]+%[\s\+][a-za-z1-9_-]*[\s\+]+system
165	multipart/form-data;\s*boundary=[a-zA-Z0-9_-]{4000,}
166	$\s{0,50}$\s{0,50}\{\s{0,50}\:
167	script_fields.{0,50}import.{0,50}java\.util
168	\.\./\|php
169	['"`)][\s\+](OR\|AND\|\\|\\|\|\&\&)(\s+NOT)?[\s\+]+(.{1,25})[\s\+]([\!\<\>]?\=\|\<\|\>)[\s\+]*(.{1,25})
170	(^\|\W)((var)?char\|chr)\W=\W["']
171	(^\|\W)name_const\(
172	\.([~-][\w]?\|\$+)($\|\s\|\:)
173	\w=\/(etc\|usr\|var\|bin\|sbin\|lib\|lib64\|run\|sys\|dev\|root\|home\|opt\|srv\|mnt)\/
174	(^\|\W)draggable(\s\|\+)*\=
175	filename\s=\s.+\.(php\|pht\|py\|js\W\|rb\|pl\|pm\|cgi\|aspx)
176	(^\|\W)xbshell\W
177	(^\|\W)union(\s\|\+)+(all(\s\|\+)+)?select\W
178	(^\|\W)convert\(
179	(^\|\W)(md5\|crc32\|sha1\|hash\|crypt)\(
180	(^\|\W)HashBytes\(
181	(^\|\W)extractvalue\(
182	waitfor(\s\|\+)+delay\W
183	img(\s\|\+)*src=\"?(https?\:\/\/)?[\w\|\.\|\-\|\/]+\.(txt\|php\|py\|cgi\|asp)
184	\s(OR\|\\|\\|\|AND\|\&\&)(\snot)?\s(['")]\w['"(]\|\w)\s[!]?=\s(['")]\w['"(]\|\w)\s*\-\-
185	(^\|\W)function\(
186	(sql\|old\|bkp\|bck\|bckp\|back\|backup\|archive)\.(zip\|rar\|7zip\|bz2\|gz\|xz\|lzma\|tar\|gz\|tar\.gz)($\|\s\|\:)
187	(^\|\W)includecomponent\(
188	(^\|\W)__schema\W*\{
189	\/\.\.[\;\+]
190	(^\|\W)script[\s\+]+xmlns
191	(^\|\W)tostring\(
192	(^\|\W)shell_exec\(
193	\=[\s\+]\$\{\w+[\+\-\\/]\w+\}
194	(^\|\W)nslookup\W
195	\\|[\s\+]([\/](\w\|\.)+[\/]+)?(bash\|perl\|python\|php)\W
196	(^\|\W)gethostbyname\(
197	['"`)][\s\+]*(OR\|AND\|\\|\\|\|\&\&)(\s+NOT)?[\s\+\"\']+(.{1,25})[\s\+\"\']+([\!\<\>]?\=\|\<\|\>)[\s\+\"\']+(.{1,25})
198	bxss\W*\.me
199	on(waiting\|pause\|show\|start\|end\|unload\|drop\|submit\|close\|after(print\|scriptexecute)\|contextmenu\|cellchange)(\s\|\+)*\=
200	on(cuechange\|(de)?activate\|finish\|fullscreenchange\|hashchange\|invalid\|message\|repeat)(\s\|\+)*\=
201	on(resize\|scroll\|search\|seeked\|seeking\|timeupdate\|touchend\|touchmove\|touchstart\|volumechange)(\s\|\+)*\=
202	on(mozfullscreenchange\|pagehide\|pageshow\|popstate\|progress\|readystatechange\|transitioncancel\|transitionrun\|transitionstart\|unhandledrejection)(\s\|\+)*\=
203	onwebkitanimation(end\|iteration\|start\|end)(\s\|\+)*\=
204	onbefore((de)?activate\|copy\|cut\|editfocus\|paste\|update\|scriptexecute)(\s\|\+)*\=
205	onpointer(down\|enter\|leave\|move\|out\|over\|rawupdate\|up)(\s\|\+)*\=
206	onanimation(cancel\|iteration\|start\|end)(\s\|\+)*\=
207	(^\|\W)strrev\(
208	(djy\|qpy)l18\.com
209	(^\|\W)execute\(
210	(^\|\W)(atob\|btoa)\(
211	(^\|\W)get(Runtime\|Response\|Writer\|Property\|InputStream)\(
212	(^\|\W)substring\(
213	(^\|\W)starts-with\(
214	(^\|\W)contains\(
215	(^\|\W)match\(
216	(^\|\W)document\[('\|"\|`)\w+('\|"\|`)\]
217	(^\|\W)confirm(\.call)?\(
218	(^\|\W)array\(
219	=\$\{\d+[+\-*%]\d+\}
220	(^\|\W)start-sleep[\s\+]+\-
221	(^\|\W)passthru\(
222	(^\|\W)sleep\(
223	(^\|\W)typeof\(
224	\Wisfinite\(
225	(^\|\W)sleep[\s\+]+\d
226	(^\|\W)prompt(\.call)?[(,`]
227	(^\|\W)substr\(
228	(^\|\W)ord\(
229	(^\|\W)mid\(
230	(^\|\W)ifnull\(
231	(^\|\W)cast\(
232	(^\|\W)database\(
233	(^\|\W)require\(
234	(^\|\W)endianness\(
235	(^\|\W)fillrect\(
236	@Grab(Config\|Resolver)?\(
237	(^\|\W)r87\.(com\|me)\W
238	(^\|\W)echo(\s\|\+)+\$\(
239	(^\|\W)echo(\s\|\+)+(\-\w+(\s\|\+)+)?[\'\"\`]
240	(database\|db\|dump)\.tar(\.gz)?($\|\s\|\:)
241	(^\|\W)alert\.name\W
242	config\.inc(\.(bz2\|gz\|xz\|tar(\.(bz2\|gz\|lzma\|xz))?))?($\|\s\|\:)
243	config\.(bz2\|gz\|xz\|tar(\.(bz2\|gz\|lzma\|xz))?)($\|\s\|\:)
244	(^\|\W)db.bz2($\|\s\|\:)
245	(^\|\W)cat_code\W
246	(^\|\W)(un)?escape\W
247	(^\|\W)updatexml\(
248	(^\|\W)valueOf\W*(\(\|\'\|\"\|.)
249	(^\|\W)window\.[a-z]
250	(^\|\W)(global\|window)eventhandlers\.[a-z]
251	(^\|\W)globalthis\W
252	(^\|\W)fopen\(
253	(^\|\W)f(write\|puts)\(
254	(^\|\W)printenv\W
255	(^\|\W)ini_set\(
256	(^\|\W)isset\(
257	\/wp-config\.(orig\|txt\|php[._](bak\|old\|new))
258	jndi\:(dns\|rmi\|iiop\|ldap)\:\/\/
259	\$\{(lower\|upper)\:
260	\$[\\]?\{\:\:\-[jndilaprmso][\\]?\}
261	\$[\\]?\{env\:ENV_NAME\:\-[jndilaprmso][\\]?\}
262	\.pydevproject($\|\s\|\:)
263	(alfa_data\|alfacgiapi\|cgialfa)\/.{0,50}\.alfa($\|\s\|\/\|\:)
264	\/(db\|backup\|config)\d*\.(bz2\|gz\|tar\|xz\|lzma)($\|\s\|\:)
265	(^\|\W)var_dump\(
266	CensysInspect\|censys\.io
267	\.(git\|svn)
268	while\s*\(
269	\.queryselector(all)?\(
270	reflect\.(apply\|cons\|def\|del\|get\|has\|isext\|own\|prev\|set)
271	(^\|\W)(wget\|curl)\W
272	(^\|\W)alert\W
273	\{\sphp\s\}
274	(^\|\W)window\[
275	(^\|\W)attr\(
276	:[\/\\]+windows[\/\\]+
277	['"][\s+];[\s+]return[\s+]
278	;[\s+]*([\/]([usrbinloca?]{3,5}[\/]){1,4})?([cat?]{3,3}\|[les?]{4,4})[\s+]+[\/]?\w+
279	echo[\s+]+var
280	exec[\s+]+cmd
281	(^\|\W)location\.(ancestor\|href\|protocol\|host\|pathname\|search\|hash\|origin)
282	top\[.{1,50}\]\(
283	&([lr]par\|quot\|apos\|grave\|tab\|nbsp);
284	\/(etc\|usr\|var\|bin\|sbin)\/
285	\{\{[_]self.\}\}
286	ondata(available\|setchanged\|setcomplete)?(\s\|\+)*\=
287	ondrag(end\|enter\|leave\|start\|over)?(\s\|\+)*\=
288	onmove(end\|start)?(\s\|\+)*\=
289	onrow(enter\|exit\|s(delete\|inserted))(\s\|\+)*\=
290	on(load(start\|eddata)?\|focus(in\|out)?\|key(down\|press\|up)\|pointer(over\|enter\|down\|move\|up\|cancel\|out\|leave))(\s\|\+)*\=
291	\$(ne\|eq\|lte?\|gte?\|n?in\|mod\|all\|size\|exists\|type\|slice\|x?or\|div\|like\|between\|and\|where):
292	\.oast\.(me\|pro)
293	\$0\s<<<\s\$
294	(^\|\W)printf\W

Добавить сигнатуру