mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
48 lines
1.3 KiB
YAML
48 lines
1.3 KiB
YAML
id: bash-scanner
|
||
|
||
info:
|
||
name: Bash Scanner
|
||
author: ransomsec
|
||
severity: info
|
||
description: Indicator for bash Dangerous Commands – You Should Never Execute on Linux
|
||
reference:
|
||
- https://www.tecmint.com/10-most-dangerous-commands-you-should-never-execute-on-linux/
|
||
- https://phoenixnap.com/kb/dangerous-linux-terminal-commands
|
||
tags: bash,file,shell,sh
|
||
|
||
file:
|
||
- extensions:
|
||
- sh
|
||
|
||
extractors:
|
||
- type: regex
|
||
name: fork-bomb
|
||
regex:
|
||
- ":(){:|:&};:"
|
||
|
||
- type: regex
|
||
name: rm command found
|
||
regex:
|
||
- "rm -(f|r)"
|
||
- "rm -(fr|rf)"
|
||
|
||
- type: regex
|
||
name: code injection
|
||
regex:
|
||
- "/bin/(sh|bash) -"
|
||
- "eval"
|
||
- "echo -c"
|
||
- "/bin/(sh|bash) -c"
|
||
- "(sh|bash) -"
|
||
- "(sh|bash) -c"
|
||
|
||
- type: regex
|
||
name: file manipulation
|
||
regex:
|
||
- "cat /dev/null >"
|
||
|
||
- type: regex
|
||
name: unknown filedownload
|
||
regex:
|
||
- '(wget|curl) (https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]\.[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]$'
|
||
# digest: 4a0a004730450221009d958257bd9ea7aa63ea47fb4e99dde8f10a3c9899c1d9b1af8ae2f2d914d8290220350c7869bfb9bf6e242475bda1bd3bae8410b28d2288c03e6b139552091123f5:922c64590222798bb761d5b6d8e72950 |