├── Behinder ├── Behinder3.rules └── README.md ├── CVE ├── Apache Nifi API RCE │ ├── Apache-Nifi-API-RCE.rules │ └── README.md ├── CVE-2020-10148 │ ├── CVE-2020-10148 │ └── README.md ├── CVE-2020-12146 │ ├── CVE-2020-12146.rules │ └── README.md ├── CVE-2020-13942 │ ├── CVE-2020-13942.rules │ └── README.md ├── CVE-2020-14750 │ ├── CVE-2020-14750.rules │ └── README.md ├── CVE-2020-16846 │ ├── CVE-2020-16846.rules │ └── README.md ├── CVE-2020-17132 │ ├── CVE-2020-17132.rules │ └── README.md ├── CVE-2020-17141 │ ├── CVE-2020-17141.rules │ └── README.md ├── CVE-2020-17143 │ ├── CVE-2020-17143.rules │ └── README.md ├── CVE-2020-26073 │ ├── CVE-2020-26073.rules │ └── README.md ├── CVE-2020-27130 │ ├── CVE-2020-27130.rules │ └── README.md ├── CVE-2020-27131 │ ├── CVE-2020-27131.rules │ └── README.md ├── CVE-2020-3984 │ ├── CVE-2020-3984.rules │ └── README.md ├── CVE-2020-4000 │ ├── CVE-2020-4000.rules │ └── README.md ├── CVE-2020-4001 │ ├── CVE-2020-4001.rules │ └── README.md ├── CVE-2020-8209 │ ├── CVE-2020-8209.rules │ └── README.md ├── CVE-2020-8271 │ ├── CVE-2020-8271.rules │ └── README.md ├── CVE-2021-2109 │ ├── CVE-2021-2109.rules │ └── README.md ├── LICENSE └── README.md ├── CobaltStrike ├── README.md └── cobaltstrike.rules ├── Crypto_miner_pool ├── README.md └── crypto-Miners_public_pools.rules ├── DNS_tunnel ├── README.MD └── dnstunnel.rules ├── ICMP_tunnel └── icmp_tunnel.rules ├── Malicious_behavior ├── Maliciousbehavior.rules ├── Mining_Behavior_Detection.rules ├── README.md └── windows_cmdshell反弹信息.pcap ├── Metasploit ├── README.md └── metasploit.rules ├── Mysql └── mysql_general_log_file.rules ├── PHP_Weevely_Webshell ├── README.md └── weevely.rules ├── PowerShell_Empire ├── README.md └── empire.rules ├── README.md ├── README.zh-CN.md ├── disable.conf ├── sid.txt ├── suricata-ids.rules └── webshell_caidao ├── README.md ├── caidao连接请求 列目录等.pcap └── webshell.rules /Behinder/Behinder3.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/Behinder/Behinder3.rules -------------------------------------------------------------------------------- /Behinder/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/Behinder/README.md -------------------------------------------------------------------------------- /CVE/Apache Nifi API RCE/Apache-Nifi-API-RCE.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/Apache Nifi API RCE/Apache-Nifi-API-RCE.rules -------------------------------------------------------------------------------- /CVE/Apache Nifi API RCE/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/Apache Nifi API RCE/README.md -------------------------------------------------------------------------------- /CVE/CVE-2020-10148/CVE-2020-10148: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-10148/CVE-2020-10148 -------------------------------------------------------------------------------- /CVE/CVE-2020-10148/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-10148/README.md -------------------------------------------------------------------------------- /CVE/CVE-2020-12146/CVE-2020-12146.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-12146/CVE-2020-12146.rules -------------------------------------------------------------------------------- /CVE/CVE-2020-12146/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-12146/README.md -------------------------------------------------------------------------------- /CVE/CVE-2020-13942/CVE-2020-13942.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-13942/CVE-2020-13942.rules -------------------------------------------------------------------------------- /CVE/CVE-2020-13942/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-13942/README.md -------------------------------------------------------------------------------- /CVE/CVE-2020-14750/CVE-2020-14750.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-14750/CVE-2020-14750.rules -------------------------------------------------------------------------------- /CVE/CVE-2020-14750/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-14750/README.md -------------------------------------------------------------------------------- /CVE/CVE-2020-16846/CVE-2020-16846.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-16846/CVE-2020-16846.rules -------------------------------------------------------------------------------- /CVE/CVE-2020-16846/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-16846/README.md -------------------------------------------------------------------------------- /CVE/CVE-2020-17132/CVE-2020-17132.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-17132/CVE-2020-17132.rules -------------------------------------------------------------------------------- /CVE/CVE-2020-17132/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-17132/README.md -------------------------------------------------------------------------------- /CVE/CVE-2020-17141/CVE-2020-17141.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-17141/CVE-2020-17141.rules -------------------------------------------------------------------------------- /CVE/CVE-2020-17141/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-17141/README.md -------------------------------------------------------------------------------- /CVE/CVE-2020-17143/CVE-2020-17143.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-17143/CVE-2020-17143.rules -------------------------------------------------------------------------------- /CVE/CVE-2020-17143/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-17143/README.md -------------------------------------------------------------------------------- /CVE/CVE-2020-26073/CVE-2020-26073.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-26073/CVE-2020-26073.rules -------------------------------------------------------------------------------- /CVE/CVE-2020-26073/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-26073/README.md -------------------------------------------------------------------------------- /CVE/CVE-2020-27130/CVE-2020-27130.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-27130/CVE-2020-27130.rules -------------------------------------------------------------------------------- /CVE/CVE-2020-27130/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-27130/README.md -------------------------------------------------------------------------------- /CVE/CVE-2020-27131/CVE-2020-27131.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-27131/CVE-2020-27131.rules -------------------------------------------------------------------------------- /CVE/CVE-2020-27131/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-27131/README.md -------------------------------------------------------------------------------- /CVE/CVE-2020-3984/CVE-2020-3984.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-3984/CVE-2020-3984.rules -------------------------------------------------------------------------------- /CVE/CVE-2020-3984/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-3984/README.md -------------------------------------------------------------------------------- /CVE/CVE-2020-4000/CVE-2020-4000.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-4000/CVE-2020-4000.rules -------------------------------------------------------------------------------- /CVE/CVE-2020-4000/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-4000/README.md -------------------------------------------------------------------------------- /CVE/CVE-2020-4001/CVE-2020-4001.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-4001/CVE-2020-4001.rules -------------------------------------------------------------------------------- /CVE/CVE-2020-4001/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-4001/README.md -------------------------------------------------------------------------------- /CVE/CVE-2020-8209/CVE-2020-8209.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-8209/CVE-2020-8209.rules -------------------------------------------------------------------------------- /CVE/CVE-2020-8209/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-8209/README.md -------------------------------------------------------------------------------- /CVE/CVE-2020-8271/CVE-2020-8271.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-8271/CVE-2020-8271.rules -------------------------------------------------------------------------------- /CVE/CVE-2020-8271/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2020-8271/README.md -------------------------------------------------------------------------------- /CVE/CVE-2021-2109/CVE-2021-2109.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2021-2109/CVE-2021-2109.rules -------------------------------------------------------------------------------- /CVE/CVE-2021-2109/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/CVE-2021-2109/README.md -------------------------------------------------------------------------------- /CVE/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/LICENSE -------------------------------------------------------------------------------- /CVE/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CVE/README.md -------------------------------------------------------------------------------- /CobaltStrike/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CobaltStrike/README.md -------------------------------------------------------------------------------- /CobaltStrike/cobaltstrike.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/CobaltStrike/cobaltstrike.rules -------------------------------------------------------------------------------- /Crypto_miner_pool/README.md: -------------------------------------------------------------------------------- 1 | ### crypto miners public pools 2 | 3 | 常见公共矿池地址 4 | 5 | [reference](https://gist.github.com/GelosSnake/e116ebf3b7fa0579965e25fa4d758d41) -------------------------------------------------------------------------------- /Crypto_miner_pool/crypto-Miners_public_pools.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/Crypto_miner_pool/crypto-Miners_public_pools.rules -------------------------------------------------------------------------------- /DNS_tunnel/README.MD: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/DNS_tunnel/README.MD -------------------------------------------------------------------------------- /DNS_tunnel/dnstunnel.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/DNS_tunnel/dnstunnel.rules -------------------------------------------------------------------------------- /ICMP_tunnel/icmp_tunnel.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/ICMP_tunnel/icmp_tunnel.rules -------------------------------------------------------------------------------- /Malicious_behavior/Maliciousbehavior.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/Malicious_behavior/Maliciousbehavior.rules -------------------------------------------------------------------------------- /Malicious_behavior/Mining_Behavior_Detection.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/Malicious_behavior/Mining_Behavior_Detection.rules -------------------------------------------------------------------------------- /Malicious_behavior/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/Malicious_behavior/README.md -------------------------------------------------------------------------------- /Malicious_behavior/windows_cmdshell反弹信息.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/Malicious_behavior/windows_cmdshell反弹信息.pcap -------------------------------------------------------------------------------- /Metasploit/README.md: -------------------------------------------------------------------------------- 1 | ### msfconsole powershell response 2 | -------------------------------------------------------------------------------- /Metasploit/metasploit.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/Metasploit/metasploit.rules -------------------------------------------------------------------------------- /Mysql/mysql_general_log_file.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/Mysql/mysql_general_log_file.rules -------------------------------------------------------------------------------- /PHP_Weevely_Webshell/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/PHP_Weevely_Webshell/README.md -------------------------------------------------------------------------------- /PHP_Weevely_Webshell/weevely.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/PHP_Weevely_Webshell/weevely.rules -------------------------------------------------------------------------------- /PowerShell_Empire/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/PowerShell_Empire/README.md -------------------------------------------------------------------------------- /PowerShell_Empire/empire.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/PowerShell_Empire/empire.rules -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/README.md -------------------------------------------------------------------------------- /README.zh-CN.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/README.zh-CN.md -------------------------------------------------------------------------------- /disable.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/disable.conf -------------------------------------------------------------------------------- /sid.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/sid.txt -------------------------------------------------------------------------------- /suricata-ids.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/suricata-ids.rules -------------------------------------------------------------------------------- /webshell_caidao/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/webshell_caidao/README.md -------------------------------------------------------------------------------- /webshell_caidao/caidao连接请求 列目录等.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/webshell_caidao/caidao连接请求 列目录等.pcap -------------------------------------------------------------------------------- /webshell_caidao/webshell.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/al0ne/suricata-rules/HEAD/webshell_caidao/webshell.rules --------------------------------------------------------------------------------