dd-trace
Version:
Datadog APM tracing client for JavaScript
1,198 lines • 175 kB
JSON
{
"version": "2.1",
"rules": [
{
"id": "crs-913-110",
"name": "Found request header associated with Acunetix security scanner",
"tags": {
"type": "security_scanner",
"crs_id": "913110",
"category": "attack_attempt"
},
"conditions": [
{
"parameters": {
"inputs": [
{
"address": "server.request.headers.no_cookies"
}
],
"list": [
"acunetix-product",
"(acunetix web vulnerability scanner",
"acunetix-scanning-agreement",
"acunetix-user-agreement"
]
},
"operator": "phrase_match"
}
],
"transformers": [
"lowercase"
]
},
{
"id": "crs-913-120",
"name": "Found request filename/argument associated with security scanner",
"tags": {
"type": "security_scanner",
"crs_id": "913120",
"category": "attack_attempt"
},
"conditions": [
{
"parameters": {
"inputs": [
{
"address": "server.request.query"
},
{
"address": "server.request.body"
},
{
"address": "server.request.path_params"
}
],
"list": [
"/.adsensepostnottherenonobook",
"/<invalid>hello.html",
"/actsensepostnottherenonotive",
"/acunetix-wvs-test-for-some-inexistent-file",
"/antidisestablishmentarianism",
"/appscan_fingerprint/mac_address",
"/arachni-",
"/cybercop",
"/nessus_is_probing_you_",
"/nessustest",
"/netsparker-",
"/rfiinc.txt",
"/thereisnowaythat-you-canbethere",
"/w3af/remotefileinclude.html",
"appscan_fingerprint",
"w00tw00t.at.isc.sans.dfind",
"w00tw00t.at.blackhats.romanian.anti-sec"
]
},
"operator": "phrase_match"
}
],
"transformers": [
"lowercase"
]
},
{
"id": "crs-920-260",
"name": "Unicode Full/Half Width Abuse Attack Attempt",
"tags": {
"type": "http_protocol_violation",
"crs_id": "920260",
"category": "attack_attempt"
},
"conditions": [
{
"parameters": {
"inputs": [
{
"address": "server.request.uri.raw"
}
],
"regex": "\\%u[fF]{2}[0-9a-fA-F]{2}",
"options": {
"case_sensitive": true,
"min_length": 6
}
},
"operator": "match_regex"
}
],
"transformers": []
},
{
"id": "crs-921-110",
"name": "HTTP Request Smuggling Attack",
"tags": {
"type": "http_protocol_violation",
"crs_id": "921110",
"category": "attack_attempt"
},
"conditions": [
{
"parameters": {
"inputs": [
{
"address": "server.request.query"
},
{
"address": "server.request.body"
},
{
"address": "server.request.path_params"
}
],
"regex": "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\s+[^\\s]+\\s+http/\\d",
"options": {
"case_sensitive": true,
"min_length": 12
}
},
"operator": "match_regex"
}
],
"transformers": [
"lowercase"
]
},
{
"id": "crs-921-140",
"name": "HTTP Header Injection Attack via headers",
"tags": {
"type": "http_protocol_violation",
"crs_id": "921140",
"category": "attack_attempt"
},
"conditions": [
{
"parameters": {
"inputs": [
{
"address": "server.request.headers.no_cookies"
}
],
"regex": "[\\n\\r]",
"options": {
"case_sensitive": true,
"min_length": 1
}
},
"operator": "match_regex"
}
],
"transformers": []
},
{
"id": "crs-921-160",
"name": "HTTP Header Injection Attack via payload (CR/LF and header-name detected)",
"tags": {
"type": "http_protocol_violation",
"crs_id": "921160",
"category": "attack_attempt"
},
"conditions": [
{
"parameters": {
"inputs": [
{
"address": "server.request.query"
},
{
"address": "server.request.path_params"
}
],
"regex": "[\\n\\r]+(?:\\s|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))\\s*:",
"options": {
"case_sensitive": true,
"min_length": 3
}
},
"operator": "match_regex"
}
],
"transformers": [
"lowercase"
]
},
{
"id": "crs-930-100",
"name": "Obfuscated Path Traversal Attack (/../)",
"tags": {
"type": "lfi",
"crs_id": "930100",
"category": "attack_attempt"
},
"conditions": [
{
"parameters": {
"inputs": [
{
"address": "server.request.uri.raw"
},
{
"address": "server.request.headers.no_cookies"
}
],
"regex": "(?:\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\\.))|\\.(?:%0[01]|\\?)?|\\?\\.?|0x2e){2}(?:\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|/))",
"options": {
"min_length": 4
}
},
"operator": "match_regex"
}
],
"transformers": []
},
{
"id": "crs-930-110",
"name": "Simple Path Traversal Attack (/../)",
"tags": {
"type": "lfi",
"crs_id": "930110",
"category": "attack_attempt"
},
"conditions": [
{
"parameters": {
"inputs": [
{
"address": "server.request.uri.raw"
},
{
"address": "server.request.headers.no_cookies"
}
],
"regex": "(?:(?:^|[\\\\/])\\.\\.[\\\\/]|[\\\\/]\\.\\.(?:[\\\\/]|$))",
"options": {
"case_sensitive": true,
"min_length": 3
}
},
"operator": "match_regex"
}
],
"transformers": [
"removeNulls"
]
},
{
"id": "crs-930-120",
"name": "OS File Access Attempt",
"tags": {
"type": "lfi",
"crs_id": "930120",
"category": "attack_attempt"
},
"conditions": [
{
"parameters": {
"inputs": [
{
"address": "server.request.cookies"
},
{
"address": "server.request.query"
},
{
"address": "server.request.body"
},
{
"address": "server.request.path_params"
},
{
"address": "grpc.server.request.message"
}
],
"list": [
".htaccess",
".htdigest",
".htpasswd",
".addressbook",
".aptitude/config",
".bash_config",
".bash_history",
".bash_logout",
".bash_profile",
".bashrc",
".cache/notify-osd.log",
".config/odesk/odesk team.conf",
".cshrc",
".dockerignore",
".drush/",
".eslintignore",
".fbcindex",
".forward",
".git",
".gitattributes",
".gitconfig",
".gnupg/",
".hplip/hplip.conf",
".ksh_history",
".lesshst",
".lftp/",
".lhistory",
".lldb-history",
".local/share/mc/",
".lynx_cookies",
".my.cnf",
".mysql_history",
".nano_history",
".node_repl_history",
".pearrc",
".php_history",
".pinerc",
".pki/",
".proclog",
".procmailrc",
".psql_history",
".python_history",
".rediscli_history",
".rhistory",
".rhosts",
".sh_history",
".sqlite_history",
".ssh/authorized_keys",
".ssh/config",
".ssh/id_dsa",
".ssh/id_dsa.pub",
".ssh/id_rsa",
".ssh/id_rsa.pub",
".ssh/identity",
".ssh/identity.pub",
".ssh/known_hosts",
".subversion/auth",
".subversion/config",
".subversion/servers",
".tconn/tconn.conf",
".tcshrc",
".vidalia/vidalia.conf",
".viminfo",
".vimrc",
".www_acl",
".wwwacl",
".xauthority",
".zhistory",
".zshrc",
".zsh_history",
".nsconfig",
"etc/redis.conf",
"etc/redis-sentinel.conf",
"etc/php.ini",
"bin/php.ini",
"etc/httpd/php.ini",
"usr/lib/php.ini",
"usr/lib/php/php.ini",
"usr/local/etc/php.ini",
"usr/local/lib/php.ini",
"usr/local/php/lib/php.ini",
"usr/local/php4/lib/php.ini",
"usr/local/php5/lib/php.ini",
"usr/local/apache/conf/php.ini",
"etc/php4.4/fcgi/php.ini",
"etc/php4/apache/php.ini",
"etc/php4/apache2/php.ini",
"etc/php5/apache/php.ini",
"etc/php5/apache2/php.ini",
"etc/php/php.ini",
"etc/php/php4/php.ini",
"etc/php/apache/php.ini",
"etc/php/apache2/php.ini",
"web/conf/php.ini",
"usr/local/zend/etc/php.ini",
"opt/xampp/etc/php.ini",
"var/local/www/conf/php.ini",
"etc/php/cgi/php.ini",
"etc/php4/cgi/php.ini",
"etc/php5/cgi/php.ini",
"home2/bin/stable/apache/php.ini",
"home/bin/stable/apache/php.ini",
"etc/httpd/conf.d/php.conf",
"php5/php.ini",
"php4/php.ini",
"php/php.ini",
"windows/php.ini",
"winnt/php.ini",
"apache/php/php.ini",
"xampp/apache/bin/php.ini",
"netserver/bin/stable/apache/php.ini",
"volumes/macintosh_hd1/usr/local/php/lib/php.ini",
"etc/mono/1.0/machine.config",
"etc/mono/2.0/machine.config",
"etc/mono/2.0/web.config",
"etc/mono/config",
"usr/local/cpanel/logs/stats_log",
"usr/local/cpanel/logs/access_log",
"usr/local/cpanel/logs/error_log",
"usr/local/cpanel/logs/license_log",
"usr/local/cpanel/logs/login_log",
"var/cpanel/cpanel.config",
"var/log/sw-cp-server/error_log",
"usr/local/psa/admin/logs/httpsd_access_log",
"usr/local/psa/admin/logs/panel.log",
"var/log/sso/sso.log",
"usr/local/psa/admin/conf/php.ini",
"etc/sw-cp-server/applications.d/plesk.conf",
"usr/local/psa/admin/conf/site_isolation_settings.ini",
"usr/local/sb/config",
"etc/sw-cp-server/applications.d/00-sso-cpserver.conf",
"etc/sso/sso_config.ini",
"etc/mysql/conf.d/old_passwords.cnf",
"var/log/mysql/mysql-bin.log",
"var/log/mysql/mysql-bin.index",
"var/log/mysql/data/mysql-bin.index",
"var/log/mysql.log",
"var/log/mysql.err",
"var/log/mysqlderror.log",
"var/log/mysql/mysql.log",
"var/log/mysql/mysql-slow.log",
"var/log/mysql-bin.index",
"var/log/data/mysql-bin.index",
"var/mysql.log",
"var/mysql-bin.index",
"var/data/mysql-bin.index",
"program files/mysql/mysql server 5.0/data/{host}.err",
"program files/mysql/mysql server 5.0/data/mysql.log",
"program files/mysql/mysql server 5.0/data/mysql.err",
"program files/mysql/mysql server 5.0/data/mysql-bin.log",
"program files/mysql/mysql server 5.0/data/mysql-bin.index",
"program files/mysql/data/{host}.err",
"program files/mysql/data/mysql.log",
"program files/mysql/data/mysql.err",
"program files/mysql/data/mysql-bin.log",
"program files/mysql/data/mysql-bin.index",
"mysql/data/{host}.err",
"mysql/data/mysql.log",
"mysql/data/mysql.err",
"mysql/data/mysql-bin.log",
"mysql/data/mysql-bin.index",
"usr/local/mysql/data/mysql.log",
"usr/local/mysql/data/mysql.err",
"usr/local/mysql/data/mysql-bin.log",
"usr/local/mysql/data/mysql-slow.log",
"usr/local/mysql/data/mysqlderror.log",
"usr/local/mysql/data/{host}.err",
"usr/local/mysql/data/mysql-bin.index",
"var/lib/mysql/my.cnf",
"etc/mysql/my.cnf",
"etc/my.cnf",
"program files/mysql/mysql server 5.0/my.ini",
"program files/mysql/mysql server 5.0/my.cnf",
"program files/mysql/my.ini",
"program files/mysql/my.cnf",
"mysql/my.ini",
"mysql/my.cnf",
"mysql/bin/my.ini",
"var/postgresql/log/postgresql.log",
"var/log/postgresql/postgresql.log",
"var/log/postgres/pg_backup.log",
"var/log/postgres/postgres.log",
"var/log/postgresql.log",
"var/log/pgsql/pgsql.log",
"var/log/postgresql/postgresql-8.1-main.log",
"var/log/postgresql/postgresql-8.3-main.log",
"var/log/postgresql/postgresql-8.4-main.log",
"var/log/postgresql/postgresql-9.0-main.log",
"var/log/postgresql/postgresql-9.1-main.log",
"var/log/pgsql8.log",
"var/log/postgresql/postgres.log",
"var/log/pgsql_log",
"var/log/postgresql/main.log",
"var/log/cron/var/log/postgres.log",
"usr/internet/pgsql/data/postmaster.log",
"usr/local/pgsql/data/postgresql.log",
"usr/local/pgsql/data/pg_log",
"postgresql/log/pgadmin.log",
"var/lib/pgsql/data/postgresql.conf",
"var/postgresql/db/postgresql.conf",
"var/nm2/postgresql.conf",
"usr/local/pgsql/data/postgresql.conf",
"usr/local/pgsql/data/pg_hba.conf",
"usr/internet/pgsql/data/pg_hba.conf",
"usr/local/pgsql/data/passwd",
"usr/local/pgsql/bin/pg_passwd",
"etc/postgresql/postgresql.conf",
"etc/postgresql/pg_hba.conf",
"home/postgres/data/postgresql.conf",
"home/postgres/data/pg_version",
"home/postgres/data/pg_ident.conf",
"home/postgres/data/pg_hba.conf",
"program files/postgresql/8.3/data/pg_hba.conf",
"program files/postgresql/8.3/data/pg_ident.conf",
"program files/postgresql/8.3/data/postgresql.conf",
"program files/postgresql/8.4/data/pg_hba.conf",
"program files/postgresql/8.4/data/pg_ident.conf",
"program files/postgresql/8.4/data/postgresql.conf",
"program files/postgresql/9.0/data/pg_hba.conf",
"program files/postgresql/9.0/data/pg_ident.conf",
"program files/postgresql/9.0/data/postgresql.conf",
"program files/postgresql/9.1/data/pg_hba.conf",
"program files/postgresql/9.1/data/pg_ident.conf",
"program files/postgresql/9.1/data/postgresql.conf",
"wamp/logs/access.log",
"wamp/logs/apache_error.log",
"wamp/logs/genquery.log",
"wamp/logs/mysql.log",
"wamp/logs/slowquery.log",
"wamp/bin/apache/apache2.2.22/logs/access.log",
"wamp/bin/apache/apache2.2.22/logs/error.log",
"wamp/bin/apache/apache2.2.21/logs/access.log",
"wamp/bin/apache/apache2.2.21/logs/error.log",
"wamp/bin/mysql/mysql5.5.24/data/mysql-bin.index",
"wamp/bin/mysql/mysql5.5.16/data/mysql-bin.index",
"wamp/bin/apache/apache2.2.21/conf/httpd.conf",
"wamp/bin/apache/apache2.2.22/conf/httpd.conf",
"wamp/bin/apache/apache2.2.21/wampserver.conf",
"wamp/bin/apache/apache2.2.22/wampserver.conf",
"wamp/bin/apache/apache2.2.22/conf/wampserver.conf",
"wamp/bin/mysql/mysql5.5.24/my.ini",
"wamp/bin/mysql/mysql5.5.24/wampserver.conf",
"wamp/bin/mysql/mysql5.5.16/my.ini",
"wamp/bin/mysql/mysql5.5.16/wampserver.conf",
"wamp/bin/php/php5.3.8/php.ini",
"wamp/bin/php/php5.4.3/php.ini",
"xampp/apache/logs/access.log",
"xampp/apache/logs/error.log",
"xampp/mysql/data/mysql-bin.index",
"xampp/mysql/data/mysql.err",
"xampp/mysql/data/{host}.err",
"xampp/sendmail/sendmail.log",
"xampp/apache/conf/httpd.conf",
"xampp/filezillaftp/filezilla server.xml",
"xampp/mercurymail/mercury.ini",
"xampp/php/php.ini",
"xampp/phpmyadmin/config.inc.php",
"xampp/sendmail/sendmail.ini",
"xampp/webalizer/webalizer.conf",
"opt/lampp/etc/httpd.conf",
"xampp/htdocs/aca.txt",
"xampp/htdocs/admin.php",
"xampp/htdocs/leer.txt",
"usr/local/apache/logs/audit_log",
"usr/local/apache2/logs/audit_log",
"logs/security_debug_log",
"logs/security_log",
"usr/local/apache/conf/modsec.conf",
"usr/local/apache2/conf/modsec.conf",
"winnt/system32/logfiles/msftpsvc",
"winnt/system32/logfiles/msftpsvc1",
"winnt/system32/logfiles/msftpsvc2",
"windows/system32/logfiles/msftpsvc",
"windows/system32/logfiles/msftpsvc1",
"windows/system32/logfiles/msftpsvc2",
"etc/logrotate.d/proftpd",
"www/logs/proftpd.system.log",
"var/log/proftpd",
"var/log/proftpd/xferlog.legacy",
"var/log/proftpd.access_log",
"var/log/proftpd.xferlog",
"etc/pam.d/proftpd",
"etc/proftp.conf",
"etc/protpd/proftpd.conf",
"etc/vhcs2/proftpd/proftpd.conf",
"etc/proftpd/modules.conf",
"var/log/vsftpd.log",
"etc/vsftpd.chroot_list",
"etc/logrotate.d/vsftpd.log",
"etc/vsftpd/vsftpd.conf",
"etc/vsftpd.conf",
"etc/chrootusers",
"var/log/xferlog",
"var/adm/log/xferlog",
"etc/wu-ftpd/ftpaccess",
"etc/wu-ftpd/ftphosts",
"etc/wu-ftpd/ftpusers",
"var/log/pure-ftpd/pure-ftpd.log",
"logs/pure-ftpd.log",
"var/log/pureftpd.log",
"usr/sbin/pure-config.pl",
"usr/etc/pure-ftpd.conf",
"etc/pure-ftpd/pure-ftpd.conf",
"usr/local/etc/pure-ftpd.conf",
"usr/local/etc/pureftpd.pdb",
"usr/local/pureftpd/etc/pureftpd.pdb",
"usr/local/pureftpd/sbin/pure-config.pl",
"usr/local/pureftpd/etc/pure-ftpd.conf",
"etc/pure-ftpd.conf",
"etc/pure-ftpd/pure-ftpd.pdb",
"etc/pureftpd.pdb",
"etc/pureftpd.passwd",
"etc/pure-ftpd/pureftpd.pdb",
"usr/ports/ftp/pure-ftpd/pure-ftpd.conf",
"usr/ports/ftp/pure-ftpd/pureftpd.pdb",
"usr/ports/ftp/pure-ftpd/pureftpd.passwd",
"usr/ports/net/pure-ftpd/pure-ftpd.conf",
"usr/ports/net/pure-ftpd/pureftpd.pdb",
"usr/ports/net/pure-ftpd/pureftpd.passwd",
"usr/pkgsrc/net/pureftpd/pure-ftpd.conf",
"usr/pkgsrc/net/pureftpd/pureftpd.pdb",
"usr/pkgsrc/net/pureftpd/pureftpd.passwd",
"usr/ports/contrib/pure-ftpd/pure-ftpd.conf",
"usr/ports/contrib/pure-ftpd/pureftpd.pdb",
"usr/ports/contrib/pure-ftpd/pureftpd.passwd",
"var/log/muddleftpd",
"usr/sbin/mudlogd",
"etc/muddleftpd/mudlog",
"etc/muddleftpd.com",
"etc/muddleftpd/mudlogd.conf",
"etc/muddleftpd/muddleftpd.conf",
"var/log/muddleftpd.conf",
"usr/sbin/mudpasswd",
"etc/muddleftpd/muddleftpd.passwd",
"etc/muddleftpd/passwd",
"var/log/ftp-proxy/ftp-proxy.log",
"var/log/ftp-proxy",
"var/log/ftplog",
"etc/logrotate.d/ftp",
"etc/ftpchroot",
"etc/ftphosts",
"etc/ftpusers",
"var/log/exim_mainlog",
"var/log/exim/mainlog",
"var/log/maillog",
"var/log/exim_paniclog",
"var/log/exim/paniclog",
"var/log/exim/rejectlog",
"var/log/exim_rejectlog",
"winnt/system32/logfiles/smtpsvc",
"winnt/system32/logfiles/smtpsvc1",
"winnt/system32/logfiles/smtpsvc2",
"winnt/system32/logfiles/smtpsvc3",
"winnt/system32/logfiles/smtpsvc4",
"winnt/system32/logfiles/smtpsvc5",
"windows/system32/logfiles/smtpsvc",
"windows/system32/logfiles/smtpsvc1",
"windows/system32/logfiles/smtpsvc2",
"windows/system32/logfiles/smtpsvc3",
"windows/system32/logfiles/smtpsvc4",
"windows/system32/logfiles/smtpsvc5",
"etc/osxhttpd/osxhttpd.conf",
"system/library/webobjects/adaptors/apache2.2/apache.conf",
"etc/apache2/sites-available/default",
"etc/apache2/sites-available/default-ssl",
"etc/apache2/sites-enabled/000-default",
"etc/apache2/sites-enabled/default",
"etc/apache2/apache2.conf",
"etc/apache2/ports.conf",
"usr/local/etc/apache/httpd.conf",
"usr/pkg/etc/httpd/httpd.conf",
"usr/pkg/etc/httpd/httpd-default.conf",
"usr/pkg/etc/httpd/httpd-vhosts.conf",
"etc/httpd/mod_php.conf",
"etc/httpd/extra/httpd-ssl.conf",
"etc/rc.d/rc.httpd",
"usr/local/apache/conf/httpd.conf.default",
"usr/local/apache/conf/access.conf",
"usr/local/apache22/conf/httpd.conf",
"usr/local/apache22/httpd.conf",
"usr/local/etc/apache22/conf/httpd.conf",
"usr/local/apps/apache22/conf/httpd.conf",
"etc/apache22/conf/httpd.conf",
"etc/apache22/httpd.conf",
"opt/apache22/conf/httpd.conf",
"usr/local/etc/apache2/vhosts.conf",
"usr/local/apache/conf/vhosts.conf",
"usr/local/apache2/conf/vhosts.conf",
"usr/local/apache/conf/vhosts-custom.conf",
"usr/local/apache2/conf/vhosts-custom.conf",
"etc/apache/default-server.conf",
"etc/apache2/default-server.conf",
"usr/local/apache2/conf/extra/httpd-ssl.conf",
"usr/local/apache2/conf/ssl.conf",
"etc/httpd/conf.d",
"usr/local/etc/apache22/httpd.conf",
"usr/local/etc/apache2/httpd.conf",
"etc/apache2/httpd2.conf",
"etc/apache2/ssl-global.conf",
"etc/apache2/vhosts.d/00_default_vhost.conf",
"apache/conf/httpd.conf",
"etc/apache/httpd.conf",
"etc/httpd/conf",
"http/httpd.conf",
"usr/local/apache1.3/conf/httpd.conf",
"usr/local/etc/httpd/conf",
"var/apache/conf/httpd.conf",
"var/www/conf",
"www/apache/conf/httpd.conf",
"www/conf/httpd.conf",
"etc/init.d",
"etc/apache/access.conf",
"etc/rc.conf",
"www/logs/freebsddiary-error.log",
"www/logs/freebsddiary-access_log",
"library/webserver/documents/index.html",
"library/webserver/documents/index.htm",
"library/webserver/documents/default.html",
"library/webserver/documents/default.htm",
"library/webserver/documents/index.php",
"library/webserver/documents/default.php",
"var/log/webmin/miniserv.log",
"usr/local/etc/webmin/miniserv.conf",
"etc/webmin/miniserv.conf",
"usr/local/etc/webmin/miniserv.users",
"etc/webmin/miniserv.users",
"winnt/system32/logfiles/w3svc/inetsvn1.log",
"winnt/system32/logfiles/w3svc1/inetsvn1.log",
"winnt/system32/logfiles/w3svc2/inetsvn1.log",
"winnt/system32/logfiles/w3svc3/inetsvn1.log",
"windows/system32/logfiles/w3svc/inetsvn1.log",
"windows/system32/logfiles/w3svc1/inetsvn1.log",
"windows/system32/logfiles/w3svc2/inetsvn1.log",
"windows/system32/logfiles/w3svc3/inetsvn1.log",
"var/log/httpd/access_log",
"var/log/httpd/error_log",
"apache/logs/error.log",
"apache/logs/access.log",
"apache2/logs/error.log",
"apache2/logs/access.log",
"logs/error.log",
"logs/access.log",
"etc/httpd/logs/access_log",
"etc/httpd/logs/access.log",
"etc/httpd/logs/error_log",
"etc/httpd/logs/error.log",
"usr/local/apache/logs/access_log",
"usr/local/apache/logs/access.log",
"usr/local/apache/logs/error_log",
"usr/local/apache/logs/error.log",
"usr/local/apache2/logs/access_log",
"usr/local/apache2/logs/access.log",
"usr/local/apache2/logs/error_log",
"usr/local/apache2/logs/error.log",
"var/www/logs/access_log",
"var/www/logs/access.log",
"var/www/logs/error_log",
"var/www/logs/error.log",
"var/log/httpd/access.log",
"var/log/httpd/error.log",
"var/log/apache/access_log",
"var/log/apache/access.log",
"var/log/apache/error_log",
"var/log/apache/error.log",
"var/log/apache2/access_log",
"var/log/apache2/access.log",
"var/log/apache2/error_log",
"var/log/apache2/error.log",
"var/log/access_log",
"var/log/access.log",
"var/log/error_log",
"var/log/error.log",
"opt/lampp/logs/access_log",
"opt/lampp/logs/error_log",
"opt/xampp/logs/access_log",
"opt/xampp/logs/error_log",
"opt/lampp/logs/access.log",
"opt/lampp/logs/error.log",
"opt/xampp/logs/access.log",
"opt/xampp/logs/error.log",
"program files/apache group/apache/logs/access.log",
"program files/apache group/apache/logs/error.log",
"program files/apache software foundation/apache2.2/logs/error.log",
"program files/apache software foundation/apache2.2/logs/access.log",
"opt/apache/apache.conf",
"opt/apache/conf/apache.conf",
"opt/apache2/apache.conf",
"opt/apache2/conf/apache.conf",
"opt/httpd/apache.conf",
"opt/httpd/conf/apache.conf",
"etc/httpd/apache.conf",
"etc/apache2/apache.conf",
"etc/httpd/conf/apache.conf",
"usr/local/apache/apache.conf",
"usr/local/apache/conf/apache.conf",
"usr/local/apache2/apache.conf",
"usr/local/apache2/conf/apache.conf",
"usr/local/php/apache.conf.php",
"usr/local/php4/apache.conf.php",
"usr/local/php5/apache.conf.php",
"usr/local/php/apache.conf",
"usr/local/php4/apache.conf",
"usr/local/php5/apache.conf",
"private/etc/httpd/apache.conf",
"opt/apache/apache2.conf",
"opt/apache/conf/apache2.conf",
"opt/apache2/apache2.conf",
"opt/apache2/conf/apache2.conf",
"opt/httpd/apache2.conf",
"opt/httpd/conf/apache2.conf",
"etc/httpd/apache2.conf",
"etc/httpd/conf/apache2.conf",
"usr/local/apache/apache2.conf",
"usr/local/apache/conf/apache2.conf",
"usr/local/apache2/apache2.conf",
"usr/local/apache2/conf/apache2.conf",
"usr/local/php/apache2.conf.php",
"usr/local/php4/apache2.conf.php",
"usr/local/php5/apache2.conf.php",
"usr/local/php/apache2.conf",
"usr/local/php4/apache2.conf",
"usr/local/php5/apache2.conf",
"private/etc/httpd/apache2.conf",
"usr/local/apache/conf/httpd.conf",
"usr/local/apache2/conf/httpd.conf",
"etc/httpd/conf/httpd.conf",
"etc/apache/apache.conf",
"etc/apache/conf/httpd.conf",
"etc/apache2/httpd.conf",
"usr/apache2/conf/httpd.conf",
"usr/apache/conf/httpd.conf",
"usr/local/etc/apache/conf/httpd.conf",
"usr/local/apache/httpd.conf",
"usr/local/apache2/httpd.conf",
"usr/local/httpd/conf/httpd.conf",
"usr/local/etc/apache2/conf/httpd.conf",
"usr/local/etc/httpd/conf/httpd.conf",
"usr/local/apps/apache2/conf/httpd.conf",
"usr/local/apps/apache/conf/httpd.conf",
"usr/local/php/httpd.conf.php",
"usr/local/php4/httpd.conf.php",
"usr/local/php5/httpd.conf.php",
"usr/local/php/httpd.conf",
"usr/local/php4/httpd.conf",
"usr/local/php5/httpd.conf",
"etc/apache2/conf/httpd.conf",
"etc/http/conf/httpd.conf",
"etc/httpd/httpd.conf",
"etc/http/httpd.conf",
"etc/httpd.conf",
"opt/apache/conf/httpd.conf",
"opt/apache2/conf/httpd.conf",
"var/www/conf/httpd.conf",
"private/etc/httpd/httpd.conf",
"private/etc/httpd/httpd.conf.default",
"etc/apache2/vhosts.d/default_vhost.include",
"etc/apache2/conf.d/charset",
"etc/apache2/conf.d/security",
"etc/apache2/envvars",
"etc/apache2/mods-available/autoindex.conf",
"etc/apache2/mods-available/deflate.conf",
"etc/apache2/mods-available/dir.conf",
"etc/apache2/mods-available/mem_cache.conf",
"etc/apache2/mods-available/mime.conf",
"etc/apache2/mods-available/proxy.conf",
"etc/apache2/mods-available/setenvif.conf",
"etc/apache2/mods-available/ssl.conf",
"etc/apache2/mods-enabled/alias.conf",
"etc/apache2/mods-enabled/deflate.conf",
"etc/apache2/mods-enabled/dir.conf",
"etc/apache2/mods-enabled/mime.conf",
"etc/apache2/mods-enabled/negotiation.conf",
"etc/apache2/mods-enabled/php5.conf",
"etc/apache2/mods-enabled/status.conf",
"program files/apache group/apache/conf/httpd.conf",
"program files/apache group/apache2/conf/httpd.conf",
"program files/xampp/apache/conf/apache.conf",
"program files/xampp/apache/conf/apache2.conf",
"program files/xampp/apache/conf/httpd.conf",
"program files/apache group/apache/apache.conf",
"program files/apache group/apache/conf/apache.conf",
"program files/apache group/apache2/conf/apache.conf",
"program files/apache group/apache/apache2.conf",
"program files/apache group/apache/conf/apache2.conf",
"program files/apache group/apache2/conf/apache2.conf",
"program files/apache software foundation/apache2.2/conf/httpd.conf",
"volumes/macintosh_hd1/opt/httpd/conf/httpd.conf",
"volumes/macintosh_hd1/opt/apache/conf/httpd.conf",
"volumes/macintosh_hd1/opt/apache2/conf/httpd.conf",
"volumes/macintosh_hd1/usr/local/php/httpd.conf.php",
"volumes/macintosh_hd1/usr/local/php4/httpd.conf.php",
"volumes/macintosh_hd1/usr/local/php5/httpd.conf.php",
"volumes/webbackup/opt/apache2/conf/httpd.conf",
"volumes/webbackup/private/etc/httpd/httpd.conf",
"volumes/webbackup/private/etc/httpd/httpd.conf.default",
"usr/local/etc/apache/vhosts.conf",
"usr/local/jakarta/tomcat/conf/jakarta.conf",
"usr/local/jakarta/tomcat/conf/server.xml",
"usr/local/jakarta/tomcat/conf/context.xml",
"usr/local/jakarta/tomcat/conf/workers.properties",
"usr/local/jakarta/tomcat/conf/logging.properties",
"usr/local/jakarta/dist/tomcat/conf/jakarta.conf",
"usr/local/jakarta/dist/tomcat/conf/server.xml",
"usr/local/jakarta/dist/tomcat/conf/context.xml",
"usr/local/jakarta/dist/tomcat/conf/workers.properties",
"usr/local/jakarta/dist/tomcat/conf/logging.properties",
"usr/share/tomcat6/conf/server.xml",
"usr/share/tomcat6/conf/context.xml",
"usr/share/tomcat6/conf/workers.properties",
"usr/share/tomcat6/conf/logging.properties",
"var/log/tomcat6/catalina.out",
"var/cpanel/tomcat.options",
"usr/local/jakarta/tomcat/logs/catalina.out",
"usr/local/jakarta/tomcat/logs/catalina.err",
"opt/tomcat/logs/catalina.out",
"opt/tomcat/logs/catalina.err",
"usr/share/logs/catalina.out",
"usr/share/logs/catalina.err",
"usr/share/tomcat/logs/catalina.out",
"usr/share/tomcat/logs/catalina.err",
"usr/share/tomcat6/logs/catalina.out",
"usr/share/tomcat6/logs/catalina.err",
"usr/local/apache/logs/mod_jk.log",
"usr/local/jakarta/tomcat/logs/mod_jk.log",
"usr/local/jakarta/dist/tomcat/logs/mod_jk.log",
"opt/[jboss]/server/default/conf/jboss-minimal.xml",
"opt/[jboss]/server/default/conf/jboss-service.xml",
"opt/[jboss]/server/default/conf/jndi.properties",
"opt/[jboss]/server/default/conf/log4j.xml",
"opt/[jboss]/server/default/conf/login-config.xml",
"opt/[jboss]/server/default/conf/standardjaws.xml",
"opt/[jboss]/server/default/conf/standardjboss.xml",
"opt/[jboss]/server/default/conf/server.log.properties",
"opt/[jboss]/server/default/deploy/jboss-logging.xml",
"usr/local/[jboss]/server/default/conf/jboss-minimal.xml",
"usr/local/[jboss]/server/default/conf/jboss-service.xml",
"usr/local/[jboss]/server/default/conf/jndi.properties",
"usr/local/[jboss]/server/default/conf/log4j.xml",
"usr/local/[jboss]/server/default/conf/login-config.xml",
"usr/local/[jboss]/server/default/conf/standardjaws.xml",
"usr/local/[jboss]/server/default/conf/standardjboss.xml",
"usr/local/[jboss]/server/default/conf/server.log.properties",
"usr/local/[jboss]/server/default/deploy/jboss-logging.xml",
"private/tmp/[jboss]/server/default/conf/jboss-minimal.xml",
"private/tmp/[jboss]/server/default/conf/jboss-service.xml",
"private/tmp/[jboss]/server/default/conf/jndi.properties",
"private/tmp/[jboss]/server/default/conf/log4j.xml",
"private/tmp/[jboss]/server/default/conf/login-config.xml",
"private/tmp/[jboss]/server/default/conf/standardjaws.xml",
"private/tmp/[jboss]/server/default/conf/standardjboss.xml",
"private/tmp/[jboss]/server/default/conf/server.log.properties",
"private/tmp/[jboss]/server/default/deploy/jboss-logging.xml",
"tmp/[jboss]/server/default/conf/jboss-minimal.xml",
"tmp/[jboss]/server/default/conf/jboss-service.xml",
"tmp/[jboss]/server/default/conf/jndi.properties",
"tmp/[jboss]/server/default/conf/log4j.xml",
"tmp/[jboss]/server/default/conf/login-config.xml",
"tmp/[jboss]/server/default/conf/standardjaws.xml",
"tmp/[jboss]/server/default/conf/standardjboss.xml",
"tmp/[jboss]/server/default/conf/server.log.properties",
"tmp/[jboss]/server/default/deploy/jboss-logging.xml",
"program files/[jboss]/server/default/conf/jboss-minimal.xml",
"program files/[jboss]/server/default/conf/jboss-service.xml",
"program files/[jboss]/server/default/conf/jndi.properties",
"program files/[jboss]/server/default/conf/log4j.xml",
"program files/[jboss]/server/default/conf/login-config.xml",
"program files/[jboss]/server/default/conf/standardjaws.xml",
"program files/[jboss]/server/default/conf/standardjboss.xml",
"program files/[jboss]/server/default/conf/server.log.properties",
"program files/[jboss]/server/default/deploy/jboss-logging.xml",
"[jboss]/server/default/conf/jboss-minimal.xml",
"[jboss]/server/default/conf/jboss-service.xml",
"[jboss]/server/default/conf/jndi.properties",
"[jboss]/server/default/conf/log4j.xml",
"[jboss]/server/default/conf/login-config.xml",
"[jboss]/server/default/conf/standardjaws.xml",
"[jboss]/server/default/conf/standardjboss.xml",
"[jboss]/server/default/conf/server.log.properties",
"[jboss]/server/default/deploy/jboss-logging.xml",
"opt/[jboss]/server/default/log/server.log",
"opt/[jboss]/server/default/log/boot.log",
"usr/local/[jboss]/server/default/log/server.log",
"usr/local/[jboss]/server/default/log/boot.log",
"private/tmp/[jboss]/server/default/log/server.log",
"private/tmp/[jboss]/server/default/log/boot.log",
"tmp/[jboss]/server/default/log/server.log",
"tmp/[jboss]/server/default/log/boot.log",
"program files/[jboss]/server/default/log/server.log",
"program files/[jboss]/server/default/log/boot.log",
"[jboss]/server/default/log/server.log",
"[jboss]/server/default/log/boot.log",
"var/log/lighttpd.error.log",
"var/log/lighttpd.access.log",
"var/lighttpd.log",
"var/logs/access.log",
"var/log/lighttpd/",
"var/log/lighttpd/error.log",
"var/log/lighttpd/access.www.log",
"var/log/lighttpd/error.www.log",
"var/log/lighttpd/access.log",
"usr/local/apache2/logs/lighttpd.error.log",
"usr/local/apache2/logs/lighttpd.log",
"usr/local/apache/logs/lighttpd.error.log",
"usr/local/apache/logs/lighttpd.log",
"usr/local/lighttpd/log/lighttpd.error.log",
"usr/local/lighttpd/log/access.log",
"var/log/lighttpd/{domain}/access.log",
"var/log/lighttpd/{domain}/error.log",
"usr/home/user/var/log/lighttpd.error.log",
"usr/home/user/var/log/apache.log",
"home/user/lighttpd/lighttpd.conf",
"usr/home/user/lighttpd/lighttpd.conf",
"etc/lighttpd/lighthttpd.conf",
"usr/local/etc/lighttpd.conf",
"usr/local/lighttpd/conf/lighttpd.conf",
"usr/local/etc/lighttpd.conf.new",
"var/www/.lighttpdpassword",
"var/log/nginx/access_log",
"var/log/nginx/error_log",
"var/log/nginx/access.log",
"var/log/nginx/error.log",
"var/log/nginx.access_log",
"var/log/nginx.error_log",
"logs/access_log",
"logs/error_log",
"etc/nginx/nginx.conf",
"usr/local/etc/nginx/nginx.conf",
"usr/local/nginx/conf/nginx.conf",
"usr/local/zeus/web/global.cfg",
"usr/local/zeus/web/log/errors",
"opt/lsws/conf/httpd_conf.xml",
"usr/local/lsws/conf/httpd_conf.xml",
"opt/lsws/logs/error.log",
"opt/lsws/logs/access.log",
"usr/local/lsws/logs/error.log",
"usr/local/logs/access.log",
"usr/local/samba/lib/log.user",
"usr/local/logs/samba.log",
"var/log/samba/log.smbd",
"var/log/samba/log.nmbd",
"var/log/samba.log",
"var/log/samba.log1",
"var/log/samba.log2",
"var/log/log.smb",
"etc/samba/netlogon",
"etc/smbpasswd",
"etc/smb.conf",
"etc/samba/dhcp.conf",
"etc/samba/smb.conf",
"etc/samba/samba.conf",
"etc/samba/smb.conf.user",
"etc/samba/smbpasswd",
"etc/samba/smbusers",
"etc/samba/private/smbpasswd",
"usr/local/etc/smb.conf",
"usr/local/samba/lib/smb.conf.user",
"etc/dhcp3/dhclient.conf",
"etc/dhcp3/dhcpd.conf",
"etc/dhcp/dhclient.conf",
"program files/vidalia bundle/polipo/polipo.conf",
"etc/tor/tor-tsocks.conf",
"etc/stunnel/stunnel.conf",
"etc/tsocks.conf",
"etc/tinyproxy/tinyproxy.conf",
"etc/miredo-server.conf",
"etc/miredo.conf",
"etc/miredo/miredo-server.conf",
"etc/miredo/miredo.conf",
"etc/wicd/dhclient.conf.template.default",
"etc/wicd/manager-settings.conf",
"etc/wicd/wired-settings.conf",
"etc/wicd/wireless-settings.conf",
"var/log/ipfw.log",
"var/log/ipfw",
"var/log/ipfw/ipfw.log",
"var/log/ipfw.today",
"etc/ipfw.rules",
"etc/ipfw.conf",
"etc/firewall.rules",
"winnt/system32/logfiles/firewall/pfirewall.log",
"winnt/system32/logfiles/firewall/pfirewall.log.old",
"windows/system32/logfiles/firewall/pfirewall.log",
"windows/system32/logfiles/firewall/pfirewall.log.old",
"etc/clamav/clamd.conf",
"etc/clamav/freshclam.conf",
"etc/x11/xorg.conf",
"etc/x11/xorg.conf-vesa",
"etc/x11/xorg.conf-vmware",
"etc/x11/xorg.conf.beforevmwaretoolsinstall",
"etc/x11/xorg.conf.orig",
"etc/bluetooth/input.conf",
"etc/bluetooth/main.conf",
"etc/bluetooth/network.conf",
"etc/bluetooth/rfcomm.conf",
"proc/self/environ",
"proc/self/mounts",
"proc/self/stat",
"proc/self/status",
"proc/self/cmdline",
"proc/self/fd/0",
"proc/self/fd/1",
"proc/self/fd/2",
"proc/self/fd/3",
"proc/self/fd/4",
"proc/self/fd/5",
"proc/self/fd/6",
"proc/self/fd/7",
"proc/self/fd/8",
"proc/self/fd/9",
"proc/self/fd/10",
"proc/self/fd/11",
"proc/self/fd/12",
"proc/self/fd/13",
"proc/self/fd/14",
"proc/self/fd/15",
"proc/version",
"proc/devices",
"proc/cpuinfo",
"proc/meminfo",
"proc/net/tcp",
"proc/net/udp",
"etc/bash_completion.d/debconf",
"root/.bash_logout",
"root/.bash_history",
"root/.bash_config",
"root/.bashrc",
"etc/bash.bashrc",
"var/adm/syslog",
"var/adm/sulog",
"var/adm/utmp",
"var/adm/utmpx",
"var/adm/wtmp",
"var/adm/wtmpx",
"var/adm/lastlog/username",
"usr/spool/lp/log",
"var/adm/lp/lpd-errs",
"usr/lib/cron/log",
"var/adm/loginlog",
"var/adm/pacct",
"var/adm/dtmp",
"var/adm/acct/sum/loginlog",
"var/adm/x0msgs",
"var/adm/crash/vmcore",
"var/adm/crash/unix",
"etc/newsyslog.conf",
"var/adm/qacct",
"var/adm/ras/errlog",
"var/adm/ras/bootlog",
"var/adm/cron/log",
"etc/utmp",
"etc/security/lastlog",
"etc/security/failedlogin",
"usr/spool/mqueue/syslog",
"var/adm/messages",
"var/adm/aculogs",
"var/adm/aculog",
"var/adm/vold.log",
"var/adm/log/asppp.log",
"var/log/poplog",
"var/log/authlog",
"var/lp/logs/lpsched",
"var/lp/logs/lpnet",
"var/lp/logs/requests",
"var/cron/log",
"var/saf/_log",
"var/saf/port/log",
"var/log/news.all",
"var/log/news/news.all",
"var/log/news/news.crit",
"var/log/news/news.err",
"var/log/news/news.notice",
"var/log/news/suck.err",
"var/log/news/suck.notice",
"var/log/messages",
"var/log/messages.1",
"var/log/user.log",
"var/log/user.log.1",
"var/log/auth.log",
"var/log/pm-powersave.log",
"var/log/xorg.0.log",
"var/log/daemon.log",
"var/log/daemon.log.1",
"var/log/kern.log",
"var/log/kern.log.1",
"var/log/mail.err",
"var/log/mail.info",
"var/log/mail.warn",
"var/log/ufw.log",
"var/log/boot.log",
"var/log/syslog",
"var/log/syslog.1",
"tmp/access.log",
"etc/sensors.conf",
"etc/sensors3.conf",
"etc/host.conf",
"etc/pam.conf",
"etc/resolv.conf",
"etc/apt/apt.conf",
"etc/inetd.conf",
"etc/syslog.conf",
"etc/sysctl.conf",
"etc/sysctl.d/10-console-messages.conf",
"etc/sysctl.d/10-network-security.conf",
"etc/sysctl.d/10-process-security.conf",
"etc/s