Montag, 14. April 2014

Naxsi - Stats

- text-only version: https://gist.github.com/anonymous/10679230

# 30-days - Naxsi-Stats (3 sensors, 10 domains)
# 2014-04-14

count | id       |  message
------+-----------+-----------------------------
1880   1000       sql keywords
1721   1200       double dot
1646   1202       obvious probe
1420   10         10
1332   1310       [, possible js
1332   1311       ], possible js
1229   42000030   DN WEB_SERVER /proc/self - Access in URI
1028   42000316   DN SCAN WinHttpRequest - UA
1000   1100       http:// scheme
773    1001       double quote
746    1002       0x, possible hex encoding
741    1007       mysql comment (--)
739    1013       simple quote
655    1205       backslash
598    1016       mysql comment (#)
582    42000244   DN SCAN PHPMyAdmin - Scanner (2)
431    1303       html close tag
420    42000170   DN SCAN Scanner sqlmap
404    42000062   DN WEB_SERVER Generic JOOMLA-Exploit-Attempt (option=com_)
394    42000309   DN SCAN Misformed Proxy-Scan
379    1302       html open tag
291    42000261   DN WEB_SERVER possible WP-Scan (wp-login)
179    1009       equal in var, probable sql/xss
153    1314       grave accent !
148    42000313   DN SCAN Joomlas Administrator-Login-Attempt
131    42000317   DN SCAN Wordpress-UA, probably Botnet-Attack
112    12         12
97     42000262   DN WEB_SERVER possible WP-Scan (wp-admin)
94     11         11
76     42000310   DN SCAN Abnormal double http:// in HTTP header,
71     42000243   DN SCAN PHPMyAdmin - Scanner
64     1006       mysql keyword (&&)
60     42000047   DN WEB_SERVER PHPMyAdmin - Scripts/Setup-Request
60     42000071   DN WEB_APPS PHPMYADMIN setup.php - Access
56     1312       ~ character
44     42000311   DN SCAN poss. malicious Scanner using Fake UA Apache/Synapse
31     42000254   DN WEB_SERVER possible INI - File - Access
30     42000227   DN SCAN Scanner ZmEu exploit scanner
30     42000285   DN WEB_SERVER Joomla JCE-Exploit-Scan
28     1402       Content is neither mulipart/x-www-form..
26     1003       mysql comment (/*)
26     42000305   DN SCAN Possible HNAP-Exploit-Attempt
25     2            2
22     42000021   DN WEB_SERVER Tilde in URI, potential .php source disclosure vulnerability
22     42000271   DN WEB_SERVER ForumSpammer Access
22     42000319   DN SCAN Possible WHMCS - Scan
21     42000181   DN SCAN Scanner webster pro
20     42000128   DN SCAN Nessus-Scanner detected
19     1315       double encoding !
19     42000048   DN WEB_SERVER PHPINFO - in URL
18     1103       php:// scheme
17     14         14
13     42000203   DN SCAN Scanner Paros Proxy Scanner
13     42000321   DN SCAN probably Malicous UA
12     42000077   DN WEB_SERVER LIBWWW_perl-UA detected
12     42000307   DN SCAN WP-Contents/Plugins Access
8      42000082   DN WEB_SERVER Tomcat - Manager - Access
8      42000253   DN WEB_SERVER possible INC - File - Access
7      42000046   DN SCAN DFind w00tw00t GET-Requests
7      42000052   DN WEB_SERVER SVN_Repo-Access
7      42000070   DN WEB_SERVER possible sql-injection (CAST())
7      42000236   DN WEB_SERVER DoubleDot in URL
7      42000263   DN WEB_SERVER .htaccess - Access
6      1004       mysql comment (*/)
5      1010       parenthesis, probable sql/xss
5      42000002   DN APP_SERVER PHP-file-access
5      42000076   DN SCAN VTI_BIN - Access
4      42000054   DN WEB_SERVER HEX_string found
4      42000068   DN WEB_SERVER JAR - Download Request
4      42000156   DN SCAN Scanner safexplorer
3      42000003   DN APP_SERVER ASP_file access
3      42000043   DN SCAN WhatWeb Web Application Fingerprint Scanner Default User-Agent Detected
3      42000073   DN SCAN Python-urllib UA, possible Scanner
3      42000127   DN SCAN Scanner Amiga-Aweb
3      42000151   DN SCAN Scanner whatweb
2      1005       mysql keyword (|)
2      1101       https:// scheme
2      42000053   DN WEB_SERVER GIT_Repo-Access
2      42000079   DN WEB_SERVER VTI_RPC - Access
2      42000080   DN WEB_SERVER Apache ServerStatus - Access
2      42000145   DN SCAN Scanner morfeus
2      42000265   DN WEB_SERVER Plesk Apache Zeroday Remote Exploit - possible scan
2      42000306   DN SCAN Morfeus - F*cking-Scanner
1      1400       utf7/8 encoding
1      42000031   DN SCAN Muieblackcat scanner
1      42000032   DN WEB_SERVER PHP-EVAL - Attempt
1      42000049   DN WEB_SERVER PHP_SYSTEM_CMD
1      42000226   DN SCAN Scanner WITOOL SQL Injection Scan 



Keine Kommentare:

Kommentar veröffentlichen