We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Looking at https://github.com/BishopFox/watchtower/blob/master/signatures/php.rb there seem to be a bunch of signatures that don't appear to be included here. (comparing against php.yml)
For example, this may not be all of them, but here are the ones I noticed for PHP:
# Dangerous Functions Signature.new({:literal => 'fclose('}), Signature.new({:literal => 'fpassthru'}), Signature.new({:literal => 'gzopen'}), Signature.new({:literal => 'gzfile'}), Signature.new({:literal => 'gzpassthru'}), Signature.new({:literal => 'readgzfile'}), Signature.new({:literal => 'copy'}), Signature.new({:literal => 'rename'}), Signature.new({:literal => 'rmdir'}), Signature.new({:literal => 'mkdir'}), Signature.new({:literal => 'unlink'}), Signature.new({:literal => 'file_put_contents'}), Signature.new({:literal => 'parse_ini_file'}), Signature.new({:literal => 'virtual'}), Signature.new({:literal => 'ob_get_contents('}), Signature.new({:literal => 'call_user_func'}), Signature.new({:literal => 'call_user_func_array'}), Signature.new({:literal => 'call_user_method'}), Signature.new({:literal => 'call_user_method_array'}), # Sockets Signature.new({:literal => 'socket_create'}), Signature.new({:literal => 'socket_connect'}), Signature.new({:literal => 'socket_write'}), Signature.new({:literal => 'socket_send'}), Signature.new({:literal => 'socket_recv'}), # Payload Obfuscators Signature.new({:literal => '\$\$'}), Signature.new({:name => 'Base64', :regex => '(?:[A-Za-z0-9+/]{4})*[=]{1-2}'}), # Globals Signature.new({:literal => '$HTTP_GET_VARS'}), Signature.new({:literal => '$HTTP_POST_VARS'}), Signature.new({:literal => '$HTTP_COOKIE_VARS'}), Signature.new({:literal => '$HTTP_POST_FILES'}), Signature.new({:literal => '$_SERVER[\'REQUEST_METHOD\']'}), Signature.new({:literal => '$_SERVER[\'QUERY_STRING\']'}), Signature.new({:literal => '$_SERVER[\'REQUEST_URI\']'}), Signature.new({:literal => '$_SERVER[\'HTTP_ACCEPT\']'}), Signature.new({:literal => '$_SERVER[\'HTTP_ACCEPT_CHARSET\']'}), Signature.new({:literal => '$_SERVER[\'HTTP_ACCEPT_ENCODING\']'}), Signature.new({:literal => '$_SERVER[\'HTTP_ACCEPT_LANGUAGE\']'}), Signature.new({:literal => '$_SERVER[\'HTTP_CONNECTION\']'}), Signature.new({:literal => '$_SERVER[\'HTTP_HOST\']'}), Signature.new({:literal => '$_SERVER[\'HTTP_REFERER\']'}), Signature.new({:literal => '$_SERVER[\'HTTP_USER_AGENT\']'}), Signature.new({:literal => '$_SERVER[\'PHP_SELF\']'}), # Redirects Signature.new({:literal => 'http_redirect'}), Signature.new({:literal => 'header'}), Signature.new({:literal => 'HttpMessage::setResponseCode">HttpMessage::setResponseCode'}), Signature.new({:literal => 'HttpMessage::setHeaders">HttpMessage::setHeaders'}), # SQL Signature.new({:literal => 'SELECT'}), Signature.new({:literal => 'INSERT'}), Signature.new({:literal => 'UPDATE'}), Signature.new({:literal => 'DELETE'}), Signature.new({:literal => 'REPLACE'}), Signature.new({:literal => 'DROP'}), Signature.new({:literal => 'TRUNCATE'}), Signature.new({:literal => 'mysql_query'}), Signature.new({:literal => 'mssql_query'}), Signature.new({:literal => 'pg_query'}), Signature.new({:literal => 'pg_exec'}), Signature.new({:literal => 'mysqli->prepare'}), Signature.new({:literal => 'stmt->prepare'}), Signature.new({:literal => 'stmt->bind_param'}), Signature.new({:literal => 'stmt->execute'}), Signature.new({:literal => 'odbc_prepare'}), # Developer Notes Signature.new({:literal => '@todo'}), Signature.new({:literal => '@bug'}), Signature.new({:literal => '@fixme'}), Signature.new({:literal => '@kludge'}), Signature.new({:literal => '@note'}), Signature.new({:literal => '@hack'}), # Custom Strings Signature.new({:literal => 'username'}), Signature.new({:literal => 'password'}), Signature.new({:literal => 'host'}), Signature.new({:literal => 'database'}), Signature.new({:literal => 'phpinfo'}), Signature.new({:name => 'Profanity', :regex => '[Ff]uck|[Ss]hit'}), # Hashes Signature.new({:name => 'MD5', :regex => '[0-9a-f]{32}'}), Signature.new({:name => 'SHA1', :regex => '[0-9a-f]{40}'}), # Crypto Signature.new({:literal => 'hash_'}), Signature.new({:literal => 'blenc_'}),
Looking at the diff, there seems to be 9 commits: BishopFox/watchtower@c148caf...BishopFox:master
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Looking at https://github.com/BishopFox/watchtower/blob/master/signatures/php.rb there seem to be a bunch of signatures that don't appear to be included here. (comparing against php.yml)
For example, this may not be all of them, but here are the ones I noticed for PHP:
Looking at the diff, there seems to be 9 commits: BishopFox/watchtower@c148caf...BishopFox:master
The text was updated successfully, but these errors were encountered: