Rookie

漫游指南-1 的世界

流浪在大理的斜杠青年
首页标签归档图文关于

攻击者常用的UserAgent

#UserAgent144
AI 翻译
这篇文章通过AI由英语翻译成中文查看原文
AI 生成的摘要
该文档列出了攻击者常用的UserAgent字符串,分为多个类别,包括漏洞扫描器、SQL注入工具、恶意软件、APT相关、RAT(远程访问木马)等。每个类别下列出了具体的UserAgent示例,显示了攻击者在进行网络攻击时可能使用的工具和方法。文中还提到了一些常见的拼写错误和格式问题,可能被攻击者利用。

1 UserAgent:#

漏洞扫描器和暴力破解工具#

-'*(hydra)*'
-'*arachni/*'
-'*BFAC*'
-'*brutus*'
-'*cgichk*'
-'*core-project/1.0*'
-'*crimscanner/*'
-'*datacha0s*'
-'*dirbuster*'
-'*dominohunter*'
-'*dotdotpwn*'
-'FHScanCore'
-'*floodgate*'
-'*get-minimal*'
-'*gootkitauto-rooterscanner*'
-'*grendel-scan*'
-'*inspath*'
-'*internetninja*'
-'*jaascois*'
-'*zmeu*'
-'*masscan*'
-'*metis*'
-'*morfeusfuckingscanner*'
-'*n-stealth*'
-'*nsauditor*'
-'*pmafind*'
-'*securityscan*'
-'*springenwerk*'
-'*tehforestlobster*'
-'*toatadragostea*'
-'*vega/*'
-'*voideye*'
-'*webshag*'
-'*webvulnscan*'
-'*whcc/*'

2 SQL 注入#

-'*Havij'
-'*absinthe*'
-'*bsqlbf*'
-'*mysqloit*'
-'*pangolin*'
-'*sqlpowerinjector*'
-'*sqlmap*'
-'*sqlninja*'
-'*uil2pn*'

3 漏洞利用#

-'*wordpresshashgrabber*'
-'*exploit*'

4 错误脚本的 UA#

-'user-agent'#用户代理:用户代理:
-'*(compatible;MSIE*'#典型拼写错误-缺少空格
-'*.0;WindowsNT*'#典型拼写错误-缺少空格
-'Mozilla/3.0*'
-'Mozilla/2.0*'
-'Mozilla/1.0*'
-'Mozilla*'#缺少斜杠
-'Mozilla/*'#前导空格
-'Mozila/*'#单个'l'

5 RATs#

-'Mozilla/5.0(WindowsNT6.1;WOW64;rv:53.0)Gecko/20100101Chrome/53.0'#DargonOK
-'Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.1)'#用于PlugX-基线推荐-链接:PlugXAPT恶意软件|RSALink
-'Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.1;Trident/4.0)'#用于PlugX-基线推荐-链接:PlugXAPT恶意软件|RSALink
-'Mozilla/4.0(compatible;MSIE6.0;WindowsNT5.0;.NETCLR1.1.4322)'#用于PlugX-旧版-链接:https://goo.gl/Yfjtk5
-'HttpBrowser/1.0'#HTTP浏览器RAT
-'*<|>*'#Houdini/Iniduoh/njRAT
-'nsis_inetc(mozilla)'#ZeroAccess
-'Wget/1.9+cvs-stable(RedHatmodified)'#Dyre/Upatre

6 APT 相关#

-'SJZJ(compatible;MSIE6.0;Win32)'#APTBackspace
-'Mozilla/5.0(WindowsNT6.;WOW64;rv:20.0)Gecko/20100101Firefox/20.0'#APTGrizzlySteppe-ChopStick-USCERT链接:https://goo.gl/1DTHwi
-'User-Agent:Mozilla/4.0(compatible;MSIE8.0;WindowsNT6.1;Trident/4.0;SLCC'#CommentCrewMiniasp
-'Mozilla/4.0(compatible;MSIE7.4;Win32;32-bit)'#CommentCrewMiniasp
-'webclient'#NaikonAPT
-'Mozilla/5.0(Windows;U;WindowsNT5.1;zh-EN;rv:1.7.12)Gecko/200'#NaikonAPT
-'Mozilla/4.0(compatible;MSI6.0;'#SnowGlobeBabar-是的,它被剪切
-'Mozilla/5.0(WindowsNT6.3;WOW64;rv:28.0)Gecko/20100101Firefox/28.0'#Sofacy-Xtunnel
-'Mozilla/5.0(WindowsNT6.2;WOW64;rv:20.0)Gecko/20100101Firefox/'#Sofacy-Xtunnel
-'Mozilla/5.0(WindowsNT6.;WOW64;rv:20.0)Gecko/20100101Firefox/2'#Sofacy-Xtunnel
-'Mozilla/4.0'#DerusbibackdoorELF链接:https://github.com/fideliscyber/indicators/tree/master/FTA-1021
-'Netscape'#Unit78020恶意软件
-'Mozilla/5.0(Windows;U;WindowsNT5.1;zh-EN;rv:1.7.12)Gecko/20100719Firefox/1.0.7'#Unit78020恶意软件
-'Mozilla/5.0(Windows;U;WindowsNT5.1;en-US;rv:1.9.2.13)Firefox/3.6.13GTB7.1'#Winnti相关
-'Mozilla/5.0(compatible;MSIE9.0;WindowsNT6.1;WOW64;Trident/5.0)'#Winnti相关

7 恶意软件#

-'*zeroup*'#W32/Renos.Downloader
-'Mozilla/5.0(WindowsNT5.1;v.*'#Kazy
-'*adlib/*'#链接:https://goo.gl/gcAHoh
-'*tiny'#木马下载器
-'*BGroom*'#木马下载器
-'*changhuatong'
-'*CholTBAgent'
-'Mozilla/5.0WinInet'
-'RookIE/1.0'
-'M'#HkMain
-'Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.1;Trident/4.0)'#Egamipload-旧UA-可能容易产生误报
-'Mozilla/4.0(compatible;MSIE7.0;WindowsNT6.0)'#Yakes
-'backdoorbot'
-'Mozilla/5.0(Windows;U;WindowsNT5.1;en-US;rv:1.9.2.3)Gecko/20100401Firefox/3.6.1(.NETCLR3.5.30731)'#Sality
-'Opera/8.81(WindowsNT6.0;U;en)'#Sality
-'Mozilla/5.0(Windows;U;WindowsNT5.1;en-US;rv:1.9.2.3)Gecko/20100401Firefox/3.6.1(.NETCLR3.5.30729)'#Sality
-'Opera'#木马Keragany
-'Mozilla/4.0(compatible;MSIE5.0;Windows98)'#Fareit
-'Mozilla/4.0(compatible;MSIE5.01;WindowsNT5.0)'#Webshell的反向连接
-'MSIE'#Tobywebshell

8 其他#

-'*pxyscand*'
-'*asd'
-'*mdms'
-'sample'
-'nocase'
-'Moxilla'
-'Win32*'
-'_'
-'*MicrosoftInternetExplorer*'
-'agent*'
-'AutoIt'#可疑-基线推荐
-'IczelionDownLoad'

9 CobaltStrike#

链接:MalleableCommandandControlLanguage-CobaltSt...
-'InternetExplorer*'
-'Mozilla/4.0(compatible;MSIE6.0;WindowsNT5.1;SV1;InfoPath.2)'#链接:https://goo.gl/f4H5Ez

10 MetasploitFramework - 由 DidierStevens 分析#

链接:Quickpost:MetasploitUserAgentStrings|Didier...
-'Mozilla/4.0(compatible;MetasploitRSPEC)'
-'Mozilla/4.0(compatible;MSIE6.1;WindowsNT)'
-'Mozilla/4.0(compatible;MSIE6.0;WindowsNT5.1)'#旧浏览器,稀有,需要基线
-'Mozilla/4.0(compatible;MSIE7.0;WindowsNT6.0)'#旧浏览器,稀有,需要基线
-'Mozilla/4.0(compatible;MSIE8.0;WindowsNT6.0;Trident/4.0)'#旧浏览器,稀有,需要基线
-'Mozilla/4.0(compatible;MSIE7.0;WindowsNT6.0;Trident/4.0;SIMBAR={7DB0F6DE-8DE7-4841-9084-28FA914B0F2E};SLCC1;.N'
-
-'Mozilla/5.0(compatible;Googlebot/2.1;+链接:http://www.google.com/bot.html)'#仅在代理日志中使用-不用于检测网页服务器日志
-'Mozilla/5.0(Windows;U;WindowsNT5.1;en-US)AppleWebKit/525.13(KHTML,likeGecko)Chrome/4.0.221.6Safari/525.13'

11 Metasploit 更新由 FlorianRoth 于 2017 年 7 月 8 日#

-'Mozilla/5.0'
-'Mozilla/4.0(compatible;SPIPE/1.0'
#-'Mozilla/5.0(compatible;MSIE10.0;WindowsNT6.1;Trident/6.0)'#预期会有太多误报
#-'Mozilla/5.0(WindowsNT6.1;Trident/7.0;rv:11.0)likeGecko'#预期会有太多误报
-'Mozilla/5.0(WindowsNT6.3;rv:39.0)Gecko/20100101Firefox/35.0'
-'SametimeCommunityAgent'#未知是否容易产生误报-用于链接:https://goo.gl/gHZkeR
-'#{suser}'
-'X-FORWARDED-FOR'
-'DotDotPwnv2.1'
-'SIPDROID'
加载中...
此文章数据所有权由区块链加密技术和智能合约保障仅归创作者所有。