攻擊者常用的UserAgent

1 UserAgent:#

Vulnerbilityscannerandbruteforcetools#

-'*(hydra)*'
-'*arachni/*'
-'*BFAC*'
-'*brutus*'
-'*cgichk*'
-'*core-project/1.0*'
-'*crimscanner/*'
-'*datacha0s*'
-'*dirbuster*'
-'*dominohunter*'
-'*dotdotpwn*'
-'FHScanCore'
-'*floodgate*'
-'*get-minimal*'
-'*gootkitauto-rooterscanner*'
-'*grendel-scan*'
-'*inspath*'
-'*internetninja*'
-'*jaascois*'
-'*zmeu*'
-'*masscan*'
-'*metis*'
-'*morfeusfuckingscanner*'
-'*n-stealth*'
-'*nsauditor*'
-'*pmafind*'
-'*securityscan*'
-'*springenwerk*'
-'*tehforestlobster*'
-'*toatadragostea*'
-'*vega/*'
-'*voideye*'
-'*webshag*'
-'*webvulnscan*'
-'*whcc/*'

2 SQLInjection#

-'*Havij'
-'*absinthe*'
-'*bsqlbf*'
-'*mysqloit*'
-'*pangolin*'
-'*sqlpowerinjector*'
-'*sqlmap*'
-'*sqlninja*'
-'*uil2pn*'

3 Exploits#

-'*wordpresshashgrabber*'
-'*exploit*'

4 BadlyscriptedUA#

-'user-agent'#User-Agent:User-Agent:
-'*(compatible;MSIE*'#typicaltypo-missingspace
-'*.0;WindowsNT*'#typicaltypo-missingspace
-'Mozilla/3.0*'
-'Mozilla/2.0*'
-'Mozilla/1.0*'
-'Mozilla*'#missingslash
-'Mozilla/*'#leadingspace
-'Mozila/*'#single'l'

5 RATs#

-'Mozilla/5.0(WindowsNT6.1;WOW64;rv:53.0)Gecko/20100101Chrome/53.0'#DargonOK
-'Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.1)'#UsedbyPlugX-base-liningrecommended-鏈接：PlugXAPTMalware|RSALink
-'Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.1;Trident/4.0)'#UsedbyPlugX-base-liningrecommended-鏈接：PlugXAPTMalware|RSALink
-'Mozilla/4.0(compatible;MSIE6.0;WindowsNT5.0;.NETCLR1.1.4322)'#UsedbyPlugX-old-鏈接：https://goo.gl/Yfjtk5
-'HttpBrowser/1.0'#HTTPBrowserRAT
-'*<|>*'#Houdini/Iniduoh/njRAT
-'nsis_inetc(mozilla)'#ZeroAccess
-'Wget/1.9+cvs-stable(RedHatmodified)'#Dyre/Upatre

6 APTRelated#

-'SJZJ(compatible;MSIE6.0;Win32)'#APTBackspace
-'Mozilla/5.0(WindowsNT6.;WOW64;rv:20.0)Gecko/20100101Firefox/20.0'#APTGrizzlySteppe-ChopStick-USCERT鏈接：https://goo.gl/1DTHwi
-'User-Agent:Mozilla/4.0(compatible;MSIE8.0;WindowsNT6.1;Trident/4.0;SLCC'#CommentCrewMiniasp
-'Mozilla/4.0(compatible;MSIE7.4;Win32;32-bit)'#CommentCrewMiniasp
-'webclient'#NaikonAPT
-'Mozilla/5.0(Windows;U;WindowsNT5.1;zh-EN;rv:1.7.12)Gecko/200'#NaikonAPT
-'Mozilla/4.0(compatible;MSI6.0;'#SnowGlobeBabar-yes,itiscut
-'Mozilla/5.0(WindowsNT6.3;WOW64;rv:28.0)Gecko/20100101Firefox/28.0'#Sofacy-Xtunnel
-'Mozilla/5.0(WindowsNT6.2;WOW64;rv:20.0)Gecko/20100101Firefox/'#Sofacy-Xtunnel
-'Mozilla/5.0(WindowsNT6.;WOW64;rv:20.0)Gecko/20100101Firefox/2'#Sofacy-Xtunnel
-'Mozilla/4.0'#DerusbibackdoorELF鏈接：https://github.com/fideliscyber/indicators/tree/master/FTA-1021
-'Netscape'#Unit78020Malware
-'Mozilla/5.0(Windows;U;WindowsNT5.1;zh-EN;rv:1.7.12)Gecko/20100719Firefox/1.0.7'#Unit78020Malware
-'Mozilla/5.0(Windows;U;WindowsNT5.1;en-US;rv:1.9.2.13)Firefox/3.6.13GTB7.1'#Winntirelated
-'Mozilla/5.0(compatible;MSIE9.0;WindowsNT6.1;WOW64;Trident/5.0)'#Winntirelated

7 Malware#

-'*zeroup*'#W32/Renos.Downloader
-'Mozilla/5.0(WindowsNT5.1;v.*'#Kazy
-'*adlib/*'#鏈接：https://goo.gl/gcAHoh
-'*tiny'#TrojanDownloader
-'*BGroom*'#TrojanDownloader
-'*changhuatong'
-'*CholTBAgent'
-'Mozilla/5.0WinInet'
-'RookIE/1.0'
-'M'#HkMain
-'Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.1;Trident/4.0)'#Egamipload-oldUA-probablepronetofalsepositives
-'Mozilla/4.0(compatible;MSIE7.0;WindowsNT6.0)'#Yakes
-'backdoorbot'
-'Mozilla/5.0(Windows;U;WindowsNT5.1;en-US;rv:1.9.2.3)Gecko/20100401Firefox/3.6.1(.NETCLR3.5.30731)'#Sality
-'Opera/8.81(WindowsNT6.0;U;en)'#Sality
-'Mozilla/5.0(Windows;U;WindowsNT5.1;en-US;rv:1.9.2.3)Gecko/20100401Firefox/3.6.1(.NETCLR3.5.30729)'#Sality
-'Opera'#TrojanKeragany
-'Mozilla/4.0(compatible;MSIE5.0;Windows98)'#Fareit
-'Mozilla/4.0(compatible;MSIE5.01;WindowsNT5.0)'#Webshell'sbackconnect
-'MSIE'#Tobywebshell

8 Others#

-'*pxyscand*'
-'*asd'
-'*mdms'
-'sample'
-'nocase'
-'Moxilla'
-'Win32*'
-'_'
-'*MicrosoftInternetExplorer*'
-'agent*'
-'AutoIt'#Suspicious-base-liningrecommended
-'IczelionDownLoad'

9 CobaltStrike#

鏈接：MalleableCommandandControlLanguage-CobaltSt...
-'InternetExplorer*'
-'Mozilla/4.0(compatible;MSIE6.0;WindowsNT5.1;SV1;InfoPath.2)'#鏈接：https://goo.gl/f4H5Ez

10 MetasploitFramework-AnalysisbyDidierStevens#

鏈接：Quickpost:MetasploitUserAgentStrings|Didier...
-'Mozilla/4.0(compatible;MetasploitRSPEC)'
-'Mozilla/4.0(compatible;MSIE6.1;WindowsNT)'
-'Mozilla/4.0(compatible;MSIE6.0;WindowsNT5.1)'#oldbrowser,rare,base-liningneeded
-'Mozilla/4.0(compatible;MSIE7.0;WindowsNT6.0)'#oldbrowser,rare,base-liningneeded
-'Mozilla/4.0(compatible;MSIE8.0;WindowsNT6.0;Trident/4.0)'#oldbrowser,rare,base-liningneeded
-'Mozilla/4.0(compatible;MSIE7.0;WindowsNT6.0;Trident/4.0;SIMBAR={7DB0F6DE-8DE7-4841-9084-28FA914B0F2E};SLCC1;.N'
-
-'Mozilla/5.0(compatible;Googlebot/2.1;+鏈接：http://www.google.com/bot.html)'#onlyuseinproxylogs-notfordetectioninwebserverlogs
-'Mozilla/5.0(Windows;U;WindowsNT5.1;en-US)AppleWebKit/525.13(KHTML,likeGecko)Chrome/4.0.221.6Safari/525.13'

11 MetasploitUpdatebyFlorianRoth08.07.2017#

-'Mozilla/5.0'
-'Mozilla/4.0(compatible;SPIPE/1.0'
#-'Mozilla/5.0(compatible;MSIE10.0;WindowsNT6.1;Trident/6.0)'#toomanyfalsepositivesexpected
#-'Mozilla/5.0(WindowsNT6.1;Trident/7.0;rv:11.0)likeGecko'#toomanyfalsepositivesexpected
-'Mozilla/5.0(WindowsNT6.3;rv:39.0)Gecko/20100101Firefox/35.0'
-'SametimeCommunityAgent'#Unknownifpronetofalsepositives-usedin鏈接：https://goo.gl/gHZkeR
-'#{suser}'
-'X-FORWARDED-FOR'
-'DotDotPwnv2.1'
-'SIPDROID'