增加了一些非法扫描器及脚本

通过1年的日志分析，收集了一些非法扫描器、脚本、爬虫的UA
1 year ago · 8a0e8e9c17
parent c735dab40d
commit 8a0e8e9c17
1 changed files with 4 additions and 2 deletions
--- a/plugins/op_waf/waf/rule/user_agent.json
+++ b/plugins/op_waf/waf/rule/user_agent.json
@ -2,5 +2,7 @@
 	[1,"(HTTrack|Apache-HttpClient|harvest|audit|dirbuster|pangolin|nmap|sqln|hydra|Parser|libwww|BBBike|sqlmap|w3af|owasp|Nikto|fimap|havij|zmeu|BabyKrokodil|netsparker|httperf| SF/)","关键词过滤1",0],
 	[1,"(ApacheBench)","AB测试",0],
 	[1,"(Amazonbot)","Amazon爬虫",0],
-	[1,"(SemrushBot)","Semrush爬虫",0]
-]
+	[1,"(SemrushBot)","Semrush爬虫",0],
+	[1,"(^$|Apache-HttpClient|colly|curl|okhttp|Go-http-client|python-requests|Python-urllib|python-httpx|Scrapy|aiohttp|Nmap Scripting Engine|Java|fasthttp|Wget)","非法脚本",0],
+	[1,"(CensysInspect|intelx\\.io_bot|InternetMeasurement|ips-agent|MJ12Bot|NetcraftSurveyAgent|SemrushBot|l9scan|SEOlyt|kirkland-signature|ZoominfoBot|Expanse|CheckMarkNetwork|dotbot|Pandalytics|Screaming Frog SEO Spider|W3C_CSS_Validator_JFouffa)","非法扫描器",0]
+]