Initial commit

traefik-crowdsec-stack/crowdsec/data/GeoLite2-ASN.mmdb

@@ -0,0 +1 @@
+/staging/var/lib/crowdsec/data/GeoLite2-ASN.mmdb

traefik-crowdsec-stack/crowdsec/data/GeoLite2-City.mmdb

@@ -0,0 +1 @@
+/staging/var/lib/crowdsec/data/GeoLite2-City.mmdb

traefik-crowdsec-stack/crowdsec/data/backdoors.txt

@@ -0,0 +1,193 @@
+c99.php
+c99shell.php
+r57.php
+r58.php
+dra.php
+r00t.php
+root.php
+mma.php
+filesman.php
+Locus7s.php
+c99-Ultimate.php
+c100.php
+Ekin0x.php
+hacker.php
+safe0ver.php
+sniper.php
+spyshell.php
+CWShellDumper.php
+angel.php
+dq.php
+cmd.php
+liz0zim.php
+simattacker.php
+tryag.php
+150.php
+Ani-Shell.php
+Crystal.php
+Dx.php
+FaTaLisTiCz_Fx.php
+G5.php
+NCC-Shell.php
+NetworkFileManagerPHP.php
+PHANTASMA.php
+PHPJackal.php
+PHPRemoteView.php
+PHPSPY.php
+Php_Backdoor.txt.php
+Private-i3lue.php
+SnIpEr_SA Shell.php
+upl0ader.php
+acid.php
+antichat.php
+shell.php
+udp.php
+ddos.php
+b37.php
+backupsql.php
+bdotw44shell.php
+bug.php
+c37.php
+c66.php
+c99-shadows-mod.php
+c99_PSych0.php
+c99_locus7s.php
+c99_madnet.php
+c99_w4cking.php
+c99madshell.php
+c99ud.php
+c99unlimited.php
+c99v2.php
+cbfphpsh.php
+cihshell_fix.php
+co.php
+connect-back.php
+cpg_143_incl_xpl.php
+ctt_sh.php
+cybershell.php
+egy.php
+erne.php
+ex0shell.php
+g00nv13.php
+hkrkoz.php
+ironshell.php
+isko.php
+iskorpitx.php
+itsecteam_shell.php
+locus.php
+log.php
+simple_cmd.php
+zacosmall.php
+weevely.php
+AK-74.php
+Ajax_PHP_Command_Shell.php
+Antichat_Shell.php
+Ayyildiz_Tim.php
+CasuS-1.5.php
+CrystalShell.php
+DTool_Pro.php
+Dive_Shell.php
+GRP_WebShell.php
+Gamma_Web_Shell.php
+JspWebshell_1.2.php
+KA_uShell_0.1.6.php
+Loaderz_WEB_Shell.php
+Mackers_Private_Shell.php
+Moroccan_Spamers.php
+MyShell.php
+NGH.php
+NTDaddy_v1.9.php
+Non-alphanumeric.php
+PHP_Shell.php
+PHVayv.php
+PhpSpy.php
+Predator.php
+Rootshell.v.1.0.php
+STNC_WebShell_v0.8.php
+Safe0ver_Shell.php
+Safe_Mode_Bypass.php
+SimShell.php
+Simple_PHP_backdoor.php
+Sincap_1.0.php
+Small_Web_Shell.php
+WinX_Shell.php
+Worse_Linux_Shell.php
+ZyklonShell.php
+aZRaiLPhp_v1.0.php
+alfa3.php
+andela.php
+aspydrv.php
+bloodsecv4.php
+cgitelnet.php
+configkillerionkros.php
+dC3_Security.php
+g00nshell-v1.3.php
+jspshell.jsp
+kral.php
+lifkaS.php
+lolipop.php
+lostDC.php
+matamu.php
+megabor.php
+obfuscated-punknopass.php
+pHpINJ.php
+php-backdoor.php
+punk-nopass.php
+punkholic.php
+pws.php
+qsd-backdoor.php
+ru24_post_sh.php
+s72_Shell.php
+simple-backdoor.php
+smevk.php
+soldierofallah.php
+sosyete.php
+spygrup.php
+stres.php
+wso2.8.5.php
+zehir4.php
+cgitelnet.pl
+cmd.pl
+dc.pl
+list.pl
+up.pl
+wewo.pl
+irc.pl
+pws.pl
+PerlWebShellbyRST-GHC.pl
+JspWebshell 1.2.jsp
+browser.jsp
+cmd.jsp
+cmd_win32.jsp
+jspShell.jsp
+jspbd.jsp
+list.jsp
+up.jsp
+up_win32.jsp
+3fexe.asp
+ASpy.asp
+EFSO.asp
+RemExp.asp
+aspxSH.asp
+aspxshell.aspx
+aspydrv.asp
+cmd.asp
+cmd.aspx
+cmdexec.aspx
+elmaliseker.asp
+filesystembrowser.aspx
+fileupload.aspx
+ntdaddy.asp
+spexec.aspx
+sql.aspx
+tool.asp
+toolaspshell.asp
+up.asp
+zehir.asp
+zehir.aspx
+zehir4.asp
+zehir4.aspx
+xleet.php
+xleet-shell.php
+sh3llx.php
+eval-stdin.php

traefik-crowdsec-stack/crowdsec/data/bad_user_agents.regex.txt

@@ -0,0 +1,614 @@
+# MIT License
+# 
+# Copyright (c) 2017 Mitchell Krog - mitchellkrog@gmail.com
+# https://github.com/mitchellkrogza
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+#
+\b360Spider\b
+\b404checker\b
+\b\b404enemy\b\b
+\b80legs\b
+\bAbonti\b
+\bAboundex\b
+\bAboundexbot\b
+\bAcunetix\b
+\bADmantX\b
+\bAfD-Verbotsverfahren\b
+\bAIBOT\b
+\bAiHitBot\b
+\bAipbot\b
+\bAlexibot\b
+\bAlligator\b
+\bAllSubmitter\b
+\bAlphaBot\b
+\bAnarchie\b
+\bAnkit\b
+\bAnthill\b
+\bApexoo\b
+\barquivo.pt\b
+\barquivo-web-crawler\b
+\bAspiegel\b
+\bASPSeek\b
+\bAsterias\b
+\bAttach\b
+\bautoemailspider\b
+\bAwarioRssBot\b
+\bAwarioSmartBot\b
+\bBackDoorBot\b
+\bBacklink-Ceck\b
+\bbacklink-check\b
+\bBacklinkCrawler\b
+\bBackStreet\b
+\bBackWeb\b
+\bBadass\b
+\bBandit\b
+\bBarkrowler\b
+\bBatchFTP\b
+\bBattleztar\ Bazinga\b
+\bBBBike\b
+\bBDCbot\b
+\bBDFetch\b
+\bBetaBot\b
+\bBigfoot\b
+\bBitacle\b
+\bBlackboard\b
+\bBlack\ Hole\b
+\bBlackWidow\b
+\bBLEXBot\b
+\bBlow\b
+\bBlowFish\b
+\bBoardreader\b
+\bBolt\b
+\bBotALot\b
+\bBrandprotect\b
+\bBrandwatch\b
+\bBuck\b
+\bBuddy\b
+\bBuiltBotTough\b
+\bBuiltWith\b
+\bBullseye\b
+\bBunnySlippers\b
+\bBuzzSumo\b
+\bCalculon\b
+\bCATExplorador\b
+\bCazoodleBot\b
+\bCCBot\b
+\bCegbfeieh\b
+\bCensysInspect\b
+\bcheck1.exe\b
+\bCheeseBot\b
+\bCherryPicker\b
+\bCheTeam\b
+\bChinaClaw\b
+\bChlooe\b
+\bClaritybot\b
+\bCliqzbot\b
+\bCloud\ mapping\b
+\bcoccocbot-web\b
+\bCocolyzebot\b
+\bCODE87\b
+\bCogentbot\b
+\bcognitiveseo\b
+\bCollector\b
+\bcolly\b
+\bcom.plumanalytics\b
+\bCopier\b
+\bCopyRightCheck\b
+\bCopyscape\b
+\bCosmos\b
+\bCraftbot\b
+\bcrawler4j\b
+\bcrawler.feedback\b
+\bcrawl.sogou.com\b
+\bCrazyWebCrawler\b
+\bCrescent\b
+\bCrunchBot\b
+\bCSHttp\b
+\bCurious\b
+\bCusto\b
+\bCyotekWebCopy\b
+\bDatabaseDriverMysqli\b
+\bDataCha0s\b
+\bDBLBot\b
+\bdemandbase-bot\b
+\bDemon\b
+\bDeusu\b
+\bDevil\b
+\bDigincore\b
+\bDigitalPebble\b
+\bDIIbot\b
+\bDirbuster\b
+\bDisco\b
+\bDiscobot\b
+\bDiscoverybot\b
+\bDispatch\b
+\bDittoSpyder\b
+\bDnyzBot\b
+\bDomainAppender\b
+\bDomainCrawler\b
+\bDomainSigmaCrawler\b
+\bDomains\ Project\b
+\bdomainsproject.org\b
+\bDomainStatsBot\b
+\bDotbot\b
+\bDownload\ Wonder\b
+\bDragonfly\b
+\bDrip\b
+\bDSearch\b
+\bDTS\ Agent\b
+\bEasyDL\b
+\bEbingbong\b
+\beCatch\b
+\bECCP/1.0\b
+\bEcxi\b
+\bEirGrabber\b
+\bEMail\ Siphon\b
+\bEMail\ Wolf\b
+\bEroCrawler\b
+\bevc-batch\b
+\bEvil\b
+\bExabot\b
+\bExpress\ WebPictures\b
+\bExtLinksBot\b
+\bExtractor\b
+\bExtractorPro\b
+\bExtreme\ Picture\ Finder\b
+\bEyeNetIE\b
+\bEzooms\b
+\bfacebookscraper\b
+\bFDM\b
+\bFemtosearchBot\b
+\bFHscan\b
+\bFimap\b
+\bFirefox/7.0\b
+\bFlashGet\b
+\bFlunky\b
+\bFoobot\b
+\bFreeuploader\b
+\bFrontPage\b
+\bFyberSpider\b
+\bFyrebot\b
+\bGalaxyBot\b
+\bGenieo\b
+\bGermCrawler\b
+\bGetintent\b
+\bGetRight\b
+\bGetWeb\b
+\bGigablast\b
+\bGigabot\b
+\bG-i-g-a-b-o-t\b
+\bGo-Ahead-Got-It\b
+\bgobuster\b
+\bGotit\b
+\bGoZilla\b
+\bGo!Zilla\b
+\bGrabber\b
+\bGrabNet\b
+\bGrafula\b
+\bGrapeFX\b
+\bGridBot\b
+\bGT::WWW\b
+\bHaansoft\b
+\bHaosouSpider\b
+\bHarvest\b
+\bHavij\b
+\bHEADMasterSEO\b
+\bheritrix\b
+\bHeritrix\b
+\bHloader\b
+\bHMView\b
+\bHTMLparser\b
+\bHTTP::Lite\b
+\bHTTrack\b
+\bHumanlinks\b
+\bHybridBot\b
+\bIblog\b
+\bIDBot\b
+\bIDBTE4M\b
+\bId-search\b
+\bIlseBot\b
+\bImage\ Fetch\b
+\bImage\ Sucker\b
+\bIndeedBot\b
+\bIndy\ Library\b
+\bInfoNaviRobot\b
+\bInfoTekies\b
+\binstabid\b
+\bIntelliseek\b
+\bInterGET\b
+\bInternet\ Ninja\b
+\bInternetSeer\b
+\binternetVista\ monitor\b
+\bips-agent\b
+\bIria\b
+\bIRLbot\b
+\bisitwp.com\b
+\bIskanie\b
+\bIstellaBot\b
+\bJamesBOT\b
+\bJbrofuzz\b
+\bJennyBot\b
+\bJetCar\b
+\bJetty\b
+\bJikeSpider\b
+\bJOC\ Web\ Spider\b
+\bJoomla\b
+\bJorgee\b
+\bJustView\b
+\bJyxobot\b
+\bKenjin\ Spider\b
+\bKeyword\ Density\b
+\bKinza\b
+\bKozmosbot\b
+\bLanshanbot\b
+\bLarbin\b
+\bLeechFTP\b
+\bLeechGet\b
+\bLexiBot\b
+\bLftp\b
+\bLibWeb\b
+\bLibwhisker\b
+\bLieBaoFast\b
+\bLightspeedsystems\b
+\bLikse\b
+\bLinkbot\b
+\bLinkdexbot\b
+\bLinkextractorPro\b
+\bLinkpadBot\b
+\bLinkScan\b
+\bLinksManager\b
+\bLinkWalker\b
+\bLinqiaMetadataDownloaderBot\b
+\bLinqiaRSSBot\b
+\bLinqiaScrapeBot\b
+\bLipperhey\b
+\bLipperhey\ Spider\b
+\bLitemage_walker\b
+\bLmspider\b
+\bLNSpiderguy\b
+\bLtx71\b
+\blwp-request\b
+\bLWP::Simple\b
+\blwp-trivial\b
+\bMagnet\b
+\bMag-Net\b
+\bmagpie-crawler\b
+\bMajestic12\b
+\bMajestic-SEO\b
+\bMajestic\ SEO\b
+\bMarkMonitor\b
+\bMarkWatch\b
+\bMasscan\b
+\bmasscan\b
+\bMass\ Downloader\b
+\bMata\ Hari\b
+\bMauiBot\b
+\bMb2345Browser\b
+\bmeanpathbot\b
+\bMeanpathbot\b
+\bMeanPath\ Bot\b
+\bMediatoolkitbot\b
+\bmediawords\b
+\bMegaIndex.ru\b
+\bMetauri\b
+\bMFC_Tear_Sample\b
+\bMicroMessenger\b
+\bMicrosoft\ Data\ Access\b
+\bMicrosoft\ URL\ Control\b
+\bMIDown\ tool\b
+\bMIIxpc\b
+\bMister\ PiX\b
+\bMJ12bot\b
+\bMojeek\b
+\bMojolicious\b
+\bMorfeus\ Fucking\ Scanner\b
+\bMozlila\b
+\bMQQBrowser\b
+\bMr.4x3\b
+\bMSFrontPage\b
+\bMSIECrawler\b
+\bMsrabot\b
+\bmuhstik-scan\b
+\bMusobot\b
+\bName\ Intelligence\b
+\bNameprotect\b
+\bNavroad\b
+\bNearSite\b
+\bNeedle\b
+\bNessus\b
+\bNetAnts\b
+\bNetcraft\b
+\bnetEstate\ NE\ Crawler\b
+\bNetLyzer\b
+\bNetMechanic\b
+\bNetSpider\b
+\bNettrack\b
+\bNet\ Vampire\b
+\bNetvibes\b
+\bNetZIP\b
+\bNextGenSearchBot\b
+\bNibbler\b
+\bNICErsPRO\b
+\bNiki-bot\b
+\bNikto\b
+\bNimbleCrawler\b
+\bNimbostratus\b
+\bNinja\b
+\bNuclei\b
+\bNmap\b
+\bNPbot\b
+\bNutch\b
+\boBot\b
+\bOctopus\b
+\bOffline\ Explorer\b
+\bOffline\ Navigator\b
+\bOnCrawl\b
+\bOpenfind\b
+\bOpenLinkProfiler\b
+\bOpenvas\b
+\bOpenVAS\b
+\bOPPO A33\b
+\bOrangeBot\b
+\bOrangeSpider\b
+\bOutclicksBot\b
+\bOutfoxBot\b
+\bPageAnalyzer\b
+\bPage\ Analyzer\b
+\bPageGrabber\b
+\bpage\ scorer\b
+\bPageScorer\b
+\bPandalytics\b
+\bPanscient\b
+\bPapa\ Foto\b
+\bPavuk\b
+\bpcBrowser\b
+\bPECL::HTTP\b
+\bPeoplePal\b
+\bPetalbot\b
+\bPHPCrawl\b
+\bPicscout\b
+\bPicsearch\b
+\bPictureFinder\b
+\bPimonster\b
+\bPi-Monster\b
+\bPixray\b
+\bPleaseCrawl\b
+\bplumanalytics\b
+\bPockey\b
+\bPOE-Component-Client-HTTP\b
+\bpolaris\ version\b
+\bProbethenet\b
+\bProPowerBot\b
+\bProWebWalker\b
+\bPsbot\b
+\bPump\b
+\bPxBroker\b
+\bPyCurl\b
+\bQueryN\ Metasearch\b
+\bQuick-Crawler\b
+\bRankActive\b
+\bRankActiveLinkBot\b
+\bRankFlex\b
+\bRankingBot\b
+\bRankingBot2\b
+\bRankivabot\b
+\bRankurBot\b
+\bRealDownload\b
+\bReaper\b
+\bRebelMouse\b
+\bRecorder\b
+\bRedesScrapy\b
+\bReGet\b
+\bRepoMonkey\b
+\bRipper\b
+\bRocketCrawler\b
+\bRogerbot\b
+\bRSSingBot\b
+\bs1z.ru\b
+\bSalesIntelligent\b
+\bsatoristudio.net\b
+\bSBIder\b
+\bScanAlert\b
+\bScanbot\b
+\bscan.lol\b
+\bScoutJet\b
+\bScrapy\b
+\bScreaming\b
+\bScreenerBot\b
+\bSearchestate\b
+\bSearchmetricsBot\b
+\bSentiBot\b
+\bSEOkicks\b
+\bSEOkicks-Robot\b
+\bSEOlyticsCrawler\b
+\bSeomoz\b
+\bSEOprofiler\b
+\bseoscanners\b
+\bSeoSiteCheckup\b
+\bSEOstats\b
+\bserpstatbot\b
+\bsexsearcher\b
+\bShodan\b
+\bSiphon\b
+\bSISTRIX\b
+\bSitebeam\b
+\bSiteCheckerBotCrawler\b
+\bsitechecker.pro\b
+\bSiteExplorer\b
+\bSiteimprove\b
+\bSiteLockSpider\b
+\bSiteSnagger\b
+\bSiteSucker\b
+\bSite\ Sucker\b
+\bSitevigil\b
+\bSlySearch\b
+\bSmartDownload\b
+\bSMTBot\b
+\bSnake\b
+\bSnapbot\b
+\bSnoopy\b
+\bSocialRankIOBot\b
+\bSociscraper\b
+\bsogouspider\b
+\bSogou\ web\ spider\b
+\bSosospider\b
+\bSottopop\b
+\bSpaceBison\b
+\bSpammen\b
+\bSpankBot\b
+\bSpanner\b
+\bsp_auditbot\b
+\bSpbot\b
+\bSpinn3r\b
+\bSputnikBot\b
+\bspyfu\b
+\bSqlmap\b
+\bSqlworm\b
+\bSqworm\b
+\bSteeler\b
+\bStripper\b
+\bSucker\b
+\bSucuri\b
+\bSuperBot\b
+\bSuperHTTP\b
+\bSurfbot\b
+\bSurveyBot\b
+\bSuzuran\b
+\bSwiftbot\b
+\bsysscan\b
+\bSzukacz\b
+\bT0PHackTeam\b
+\bT8Abot\b
+\btAkeOut\b
+\bTeleport\b
+\bTeleportPro\b
+\bTelesoft\b
+\bTelesphoreo\b
+\bTelesphorep\b
+\bThe\ Intraformant\b
+\bTheNomad\b
+\bThumbor\b
+\bTightTwatBot\b
+\bTitan\b
+\bToata\b
+\bToweyabot\b
+\bTracemyfile\b
+\bTrendiction\b
+\bTrendictionbot\b
+\btrendiction.com\b
+\btrendiction.de\b
+\bTrue_Robot\b
+\bTuringos\b
+\bTurnitin\b
+\bTurnitinBot\b
+\bTwengaBot\b
+\bTwice\b
+\bTyphoeus\b
+\bUnisterBot\b
+\bUpflow\b
+\bURLy.Warning\b
+\bURLy\ Warning\b
+\bVacuum\b
+\bVagabondo\b
+\bVB\ Project\b
+\bVCI\b
+\bVelenPublicWebCrawler\b
+\bVeriCiteCrawler\b
+\bVidibleScraper\b
+\bVirusdie\b
+\bVoidEYE\b
+\bVoil\b
+\bVoltron\b
+\bWallpapers/3.0\b
+\bWallpapersHD\b
+\bWASALive-Bot\b
+\bWBSearchBot\b
+\bWebalta\b
+\bWebAuto\b
+\bWeb\ Auto\b
+\bWebBandit\b
+\bWebCollage\b
+\bWeb\ Collage\b
+\bWebCopier\b
+\bWEBDAV\b
+\bWebEnhancer\b
+\bWeb\ Enhancer\b
+\bWebFetch\b
+\bWeb\ Fetch\b
+\bWebFuck\b
+\bWeb\ Fuck\b
+\bWebGo\ IS\b
+\bWebImageCollector\b
+\bWebLeacher\b
+\bWebmasterWorldForumBot\b
+\bwebmeup-crawler\b
+\bWebPix\b
+\bWeb\ Pix\b
+\bWebReaper\b
+\bWebSauger\b
+\bWeb\ Sauger\b
+\bWebshag\b
+\bWebsiteExtractor\b
+\bWebsiteQuester\b
+\bWebsite\ Quester\b
+\bWebster\b
+\bWebStripper\b
+\bWebSucker\b
+\bWeb\ Sucker\b
+\bWebWhacker\b
+\bWebZIP\b
+\bWeSEE\b
+\bWhack\b
+\bWhacker\b
+\bWhatweb\b
+\bWho.is\ Bot\b
+\bWidow\b
+\bWindows\ NT\ 5.0\b
+\bWinHTTrack\b
+\bWiseGuys\ Robot\b
+\bWISENutbot\b
+\bWonderbot\b
+\bWoobot\b
+\bWotbox\b
+\bWprecon\b
+\bWPScan\b
+\bWWW-Collector-E\b
+\bWWW-Mechanize\b
+\bWWW::Mechanize\b
+\bWWWOFFLE\b
+\bx09Mozilla\b
+\bx22Mozilla\b
+\bXaldon_WebSpider\b
+\bXaldon\ WebSpider\b
+\bXenu\b
+\bxpymep1.exe\b
+\bYoudaoBot\b
+\bZade\b
+\bZauba\b
+\bzauba.io\b
+\bZermelo\b
+\bZeus\b
+\bzgrab\b
+\bZitebot\b
+\bZmEu\b
+\bZoomBot\b
+\bZoominfoBot\b
+\bZumBot\b
+\bZyBorg\b

traefik-crowdsec-stack/crowdsec/data/cloudflare_ip6s.txt

@@ -0,0 +1,7 @@
+2400:cb00::/32
+2606:4700::/32
+2803:f800::/32
+2405:b500::/32
+2405:8100::/32
+2a06:98c0::/29
+2c0f:f248::/32

traefik-crowdsec-stack/crowdsec/data/cloudflare_ips.txt

@@ -0,0 +1,15 @@
+173.245.48.0/20
+103.21.244.0/22
+103.22.200.0/22
+103.31.4.0/22
+141.101.64.0/18
+108.162.192.0/18
+190.93.240.0/20
+188.114.96.0/20
+197.234.240.0/22
+198.41.128.0/17
+162.158.0.0/15
+104.16.0.0/13
+104.24.0.0/14
+172.64.0.0/13
+131.0.72.0/22

traefik-crowdsec-stack/crowdsec/data/http_path_traversal.txt

@@ -0,0 +1,33 @@
+../
+..\
+..\/
+%2e%2e%2f
+%2E%2E%2F
+%252e%252e%252f
+%252E%252E%252F
+/etc/passwd
+/etc/hosts
+/etc/shadow
+/etc/groups
+%2fetc%2fhosts
+%2fetc%2fshadow
+%2fetc%2fgroups
+%2fetc%2fpasswd
+%2Fetc%2Fhosts
+%2Fetc%2Fshadow
+%2Fetc%2Fgroups
+%2Fetc%2Fpasswd
+=file://
+=zip://
+=php://
+=expect://
+=data://
+/proc/self/
+/var/log/
+windows/win.ini
+Windows/win.ini
+%25SYSTEMROOT%25%5Cwin.ini
+C:/inetpub/wwwroot/global.asa
+C:\inetpub\wwwroot\global.asa
+C:/boot.ini
+C:\boot.ini

traefik-crowdsec-stack/crowdsec/data/ip_seo_bots.txt

@@ -0,0 +1,15 @@
+#crawler:seo:duckduckbot (https://help.duckduckgo.com/duckduckgo-help-pages/results/duckduckbot/)
+23.21.227.69/32
+40.88.21.235/32
+50.16.241.113/32
+50.16.241.114/32
+50.16.241.117/32
+50.16.247.234/32
+52.204.97.54/32
+52.5.190.19/32
+54.197.234.188/32
+54.208.100.253/32
+54.208.102.37/32
+107.21.1.8/32
+#crawler:media:pinterest  https://help.pinterest.com/en/business/article/pinterest-crawler
+54.236.1.0/24

traefik-crowdsec-stack/crowdsec/data/jira_cve_2021-26086.txt

@@ -0,0 +1,14 @@
+/_/;/WEB-INF/web.xml
+/_/;/WEB-INF/decorators.xml
+/_/;/WEB-INF/classes/seraph-config.xml
+/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties
+/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.xml
+/_/;/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
+/_/;/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.properties
+/_/%3B/WEB-INF/web.xml
+/_/%3B/WEB-INF/decorators.xml
+/_/%3B/WEB-INF/classes/seraph-config.xml
+/_/%3B/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties
+/_/%3B/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.xml
+/_/%3B/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
+/_/%3B/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.properties

traefik-crowdsec-stack/crowdsec/data/log4j2_cve_2021_44228.txt

@@ -0,0 +1,35 @@
+${jndi:
+${${::-j}${::-n}${::-d}${::-i}:
+${${::-j}ndi
+${${lower:jndi}:
+${${lower:${lower:jndi}}:
+${${lower:j}${lower:n}${lower:d}i:
+${${lower:j}${upper:n}${lower:d}${upper:i}:
+${${upper:j}${upper:n}${upper:d}${upper:i}:
+${j${${:-l}${:-o}${:-w}${:-e}${:-r}:n}di:
+${${date:'j'}${date:'n'}${date:'d'}${date:'i'}:
+${jnd${sys:SYS_NAME:-i}:
+$%7Bjndi:
+$%7B$%7B:-j%7D$%7B:-n%7D$%7B:-d%7D$%7B:-i%7D:
+$%7B$%7B::-j%7D$%7B::-n%7D$%7B::-d%7D$%7B::-i%7D:
+$%7B$%7B::-j%7Dndi
+$%7B$%7Blower:jndi%7D:
+$%7B$%7Blower:$%7Blower:jndi%7D%7D:
+$%7B$%7Blower:j%7D$%7Blower:n%7D$%7Blower:d%7Di:
+$%7B$%7Blower:j%7D$%7Bupper:n%7D$%7Blower:d%7D$%7Bupper:i%7D:
+$%7B$%7Bupper:j%7D$%7Bupper:n%7D$%7Bupper:d%7D$%7Bupper:i%7D:
+$%7Bj$%7B$%7B:-l%7D$%7B:-o%7D$%7B:-w%7D$%7B:-e%7D$%7B:-r%7D:n%7Ddi:
+$%7B$%7Bdate:'j'%7D$%7Bdate:'n'%7D$%7Bdate:'d'%7D$%7Bdate:'i'%7D:
+$%7Bjnd$%7Bsys:SYS_NAME:-i%7D:
+%24%7Bjndi:
+%24%7B%24%7B::-j%7D%24%7B::-n%7D%24%7B::-d%7D%24%7B::-i%7D:
+%24%7B%24%7B::-j%7Dndi
+%24%7B%24%7Blower:jndi%7D:
+%24%7B%24%7Blower:%24%7Blower:jndi%7D%7D:
+%24%7B%24%7Blower:j%7D%24%7Blower:n%7D%24%7Blower:d%7Di:
+%24%7B%24%7Blower:j%7D%24%7Bupper:n%7D%24%7Blower:d%7D%24%7Bupper:i%7D:
+%24%7B%24%7Bupper:j%7D%24%7Bupper:n%7D%24%7Bupper:d%7D%24%7Bupper:i%7D:
+%24%7Bj%24%7B%24%7B:-l%7D%24%7B:-o%7D%24%7B:-w%7D%24%7B:-e%7D%24%7B:-r%7D:n%7Ddi:
+%24%7B%24%7Bdate:'j'%7D%24%7Bdate:'n'%7D%24%7Bdate:'d'%7D%24%7Bdate:'i'%7D:
+%24%7Bjnd%24%7Bsys:SYS_NAME:-i%7D:
+${jnd${upper:ı}:

traefik-crowdsec-stack/crowdsec/data/rdns_seo_bots.regex

@@ -0,0 +1,4 @@
+rate-limited-proxy-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}.google.com.$
+crawl-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}.googlebot.com.$
+google-proxy-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}.google.com.$
+fwdproxy-[a-z]+-[0-9]+.fbsv.net.$

traefik-crowdsec-stack/crowdsec/data/rdns_seo_bots.txt

@@ -0,0 +1,10 @@
+.googlebot.com.
+.yandex.ru.
+.yandex.net.
+.yandex.com.
+.search.msn.com.
+.crawl.baidu.com.
+.crawl.baidu.jp.
+.crawl.yahoo.net.
+.search.qwant.com.
+.babbar.eu.

traefik-crowdsec-stack/crowdsec/data/sensitive_data.txt

@@ -0,0 +1,90 @@
+.sql
+.sql.gz
+.sql.tar
+.sql.bzip2
+.sql.bz2
+.sql.zip
+.sql.rar
+.sql.7z
+.bash_history
+.bashrc
+.cache
+.config
+.cvs
+.cvsignore
+.env
+.env.backup
+env.bak
+env.backup
+.env.dev
+.env.development.local
+.env.dist
+.env.docker.dev
+.env.local
+.env.php
+.env.prod
+.env.production.local
+.env.sample.php
+.env.save
+.env.stage
+.env.test
+.environment
+.envrc
+.envs
+.env~
+env.production.js
+env.test.js
+env.dev.js
+test-env.json
+env.json
+.forward
+.jupyter/jupyter_notebook_config.json
+.git/HEAD
+.git/config
+.git
+.gitlab-ci/.env
+.history
+.hta
+.htaccess
+.htpasswd
+.lanproxy/config.json
+.listing
+.listings
+.msmtprc
+.mysql_history
+.passwd
+.pwd
+.perf
+.profile
+.rhosts
+.sh_history
+.ssh
+.subversion
+.svn
+.svn/entries
+.s3cfg
+.bak
+.exe
+.bat
+.dll
+.printer
+.pac
+.aws
+.aws/config
+.awscfg
+aws-key.yml
+config/aws.yml
+secrets.yml
+secrets.json
+aws/credentials
+.config/gatsby/config.json
+.deployment-config.json
+.docker/config.json
+.docker/.env
+.docker/daemon.json
+.cordova/config.json
+.vscode/sftp.json
+_wpeprivate/config.json
+composer.json
+composer.lock
+debug.log

traefik-crowdsec-stack/crowdsec/data/sqli_probe_patterns.txt

@@ -0,0 +1,18 @@
+%40%40version
+..xp_cmdshell
+information_schema.tables
+%20union%20all%20select%20
+%20union%20select%20
+%2cnull%2cnull
+benchmark%28
+load_file%28
+substr%28
+substring%28
+selectchar%28
+%7c%7cchr%28
+distinct%28
+pg_sleep%28
+sleep%28
+upper%28
+hex%28
+md5%28

traefik-crowdsec-stack/crowdsec/data/thinkphp_cve_2018-20062.txt

@@ -0,0 +1,13 @@
+index/\\think\\app/invokefunction&function=call_user_func_array&vars
+index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars
+index/\\x5Cthink\\x5Capp/invokefunction&function=call_user_func_array&vars
+index/\\\\think\\\\app/invokefunction&function=call_user_func_array&vars
+index/\\think\\view\\driver\\Php/display&content=<\?php
+index/\\x5Cthink\\x5Cview\\x5Cdriver\\x5CPhp/display&content=<\?php
+index/\\\\x5Cthink\\\\x5Cview\\\\x5Cdriver\\\\x5CPhp/display&content=<\?php
+index/%5Cthink%5Cview%5Cdriver%5CPhp/display&content=%3C\?php
+index/\\think\\Container/invokefunction&function=call_user_func_array&vars
+index/%5Cthink%5CContainer/invokefunction&function=call_user_func_array&vars
+index/\\x5Cthink\\x5CContainer/invokefunction&function=call_user_func_array&vars
+index/\\\\think\\\\Container/invokefunction&function=call_user_func_array&vars
+index/\\x09hink\\x07pp/invokefunction&function=call_user_func_array&vars

traefik-crowdsec-stack/crowdsec/data/xss_probe_patterns.txt

@@ -0,0 +1,36 @@
+<img
+<svg
+<script
+<div
+<a
+<embed
+<style
+javascript:
+alert(
+prompt(
+<br
+<input
+<table
+<object
+<body
+<p 
+<meta
+<frameset
+%3Cimg
+%3Cscript
+%3Cdiv
+%3Ca
+%3Cembed
+%3Cstyle
+javascript%3A
+alert%28
+prompt%28
+%3Cbr
+%3Cinput
+%3Ctable
+%3Cobject
+%3Cbody
+%3Cp 
+%3Cmeta
+%3Cframeset
+%3Csvg