===========================================================
.___ __ __
_________________ __ __ __| _/|__|/ |_
/ ___\_` __ \__ \ | | \/ __ | | \\_ __\
/ /_/ > | \// __ \| | / /_/ | | || |
\___ /|__| (____ /____/\____ | |__||__|
/_____/ \/ \/
grep rough audit - static analysis tool
v2.8 written by @Wireghoul
=================================[justanotherhacker.com]===
modsecurity-crs-3.3.0/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example-32-# can affect the per transaction context they generally remain fixed during the
modsecurity-crs-3.3.0/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example:33:# execution of ModSecurity.
modsecurity-crs-3.3.0/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example-34-#
##############################################
modsecurity-crs-3.3.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf-614-#
modsecurity-crs-3.3.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf:615:SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx ([*?`\\'][^/\n]+/|\$[({\[#a-zA-Z0-9]|/[^/]+?[*?`\\'])" \
modsecurity-crs-3.3.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf-616- "id:932200,\
##############################################
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-637-#
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf:638:SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i:[\"'`](?:\s*?(?:(?:between|x?or|and|div)[\w\s-]+\s*?[+<>=(),-]\s*?[\d\"'`]|like(?:[\w\s-]+\s*?[+<>=(),-]\s*?[\d\"'`]|\W+[\w\"'`(])|[!=|](?:[\d\s!=+-]+.*?[\"'`(].*?|[\d\s!=]+.*?\d+)$|[^\w\s]?=\s*?[\"'`])|(?:\W*?[+=]+\W*?|[<>~]+)[\"'`])|(?:/\*)+[\"'`]+\s?(?:\/\*|--|\{|#)?|\d[\"'`]\s+[\"'`]\s+\d|where\s[\s\w\.,-]+\s=|^admin\s*?[\"'`]|\sis\s*?0\W)" \
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-639- "id:942180,\
##############################################
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-825-#
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf:826:SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i:(?:^(?:[\"'`\\\\]*?(?:[^\"'`]+[\"'`]|[\d\"'`]+)\s*?(?:n(?:and|ot)|(?:x?x)?or|between|\|\||like|and|div|&&)\s*?[\w\"'`][+&!@(),.-]|.?[\"'`]$)|\@(?:[\w-]+\s(?:between|like|x?or|and|div)\s*?[^\w\s]|\w+\s+(?:between|like|x?or|and|div)\s*?[\"'`\d]+)|[\"'`]\s*?(?:between|like|x?or|and|div)\s*?[\"'`]?\d|[^\w\s:]\s*?\d\W+[^\w\s]\s*?[\"'`].|[^\w\s]\w+\s*?[|-]\s*?[\"'`]\s*?\w|\Winformation_schema|\\\\x(?:23|27|3d)|table_name\W))" \
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-827- "id:942330,\
##############################################
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-1143-
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf:1144:SecRule ARGS_NAMES|ARGS|XML:/* "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>]*?){12})" \
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-1145- "id:942430,\
##############################################
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-1364-
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf:1365:SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>]*?){8})" \
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-1366- "id:942420,\
##############################################
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-1393-
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf:1394:SecRule ARGS_NAMES|ARGS|XML:/* "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>]*?){6})" \
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-1395- "id:942431,\
##############################################
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-1540-
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf:1541:SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>]*?){3})" \
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-1542- "id:942421,\
##############################################
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-1569-
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf:1570:SecRule ARGS_NAMES|ARGS|XML:/* "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>]*?){2})" \
modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-1571- "id:942432,\
##############################################
modsecurity-crs-3.3.0/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml-45- input:
modsecurity-crs-3.3.0/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml:46: data: eval($foo)
modsecurity-crs-3.3.0/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml-47- dest_addr: 127.0.0.1
##############################################
modsecurity-crs-3.3.0/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml-139- uri: "/"
modsecurity-crs-3.3.0/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml:140: data: "var=0.84622338492032948`echo${IFS}crs312``echo${IFS}34test`"
modsecurity-crs-3.3.0/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml-141- version: HTTP/1.0
##############################################
modsecurity-crs-3.3.0/util/av-scanning/runav.pl-20-$cmd = "$CLAMSCAN --stdout --disable-summary $FILE";
modsecurity-crs-3.3.0/util/av-scanning/runav.pl:21:$input = `$cmd`;
modsecurity-crs-3.3.0/util/av-scanning/runav.pl-22-$input =~ m/^(.+)/;