Filename: sqlmap.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 52.2503299713 seconds
Hash: c8027fddb943c33d197316babb1cbf5e
Uploaded: 1542363709

Logfiles


packet_stats.log - (8871 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          1472          4021189      461746673     307981148        453.3b  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          1472            66369       18150079        366181        539.0m   92.45
TMM_RECEIVEPCAPFILE         IPv4       6          1470             2536       17837920         26771         39.4m    6.75
TMM_DECODEPCAPFILE          IPv4       6          1470             2664          32330          3165          4.7m    0.80

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          1470             2822          82589          4258          6.3m  1.38  
stream                  IPv4       6          1472             2554         429216         28180         41.5m  9.17  
detect                  IPv4       6          1472            44358       14180224        271374        399.5m  88.33 
tcp-prune               IPv4       6          1472             2521          76471          3420          5.0m  1.11  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6           126             3904          26614          5855        737.8k  100.00
Proto detect            IPv4       6             4             2717          22530          8343         33.4k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_HTTP            IPv4       6           126            47515       14824940        249995         31.5m  69.90 
LOGGER_JSON_FILE            IPv4       6           125            53689         225565        108497         13.6m  30.10 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           711             2593         564078         28552        20.3m  25.14 
stream                            IPv4       6           711             2562        1278703         44206        31.4m  38.92 
http_uri                          IPv4       6           126             9399         413789         33160         4.2m  5.17  
http_request_line                 IPv4       6           126             4124          26593          6826       860.2k  1.07  
http_client_body                  IPv4       6           126             2747          28625          3670       462.5k  0.57  
http_header (request)             IPv4       6           126            14718         335610         31498         4.0m  4.91  
http_header (request trailer)     IPv4       6           126             2571          60991          3539       446.0k  0.55  
http_header_names (request)       IPv4       6           126             6334          67021         12199         1.5m  1.90  
http_accept (request)             IPv4       6           126             3124          11561          3644       459.2k  0.57  
http_referer (request)            IPv4       6           126             2827           5303          3176       400.3k  0.50  
http_content_len (request)        IPv4       6           126             2846           6929          3288       414.4k  0.51  
http_content_type (request)       IPv4       6           126             2791          30089          3542       446.4k  0.55  
http_protocol (request)           IPv4       6           126             3247          24845          4216       531.2k  0.66  
http_start (request)              IPv4       6           126             6605          48341         10095         1.3m  1.58  
http_raw_header (request)         IPv4       6           126             8793          37022         11699         1.5m  1.83  
http_method                       IPv4       6           126             3264          20958          5014       631.8k  0.78  
http_cookie (request)             IPv4       6           126             2929          30001          4732       596.3k  0.74  
http_raw_uri                      IPv4       6           126             3980          37530          6912       871.0k  1.08  
http_user_agent                   IPv4       6           126             6157          84441         10531         1.3m  1.64  
http_host                         IPv4       6           126             3734          46187          5561       700.7k  0.87  
http_response_line                IPv4       6           125             3649          31150          5883       735.5k  0.91  
http_header (response)            IPv4       6           125             9062         107380         21091         2.6m  3.26  
http_header (response trailer)    IPv4       6           125             2590          34639          3182       397.8k  0.49  
http_content_type (response)      IPv4       6           125             3765          38545          6013       751.6k  0.93  
http_raw_header (response)        IPv4       6           333             3719          38560          6695         2.2m  2.76  
http_cookie (response)            IPv4       6           125             2947          24650          4380       547.6k  0.68  
http_stat_code                    IPv4       6           125             2886          20756          3619       452.5k  0.56  
file_data (http response)         IPv4       6           208             2580          35178          3362       699.3k  0.87  
Total                             IPv4                  4981                                         16213        80.8m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6           260             3345         474855         34953          9.1m  1.78  
PROF_DETECT_RULES           IPv4       6          1472             2527       12847957        119017        175.2m  34.23 
PROF_DETECT_STATEFUL_START    IPv4       6           573             5089         652466         78997         45.3m  8.84  
PROF_DETECT_STATEFUL_CONT    IPv4       6          1472             2507        6139635         11214         16.5m  3.23  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           944             2551          83574          3103          2.9m  0.57  
PROF_DETECT_PREFILTER       IPv4       6          1472             7696        8889208         91359        134.5m  26.27 
PROF_DETECT_PF_PAYLOAD      IPv4       6           711            21703        1315405         81895         58.2m  11.38 
PROF_DETECT_PF_TX           IPv4       6           944             2588         933553         46318         43.7m  8.54  
PROF_DETECT_PF_SORT1        IPv4       6           552             2633          40691          4250          2.3m  0.46  
PROF_DETECT_PF_SORT2        IPv4       6          1472             2514         102823          3341          4.9m  0.96  
PROF_DETECT_NONMPMLIST      IPv4       6          1472             2533          46869          3118          4.6m  0.90  
PROF_DETECT_ALERT           IPv4       6          1472             2521          67170          2975          4.4m  0.86  
PROF_DETECT_CLEANUP         IPv4       6          1472             2529          56573          3241          4.8m  0.93  
PROF_DETECT_GETSGH          IPv4       6          1472             2521         110768          3670          5.4m  1.06  


suricata-4.0.0-etpro-all-perf.txt-2018-11-16-T-10-22-41-11162018.1019-sqlmap.pcap.txt - (10839 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
  --------------------------------------------------------------------------
  Date: 11/16/2018 -- 10:22:41. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2022502      1        4        14647723     11.58  126      0        11798073    116251.77   0.00        116251.77  
  2        2021214      1        2        9353454      7.39   126      0        5638249     74233.76    0.00        74233.76   
  3        2017552      1        6        7863615      6.22   448      0        459448      17552.71    0.00        17552.71   
  4        2808344      1        3        4117257      3.25   126      0        416577      32676.64    0.00        32676.64   
  5        2010966      1        3        688155       0.54   126      0        176698      5461.55     0.00        5461.55    
  6        2812526      1        2        3745553      2.96   126      0        151543      29726.61    0.00        29726.61   
  7        2816895      1        2        5298515      4.19   126      0        137455      42051.71    0.00        42051.71   
  8        2016537      1        2        5067098      4.01   322      0        114113      15736.33    0.00        15736.33   
  9        2020295      1        6        3794106      3.00   126      0        105843      30111.95    0.00        30111.95   
  10       2815254      1        7        3978560      3.14   126      0        99176       31575.87    0.00        31575.87   
  11       2828986      1        2        4050738      3.20   125      0        97289       32405.90    0.00        32405.90   
  12       2022074      1        3        1215284      0.96   39       0        90601       31161.13    0.00        31161.13   
  13       2821561      1        2        3608163      2.85   126      0        78990       28636.21    0.00        28636.21   
  14       2024771      1        1        5234853      4.14   333      0        78358       15720.28    0.00        15720.28   
  15       2021118      1        3        3714673      2.94   126      0        74257       29481.53    0.00        29481.53   
  16       2816356      1        2        3645363      2.88   126      0        68186       28931.45    0.00        28931.45   
  17       2010524      1        3        704030       0.56   180      0        67943       3911.28     0.00        3911.28    
  18       2010525      1        4        3837260      3.03   180      0        67779       21318.11    0.00        21318.11   
  19       2828060      1        4        3869153      3.06   125      0        67188       30953.22    0.00        30953.22   
  20       2816669      1        4        2739192      2.17   126      0        61618       21739.62    0.00        21739.62   
  21       2804586      1        2        456746       0.36   126      0        58751       3624.97     0.00        3624.97    
  22       2826256      1        2        2765851      2.19   126      0        58272       21951.20    0.00        21951.20   
  23       2829848      1        2        3537799      2.80   125      0        57601       28302.39    0.00        28302.39   
  24       2816165      1        5        2753227      2.18   126      0        55575       21851.01    0.00        21851.01   
  25       2011042      1        3        352179       0.28   93       0        55095       3786.87     0.00        3786.87    
  26       2012707      1        5        878829       0.69   35       0        55084       25109.40    0.00        25109.40   
  27       2012612      1        16       1192750      0.94   51       0        52201       23387.25    0.00        23387.25   
  28       2823077      1        4        2802349      2.21   126      0        52011       22240.87    0.00        22240.87   
  29       2828008      1        2        2843366      2.25   126      0        51441       22566.40    0.00        22566.40   
  30       2827279      1        5        2709193      2.14   126      0        50149       21501.53    0.00        21501.53   
  31       2018407      1        9        41836        0.03   1        0        41836       41836.00    0.00        41836.00   
  32       2802880      1        3        144379       0.11   36       0        40748       4010.53     0.00        4010.53    
  33       2102523      1        8        452265       0.36   129      0        40549       3505.93     0.00        3505.93    
  34       2015872      1        6        38873        0.03   1        0        38873       38873.00    0.00        38873.00   
  35       2802876      1        3        443882       0.35   126      0        38317       3522.87     0.00        3522.87    
  36       2006445      1        13       319994       0.25   93       0        37180       3440.80     0.00        3440.80    
  37       2100540      1        12       779990       0.62   250      0        36033       3119.96     0.00        3119.96    
  38       2828748      1        2        535532       0.42   174      0        35169       3077.77     0.00        3077.77    
  39       2024513      1        5        431437       0.34   125      0        34186       3451.50     0.00        3451.50    
  40       2014352      1        3        256297       0.20   68       0        34125       3769.07     0.00        3769.07    
  41       2805450      1        1        418385       0.33   126      0        30411       3320.52     0.00        3320.52    
  42       2008420      1        4        792908       0.63   252      0        29864       3146.46     0.00        3146.46    
  43       2811120      1        1        380968       0.30   126      0        27626       3023.56     0.00        3023.56    
  44       2100540      1        12       782546       0.62   250      0        26323       3130.18     0.00        3130.18    
  45       2009981      1        2        581523       0.46   186      0        25771       3126.47     0.00        3126.47    
  46       2810607      1        8        1064968      0.84   51       0        25643       20881.73    0.00        20881.73   
  47       2013791      1        2        146931       0.12   40       0        25429       3673.28     0.00        3673.28    
  48       2810793      1        5        449493       0.36   126      0        24399       3567.40     0.00        3567.40    
  49       2823937      1        13       422244       0.33   125      0        24042       3377.95     0.00        3377.95    
  50       2025113      1        2        23350        0.02   1        0        23350       23350.00    0.00        23350.00   
  51       2006446      1        12       287094       0.23   93       0        23036       3087.03     0.00        3087.03    
  52       2014890      1        2        144486       0.11   40       0        22278       3612.15     0.00        3612.15    
  53       2021407      1        4        419015       0.33   126      0        22167       3325.52     0.00        3325.52    
  54       2010284      1        4        299607       0.24   93       0        20821       3221.58     0.00        3221.58    
  55       2809650      1        4        411315       0.33   126      0        20220       3264.40     0.00        3264.40    
  56       2102523      1        8        424836       0.34   129      0        19898       3293.30     0.00        3293.30    
  57       2828877      1        1        548467       0.43   174      0        18787       3152.11     0.00        3152.11    
  58       2018067      1        3        401805       0.32   126      0        17586       3188.93     0.00        3188.93    
  59       2014704      1        7        158881       0.13   48       0        16819       3310.02     0.00        3310.02    
  60       2819934      1        2        391037       0.31   125      0        14709       3128.30     0.00        3128.30    
  61       2828876      1        1        747182       0.59   253      0        8541        2953.29     0.00        2953.29    
  62       2008538      1        7        387890       0.31   126      0        5073        3078.49     0.00        3078.49    
  63       2810804      1        6        18221        0.01   5        0        4931        3644.20     0.00        3644.20    
  64       2101634      1        15       4770         0.00   1        0        4770        4770.00     0.00        4770.00    
  65       2010963      1        6        278036       0.22   93       0        4734        2989.63     0.00        2989.63    
  66       2011037      1        5        127928       0.10   41       0        4538        3120.20     0.00        3120.20    
  67       2008175      1        5        124790       0.10   39       0        4460        3199.74     0.00        3199.74    
  68       2009985      1        2        548733       0.43   186      0        4349        2950.18     0.00        2950.18    
  69       2023316      1        2        380122       0.30   124      0        4343        3065.50     0.00        3065.50    
  70       2009815      1        5        4072         0.00   1        0        4072        4072.00     0.00        4072.00    
  71       2101621      1        12       6771         0.01   2        0        4043        3385.50     0.00        3385.50    
  72       2010285      1        6        283481       0.22   93       0        4028        3048.18     0.00        3048.18    
  73       2816382      1        1        115131       0.09   40       0        3653        2878.28     0.00        2878.28    
  74       2017808      1        2        6854         0.01   2        0        3647        3427.00     0.00        3427.00    
  75       2100356      1        7        3562         0.00   1        0        3562        3562.00     0.00        3562.00    
  76       2101379      1        13       3518         0.00   1        0        3518        3518.00     0.00        3518.00    
  77       2102110      1        4        3429         0.00   1        0        3429        3429.00     0.00        3429.00    
  78       2101972      1        18       5861         0.00   2        0        3264        2930.50     0.00        2930.50    
  79       2010967      1        3        3248         0.00   1        0        3248        3248.00     0.00        3248.00    
  80       2009714      1        7        2934         0.00   1        0        2934        2934.00     0.00        2934.00    
  81       2807579      1        3        2793         0.00   1        0        2793        2793.00     0.00        2793.00    


stats.log - (2402 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
------------------------------------------------------------------------------------
Date: 11/16/2018 -- 10:22:41 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 1470
decoder.bytes                              | Total                     | 846124
decoder.ipv4                               | Total                     | 1470
decoder.sll                                | Total                     | 1470
decoder.tcp                                | Total                     | 1470
decoder.avg_pkt_size                       | Total                     | 575
decoder.max_pkt_size                       | Total                     | 4412
flow.tcp                                   | Total                     | 130
tcp.sessions                               | Total                     | 129
tcp.syn                                    | Total                     | 129
tcp.synack                                 | Total                     | 129
tcp.rst                                    | Total                     | 3
detect.mpm_list                            | Total                     | 4
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 5
app_layer.flow.http                        | Total                     | 125
app_layer.tx.http                          | Total                     | 126
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 39
flow_mgr.flows_notimeout                   | Total                     | 39
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65497
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7088704


eve.json - (166122 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
{"timestamp":"2018-11-16T10:17:48.755530+0000","flow_id":1370518046120334,"pcap_cnt":32,"event_type":"http","src_ip":"192.168.5.137","src_port":43750,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:48.778501+0000","flow_id":1370518046120334,"pcap_cnt":36,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43750,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":15382},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":15382,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:49.070640+0000","flow_id":661444715358785,"pcap_cnt":53,"event_type":"http","src_ip":"192.168.5.137","src_port":43752,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1&oVIL=1267%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%23","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:49.093297+0000","flow_id":661444715358785,"pcap_cnt":55,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43752,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1&oVIL=1267%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%23","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":16138},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":16138,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:49.763542+0000","flow_id":1821012870867965,"pcap_cnt":74,"event_type":"http","src_ip":"192.168.5.137","src_port":43754,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:49.786283+0000","flow_id":1821012870867965,"pcap_cnt":78,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43754,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":15382},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":15382,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:49.794678+0000","flow_id":1258307730550206,"pcap_cnt":80,"event_type":"http","src_ip":"192.168.5.137","src_port":43756,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=4293","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:49.817922+0000","flow_id":1258307730550206,"pcap_cnt":86,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43756,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=4293","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:49.824392+0000","flow_id":1320254043901501,"pcap_cnt":88,"event_type":"http","src_ip":"192.168.5.137","src_port":43758,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1.%27%28%22.%28%2C%2C%28%2C","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:49.847478+0000","flow_id":1320254043901501,"pcap_cnt":94,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43758,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1.%27%28%22.%28%2C%2C%28%2C","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:49.856755+0000","flow_id":1511032196252910,"pcap_cnt":96,"event_type":"http","src_ip":"192.168.5.137","src_port":43764,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%27yOuEbg%3C%27%22%3EsEWEcs","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:49.893641+0000","flow_id":1511032196252910,"pcap_cnt":100,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43764,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%27yOuEbg%3C%27%22%3EsEWEcs","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:49.930465+0000","flow_id":1902423976035920,"pcap_cnt":104,"event_type":"http","src_ip":"192.168.5.137","src_port":43766,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%29%20AND%206404%3D5435%20AND%20%283555%3D3555","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:49.953477+0000","flow_id":1902423976035920,"pcap_cnt":110,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43766,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%29%20AND%206404%3D5435%20AND%20%283555%3D3555","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:49.958573+0000","flow_id":1715352380459042,"pcap_cnt":112,"event_type":"http","src_ip":"192.168.5.137","src_port":43768,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%29%20AND%202455%3D2455%20AND%20%286838%3D6838","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:49.981749+0000","flow_id":1715352380459042,"pcap_cnt":118,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43768,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%29%20AND%202455%3D2455%20AND%20%286838%3D6838","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:49.987305+0000","flow_id":1306351234830177,"pcap_cnt":120,"event_type":"http","src_ip":"192.168.5.137","src_port":43770,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%206116%3D3751","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:50.011018+0000","flow_id":1306351234830177,"pcap_cnt":125,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43770,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%206116%3D3751","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:50.614175+0000","flow_id":985590192270351,"pcap_cnt":143,"event_type":"http","src_ip":"192.168.5.137","src_port":43772,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%202455%3D2455","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:50.637670+0000","flow_id":985590192270351,"pcap_cnt":144,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43772,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%202455%3D2455","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":15434},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":15434,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:50.668673+0000","flow_id":908315140648542,"pcap_cnt":148,"event_type":"http","src_ip":"192.168.5.137","src_port":43774,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%201069%3D8014","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:50.691957+0000","flow_id":908315140648542,"pcap_cnt":154,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43774,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%201069%3D8014","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:50.701186+0000","flow_id":1406028835844535,"pcap_cnt":156,"event_type":"http","src_ip":"192.168.5.137","src_port":43776,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%20%28SELECT%20CHR%2870%29%26CHR%28117%29%26CHR%28101%29%26CHR%28118%29%20FROM%20MSysAccessObjects%29%3D%27Fuev%27","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:50.724139+0000","flow_id":1406028835844535,"pcap_cnt":162,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43776,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%20%28SELECT%20CHR%2870%29%26CHR%28117%29%26CHR%28101%29%26CHR%28118%29%20FROM%20MSysAccessObjects%29%3D%27Fuev%27","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:50.731882+0000","flow_id":701761573499287,"pcap_cnt":164,"event_type":"http","src_ip":"192.168.5.137","src_port":43778,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%20%28SELECT%20CHR%2867%29%7C%7CCHR%2871%29%7C%7CCHR%28113%29%7C%7CCHR%2872%29%20FROM%20SYSIBM.SYSDUMMY1%29%3D%27CGqH%27","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:50.755472+0000","flow_id":701761573499287,"pcap_cnt":170,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43778,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%20%28SELECT%20CHR%2867%29%7C%7CCHR%2871%29%7C%7CCHR%28113%29%7C%7CCHR%2872%29%20FROM%20SYSIBM.SYSDUMMY1%29%3D%27CGqH%27","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:50.759717+0000","flow_id":793016743686129,"pcap_cnt":172,"event_type":"http","src_ip":"192.168.5.137","src_port":43780,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%20%28SELECT%20%27exuE%27%20FROM%20RDB%24DATABASE%29%3D%27exuE%27","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:50.782597+0000","flow_id":793016743686129,"pcap_cnt":177,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43780,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%20%28SELECT%20%27exuE%27%20FROM%20RDB%24DATABASE%29%3D%27exuE%27","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:50.788739+0000","flow_id":1255039260586523,"pcap_cnt":180,"event_type":"http","src_ip":"192.168.5.137","src_port":43782,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%20%28SELECT%20CHAR%28104%29%7C%7CCHAR%28120%29%7C%7CCHAR%28105%29%7C%7CCHAR%28104%29%29%3D%27hxih%27","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:50.811936+0000","flow_id":1255039260586523,"pcap_cnt":185,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43782,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%20%28SELECT%20CHAR%28104%29%7C%7CCHAR%28120%29%7C%7CCHAR%28105%29%7C%7CCHAR%28104%29%29%3D%27hxih%27","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:50.817622+0000","flow_id":2000920461112328,"pcap_cnt":187,"event_type":"http","src_ip":"192.168.5.137","src_port":43784,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"

This file has been truncated. Go here to download in full.


suricata-report-2018-11-16-T-10-22-41-11162018.1019-sqlmap.pcap.txt - (17973 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/c8027fddb943c33d197316babb1cbf5e56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11162018.1019-sqlmap.pcap -vvv -k none
elapsedtime:51.238307
stderr:
stdout:
16/11/2018 -- 10:21:50 - <Info> - Configuration node 'rule-files' redefined.
16/11/2018 -- 10:21:50 - <Notice> - This is Suricata version 4.0.0 RELEASE
16/11/2018 -- 10:21:50 - <Info> - CPUs/cores online: 1
16/11/2018 -- 10:21:50 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32808 and 'request-body-inspect-window' set to 15839 after randomization.
16/11/2018 -- 10:21:50 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 34215 and 'response-body-inspect-window' set to 15656 after randomization.
16/11/2018 -- 10:21:50 - <Config> - DNS request flood protection level: 500
16/11/2018 -- 10:21:50 - <Config> - DNS per flow memcap (state-memcap): 524288
16/11/2018 -- 10:21:50 - <Config> - DNS global memcap: 16777216
16/11/2018 -- 10:21:50 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
16/11/2018 -- 10:21:50 - <Config> - preallocated 1000 hosts of size 136
16/11/2018 -- 10:21:50 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
16/11/2018 -- 10:21:50 - <Config> - using magic-file /usr/share/file/magic
16/11/2018 -- 10:21:50 - <Config> - Core dump size is unlimited.
16/11/2018 -- 10:21:50 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
16/11/2018 -- 10:21:50 - <Config> - preallocated 1000 defrag trackers of size 168
16/11/2018 -- 10:21:50 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
16/11/2018 -- 10:21:50 - <Config> - stream "prealloc-sessions": 2048 (per thread)
16/11/2018 -- 10:21:50 - <Config> - stream "memcap": 33554432
16/11/2018 -- 10:21:50 - <Config> - stream "midstream" session pickups: disabled
16/11/2018 -- 10:21:50 - <Config> - stream "async-oneside": disabled
16/11/2018 -- 10:21:50 - <Config> - stream "checksum-validation": disabled
16/11/2018 -- 10:21:50 - <Config> - stream."inline": disabled
16/11/2018 -- 10:21:50 - <Config> - stream "bypass": disabled
16/11/2018 -- 10:21:50 - <Config> - stream "max-synack-queued": 5
16/11/2018 -- 10:21:50 - <Config> - stream.reassembly "memcap": 134217728
16/11/2018 -- 10:21:50 - <Config> - stream.reassembly "depth": 0
16/11/2018 -- 10:21:50 - <Config> - stream.reassembly "toserver-chunk-size": 2555
16/11/2018 -- 10:21:50 - <Config> - stream.reassembly "toclient-chunk-size": 2677
16/11/2018 -- 10:21:50 - <Config> - stream.reassembly.raw: enabled
16/11/2018 -- 10:21:50 - <Config> - stream.reassembly "segment-prealloc": 2048
16/11/2018 -- 10:21:50 - <Config> - Delayed detect disabled
16/11/2018 -- 10:21:50 - <Config> - pattern matchers: MPM: ac, SPM: bm
16/11/2018 -- 10:21:50 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
16/11/2018 -- 10:21:50 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
16/11/2018 -- 10:21:50 - <Config> - prefilter engines: MPM
16/11/2018 -- 10:21:50 - <Config> - IP reputation disabled
16/11/2018 -- 10:21:50 - <Perf> - Registered 148 keyword profiling counters.
16/11/2018 -- 10:21:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
16/11/2018 -- 10:21:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
16/11/2018 -- 10:21:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
16/11/2018 -- 10:21:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
16/11/2018 -- 10:21:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
16/11/2018 -- 10:21:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
16/11/2018 -- 10:21:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
16/11/2018 -- 10:21:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
16/11/2018 -- 10:21:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
16/11/2018 -- 10:21:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
16/11/2018 -- 10:21:55 - <Config> - No rules loaded from ET-icmp.rules.
16/11/2018 -- 10:21:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
16/11/2018 -- 10:21:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
16/11/2018 -- 10:21:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
16/11/2018 -- 10:21:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
16/11/2018 -- 10:21:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
16/11/2018 -- 10:21:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
16/11/2018 -- 10:21:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
16/11/2018 -- 10:21:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
16/11/2018 -- 10:21:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
16/11/2018 -- 10:21:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
16/11/2018 -- 10:21:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
16/11/2018 -- 10:21:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
16/11/2018 -- 10:21:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
16/11/2018 -- 10:22:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
16/11/2018 -- 10:22:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
16/11/2018 -- 10:22:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
16/11/2018 -- 10:22:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
16/11/2018 -- 10:22:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
16/11/2018 -- 10:22:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
16/11/2018 -- 10:22:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
16/11/2018 -- 10:22:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
16/11/2018 -- 10:22:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
16/11/2018 -- 10:22:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
16/11/2018 -- 10:22:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
16/11/2018 -- 10:22:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
16/11/2018 -- 10:22:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
16/11/2018 -- 10:22:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
16/11/2018 -- 10:22:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
16/11/2018 -- 10:22:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
16/11/2018 -- 10:22:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
16/11/2018 -- 10:22:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
16/11/2018 -- 10:22:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
16/11/2018 -- 10:22:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
16/11/2018 -- 10:22:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
16/11/2018 -- 10:22:03 - <Config> - No rules loaded from local.rules.
16/11/2018 -- 10:22:03 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
16/11/2018 -- 10:22:03 - <Info> - Threshold config parsed: 0 rule(s) found
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for tcp-packet
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for tcp-stream
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for udp-packet
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for other-ip
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_uri
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_request_line
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_client_body
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_response_line
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_header
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_header
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_header_names
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_header_names
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_accept
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_accept_enc
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_accept_lang
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_referer
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_connection
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_content_len
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_content_len
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_content_type
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_content_type
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_protocol
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_protocol
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_start
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_start
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_raw_header
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_raw_header
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_method
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_cookie
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_cookie
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_raw_uri
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_user_agent
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_host
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_raw_host
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_stat_msg
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_stat_code
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for dns_query
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for tls_sni
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for tls_cert_issuer
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for tls_cert_subject
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for tls_cert_serial
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for dce_stub_data
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for dce_stub_data
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for ssh_protocol
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for ssh_protocol
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for ssh_software
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for ssh_software
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for file_data
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for file_data
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_request_line
16/11/2018 -- 10:22:04 - <Perf> - using shared mpm ctx' for http_response_line
16/11/2018 -- 10:22:04 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
16/11/2018 -- 10:22:04 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
16/11/2018 -- 10:22:04 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
16/11/2018 -- 10:22:04 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
16/11/2018 -- 10:22:04 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
16/11/2018 -- 10:22:04 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
16/11/2018 -- 10:22:04 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
16/11/2018 -- 10:22:04 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
16/11/2018 -- 10:22:11 - <Perf> - Unique rule groups: 104
16/11/2018 -- 10:22:11 - <Perf> - Builtin MPM "toserver TCP packet": 35
16/11/2018 -- 10:22:11 - <Perf> - Builtin MPM "toclient TCP packet": 17
16/11/2018 -- 10:22:11 - <Perf> - Builtin MPM "toserver TCP stream": 33
16/11/2018 -- 10:22:11 - <Perf> - Builtin MPM "toclient TCP stream": 19
16/11/2018 -- 10:22:11 - <Perf> - Builtin MPM "toserver UDP packet": 27
16/11/2018 -- 10:22:11 - <Perf> - Builtin MPM "toclient UDP packet": 17
16/11/2018 -- 10:22:11 - <Perf> - Builtin MPM "other IP packet": 3
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver http_uri": 14
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver http_request_line": 1
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver http_client_body": 6
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toclient http_response_line": 1
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver http_header": 10
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toclient http_header": 6
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver http_header_names": 2
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver http_accept": 1
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver http_referer": 1
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver http_content_len": 1
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver http_content_type": 1
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toclient http_content_type": 1
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver http_protocol": 1
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver http_start": 1
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver http_method": 5
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver http_cookie": 1
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toclient http_cookie": 2
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver http_host": 2
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver dns_query": 4
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver tls_sni": 2
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toserver file_data": 1
16/11/2018 -- 10:22:11 - <Perf> - AppLayer MPM "toclient file_data": 7
16/11/2018 -- 10:22:39 - <Perf> - Registered 39590 rule profiling counters.
16/11/2018 -- 10:22:39 - <Info> - fast output device (regular) initialized: alert
16/11/2018 -- 10:22:39 - <Info> - eve-log output device (regular) initialized: eve.json
16/11/2018 -- 10:22:39 - <Config> - enabling 'eve-log' module 'alert'
16/11/2018 -- 10:22:39 - <Config> - enabling 'eve-log' module 'http'
16/11/2018 -- 10:22:39 - <Config> - enabling 'eve-log' module 'dns'
16/11/2018 -- 10:22:39 - <Config> - enabling 'eve-log' module 'tls'
16/11/2018 -- 10:22:39 - <Config> - enabling 'eve-log' module 'files'
16/11/2018 -- 10:22:39 - <Config> - enabling 'eve-log' module 'ssh'
16/11/2018 -- 10:22:39 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
16/11/2018 -- 10:22:39 - <Info> - stats output device (regular) initialized: stats.log
16/11/2018 -- 10:22:39 - <Config> - AutoFP mode using "Hash" flow loa

This file has been truncated. Go here to download in full.


keyword_perf.log - (7775 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/16/2018 -- 10:22:41
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             11128746        3465            3465            75346           3211.00         3211.00         0.00           
  content          15632580        4191            1894            96850           3730.00         3870.00         3613.00        
  pcre             4832595         764             0               107213          6325.00         0.00            6325.00        
  urilen           495541          127             97              42201           3901.00         3734.00         4443.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             11128746        3465            3465            75346           3211.00         3211.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1790232         450             180             23797           3978.00         3481.00         4309.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3429807         895             640             96850           3832.00         3804.00         3901.00        
  pcre             4120724         639             0               107213          6448.00         0.00            6448.00        
  urilen           495541          127             97              42201           3901.00         3734.00         4443.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          116671          35              0               3971            3333.00         0.00            3333.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          139199          35              0               5823            3977.00         0.00            3977.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6446009         1761            663             40852           3660.00         3969.00         3473.00        
  pcre             711871          125             0               36466           5694.00         0.00            5694.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1784065         480             126             37587           3716.00         4236.00         3531.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          964900          250             250             70447           3859.00         3859.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          961697          285             35              23777           3374.00         3975.00         3290.00        


IDSDeathBlossom.py.log - (1146 bytes) - download
1
2
3
4
5
6
7
8
2018-11-16 10:21:49,302 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-11-16 10:21:50,093 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-11-16 10:21:50,093 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2018-11-16 10:21:50,093 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-11-16 10:21:50,093 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-11-16 10:21:50,094 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/c8027fddb943c33d197316babb1cbf5e56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11162018.1019-sqlmap.pcap -vvv -k none
2018-11-16 10:22:41,336 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-11-16 10:22:41,337 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 52.0442621708