Filename: arachni.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etproenall-all
Runtime: 511.840834856 seconds
Hash: d5c2a7721be6e26898adfc757f8db57b
Uploaded: 1523548994

Logfiles


alert - (13093 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
02/19/2018-20:22:59.286658  [**] [1:2002752:4] ET POLICY Reserved Internal IP Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 172.16.0.106:53490 -> 192.168.1.9:24800
02/19/2018-20:23:00.471263  [**] [1:2002752:4] ET POLICY Reserved Internal IP Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 172.16.0.105:54880 -> 172.16.0.255:32412
02/19/2018-20:23:03.971941  [**] [1:2002750:27] ET DELETED Reserved IP Space Traffic - Bogon Nets 2 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 104.25.90.97:443 -> 172.16.0.106:59866
02/19/2018-20:23:04.921015  [**] [1:2002752:4] ET POLICY Reserved Internal IP Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 172.16.0.1:53 -> 172.16.0.106:43936
02/19/2018-20:23:08.658877  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:47954
02/19/2018-20:23:08.703628  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:47840
02/19/2018-20:23:10.701403  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:48796
02/19/2018-20:23:11.212653  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:49106
02/19/2018-20:23:11.284236  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:49114
02/19/2018-20:23:11.317576  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:49122
02/19/2018-20:23:11.526602  [**] [1:2002750:27] ET DELETED Reserved IP Space Traffic - Bogon Nets 2 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 104.16.111.18:443 -> 172.16.0.106:43076
02/19/2018-20:23:12.081088  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:49360
02/19/2018-20:23:12.434208  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:49532
02/19/2018-20:23:12.646887  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:49624
02/19/2018-20:23:12.843101  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:49360
02/19/2018-20:23:12.885582  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:49114
02/19/2018-20:23:13.347264  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:50088
02/19/2018-20:23:14.217117  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:50088
02/19/2018-20:23:14.477137  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:50680
02/19/2018-20:23:14.832384  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:50926
02/19/2018-20:23:14.984693  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:50088
02/19/2018-20:23:15.519309  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:49122
02/19/2018-20:23:15.560062  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:49114
02/19/2018-20:23:16.000248  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:49532
02/19/2018-20:23:16.247515  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:49114
02/19/2018-20:23:16.704460  [**] [1:2800052:4] ETPRO WEB_CLIENT Mozilla Firefox IFRAME Cross Site Scripting [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:52318
02/19/2018-20:23:20.359397  [**] [1:2002750:27] ET DELETED Reserved IP Space Traffic - Bogon Nets 2 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 104.25.89.97:443 -> 172.16.0.106:48020
02/19/2018-20:23:22.832041  [**] [1:2002750:27] ET DELETED Reserved IP Space Traffic - Bogon Nets 2 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 104.31.74.124:80 -> 172.16.0.106:49654
02/19/2018-20:23:25.952805  [**] [1:2012648:3] ET POLICY Dropbox Client Broadcasting [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 172.16.0.106:17500 -> 255.255.255.255:17500
02/19/2018-20:24:29.349745  [**] [1:2002752:4] ET POLICY Reserved Internal IP Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 172.16.0.103:34462 -> 172.16.0.106:49265
02/19/2018-20:24:29.350322  [**] [1:2002752:4] ET POLICY Reserved Internal IP Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.49.1:59358 -> 172.16.0.106:49265
02/19/2018-20:25:02.672593  [**] [1:2800490:5] ETPRO DELETED Mozilla Network Security Services Regexp Heap Overflow [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 54.85.163.99:443 -> 172.16.0.106:39656
02/19/2018-20:25:59.910384  [**] [1:2002750:27] ET DELETED Reserved IP Space Traffic - Bogon Nets 2 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 104.109.159.234:443 -> 172.16.0.106:44318
02/19/2018-20:26:02.378926  [**] [1:2002750:27] ET DELETED Reserved IP Space Traffic - Bogon Nets 2 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 104.16.40.2:443 -> 172.16.0.106:56880
02/19/2018-20:26:29.850210  [**] [1:2003595:6] ET POLICY exe download via HTTP - Informational [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 172.16.0.106:42768 -> 5.175.17.140:80
02/19/2018-20:26:30.657121  [**] [1:2011855:2] ET POLICY Java JAR Download Attempt [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 172.16.0.106:42768 -> 5.175.17.140:80
02/19/2018-20:26:48.258840  [**] [1:2003595:6] ET POLICY exe download via HTTP - Informational [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 172.16.0.106:42770 -> 5.175.17.140:80
02/19/2018-20:26:48.736714  [**] [1:2011855:2] ET POLICY Java JAR Download Attempt [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 172.16.0.106:47094 -> 5.175.17.140:80
02/19/2018-20:26:49.510599  [**] [1:2003595:6] ET POLICY exe download via HTTP - Informational [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 172.16.0.106:42768 -> 5.175.17.140:80
02/19/2018-20:26:49.946709  [**] [1:2011855:2] ET POLICY Java JAR Download Attempt [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 172.16.0.106:47352 -> 5.175.17.140:80
02/19/2018-20:26:51.306197  [**] [1:2008783:7] ET DELETED Possible Trojan File Download - Rar Requested but not received [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:47170
02/19/2018-20:26:51.511074  [**] [1:2008783:7] ET DELETED Possible Trojan File Download - Rar Requested but not received [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:42770
02/19/2018-20:26:51.583092  [**] [1:2008783:7] ET DELETED Possible Trojan File Download - Rar Requested but not received [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:42768
02/19/2018-20:27:02.194314  [**] [1:2003595:6] ET POLICY exe download via HTTP - Informational [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 172.16.0.106:50582 -> 5.175.17.140:80
02/19/2018-20:27:02.200610  [**] [1:2011855:2] ET POLICY Java JAR Download Attempt [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 172.16.0.106:50586 -> 5.175.17.140:80
02/19/2018-20:27:02.886198  [**] [1:2003595:6] ET POLICY exe download via HTTP - Informational [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 172.16.0.106:50580 -> 5.175.17.140:80
02/19/2018-20:27:02.929120  [**] [1:2011855:2] ET POLICY Java JAR Download Attempt [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 172.16.0.106:50148 -> 5.175.17.140:80
02/19/2018-20:27:03.066797  [**] [1:2003595:6] ET POLICY exe download via HTTP - Informational [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 172.16.0.106:50578 -> 5.175.17.140:80
02/19/2018-20:27:03.154761  [**] [1:2011855:2] ET POLICY Java JAR Download Attempt [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 172.16.0.106:50574 -> 5.175.17.140:80
02/19/2018-20:27:04.462322  [**] [1:2008783:7] ET DELETED Possible Trojan File Download - Rar Requested but not received [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:50166
02/19/2018-20:27:04.481938  [**] [1:2008783:7] ET DELETED Possible Trojan File Download - Rar Requested but not received [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:50576
02/19/2018-20:27:04.650182  [**] [1:2008783:7] ET DELETED Possible Trojan File Download - Rar Requested but not received [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:50148
02/19/2018-20:27:11.516650  [**] [1:2011855:2] ET POLICY Java JAR Download Attempt [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 172.16.0.106:53218 -> 5.175.17.140:80
02/19/2018-20:27:11.528705  [**] [1:2003595:6] ET POLICY exe download via HTTP - Informational [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 172.16.0.106:53214 -> 5.175.17.140:80
02/19/2018-20:27:12.226056  [**] [1:2003595:6] ET POLICY exe download via HTTP - Informational [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 172.16.0.106:51980 -> 5.175.17.140:80
02/19/2018-20:27:12.233865  [**] [1:2011855:2] ET POLICY Java JAR Download Attempt [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 172.16.0.106:53206 -> 5.175.17.140:80
02/19/2018-20:27:12.498576  [**] [1:2003595:6] ET POLICY exe download via HTTP - Informational [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 172.16.0.106:51630 -> 5.175.17.140:80
02/19/2018-20:27:12.514637  [**] [1:2011855:2] ET POLICY Java JAR Download Attempt [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 172.16.0.106:51980 -> 5.175.17.140:80
02/19/2018-20:27:13.910285  [**] [1:2008783:7] ET DELETED Possible Trojan File Download - Rar Requested but not received [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 5.175.17.140:80 -> 172.16.0.106:51974
02/19/2018-20:27:42.676438  [**] [1:2008054:7] ET DELETED Nginx Server in use - Often Hostile Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.185.151.39:80 -> 172.16.0.106:50910
02/19/2018-20:27:43.051931  [**] [1:2008054:7] ET DELETED Nginx Server in use - Often Hostile Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.185.151.39:80 -> 172.16.0.106:50912
02/19/2018-20:29:11.727164  [**] [1:2002752:4] ET POLICY Reserved Internal IP Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 172.16.0.106:35648 -> 192.168.1.9:24800


unified2.alert.1523549034 - (114434 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
4Z‹2#_@¬jÀ¨	Ðò`àfZ‹2#Z‹2#_ÂJçÝJô–4uE<·ˆ@@¬jÀ¨	Ðò`à4 ± r¢è´
?Dn	4Z‹2$0ߏ@¬i¬ÿÖ`~œ[Z‹2$Z‹2$0ß?ÿÿÿÿÿÿ0Z:’E1x¬@@h‡¬i¬ÿÖ`~œÚïM-SEARCH * HTTP/1.1
4Z‹2'Ô¥>hZa¬j»éÚRZ‹2'Z‹2'Ô¥6ô–4uçÝJE(l@3lÍhZa¬j»éÚy1b”ÐíÃP&­4Z‹2(
·@¬¬j5« ~Z‹2(Z‹2(
·bô–4uçÝJETuK@@l¬¬j5« @¢‡+8€
testaspnetvulnwebcomÀ
˜¯Œ4Z‹2,

½*¹´	¯Œ¬jP»RúZ‹2,Z‹2,

½ÞEÐñs¯Œ¬jP»RPbã3mLkNAr/3mLkNAr/3jNwGAr/3jNwGAr/3oPMPAr/3oPMPAr/31JcHAr/31JcHAr/3yCoCv/fIKgK/97ySDQK/97ySDQK/99C2BgK/99C2BgKQnqPeCQKQnqPeCQKQntfyAgKQntfyAgKQnsuJCgKQnsuJCgKQnv+sAwKQnv+sAwKQnpPDDAKQnpPDDAKQnofmBQKQnofmBQKQnru9DQKQnru9DQKQnq/QBgKQnq/QBgKQnoO5AwKQnoO5AwKQnrfcDAKQnrfcDAL1pIHFDwL1pIHFDwL1pLWYBwL1pLWYBwL1pKk/AvWkqT8C9aTd0wkC9aTd0wkC9aTx9gIC9aTx9gL4nRrF58tvrU6KycuMbXc3hMQVSA==" />
			
<TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
	<TR>
		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="http://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0"></a></TD>
		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
			height="75">Test Website for Acunetix Web Vulnerability Scanner</TD>
	</TR>
</TABLE>
<TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
	<TR>
		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
				signup</a>
		</TD>
		<td class="MenuBar" align="right" width="50px">
			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
		</td>
	</TR>¢Z‹2,Z‹2,

½†Exë˯Œ¬jP»RPM
</TABLE>

			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
				<TR>
					<TD vAlign="top">
						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>08.11.2005 11:37:35</DIV>
						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available at <a href=\http://www.acunetix.com/wvs\>http://www.acunetix.com/wvs/</a>.</p>                           <p><strong>About Acunetix Ltd</strong><br />                           Acunetix is a newly formed company specializing in web                            security technology. Its product, Acunetix Web Vulnerability                            Scanner, is the result of several years of development                            and utilizes unique technology to allow companies to                            check the security of their website. Acunetix Ltd is                            a privately held firm. For more information about Acunetix,                            visit <a href=\http://www.acunetix.com/index.htm\>http://www.acunetix.com</a>.</p> </DIV>
						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
							<TR>
								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
							</TR>
							<TR>
								<TD class="Comment" vAlign="middle">
									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
							</TR>
							<TR>
								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
							</TR>
						</TABLE>
						<center>
						<iframe id="adsFrame" src="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-L4Z‹2,
¼Œ*¹´	¯Œ¬jPºàúZ‹2,Z‹2,
¼ŒÞEÐñs¯Œ¬jPºàPq^
</TABLE>

			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
				<TR>
					<TD vAlign="top">
						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>08.11.2005 11:37:35</DIV>
						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available at <a href=\húZ‹2,Z‹2,
¼ŒÞEÐñs¯Œ¬jPºàPÀ_ttp://www.acunetix.com/wvs\>http://www.acunetix.com/wvs/</a>.</p>                           <p><strong>About Acunetix Ltd</strong><br />                           Acunetix is a newly formed company specializing in web                            security technology. Its product, Acunetix Web Vulnerability                            Scanner, is the result of several years of development                            and utilizes unique technology to allow companies to                            check the security of their website. Acunetix Ltd is                            a privately held firm. For more information about Acunetix,                            visit <a href=\http://www.acunetix.com/index.htm\>http://www.acunetix.com</a>.</p> </DIV>
						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
							<TR>
								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
							</TR>
							<TR>
								<TD class="Comment" vAlign="middle">
									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
							</TR>
							<TR>
								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
							</TR>
						</TABLE>
						<center>
						<iframe id="adsFrame" src="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-L4Z‹2.
³Û*¹´	¯Œ¬jP¾œ¢Z‹2.Z‹2.
³Û†Exë˯Œ¬jP¾œPý
</TABLE>

			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
				<TR>
					<TD vAlign="top">
						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>08.11.2005 11:37:35</DIV>
						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available at <a href=\http://www.acunetix.com/wvs\>http://www.acunetix.com/wvs/</a>.</p>                           <p><strong>About Acunetix Ltd</strong><br />                           Acunetix is a newly formed company specializing in web                            security technology. Its product, Acunetix Web Vulnerability                            Scanner, is the result of several years of development                            and utilizes unique technology to allow companies to                            check the security of their website. Acunetix Ltd is                            a privately held firm. For more information about Acunetix,                            visit <a href=\http://www.acunetix.com/index.htm\>http://www.acunetix.com</a>.</p> </DIV>
						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
							<TR>
								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
							</TR>
							<TR>
								<TD class="Comment" vAlign="middle">
									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
							</TR>
							<TR>
								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
							</TR>
						</TABLE>
						<center>
						<iframe id="adsFrame" src="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-L4Z‹2/>­*¹´	¯Œ¬jP¿Ò¢Z‹2/Z‹2/>­†Exë˯Œ¬jP¿ÒPûÌ
</TABLE>

			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
				<TR>
					<TD vAlign="top">
						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>08.11.2005 11:37:35</DIV>
						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available at <a href=\http://www.acunetix.com/wvs\>http://www.acunetix.com/wvs/</a>.</p>                           <p><strong>About Acunetix Ltd</strong><br />                           Acunetix is a newly formed company specializing in web                            security technology. Its product, Acunetix Web Vulnerability                            Scanner, is the result of several years of development                            and utilizes unique technology to allow companies to                            check the security of their website. Acunetix Ltd is                            a privately held firm. For more information about Acunetix,                            visit <a href=\http://www.acunetix.com/index.htm\>http://www.acunetix.com</a>.</p> </DIV>
						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
							<TR>
								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
							</TR>
							<TR>
								<TD class="Comment" vAlign="middle">
									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
							</TR>
							<TR>
								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
							</TR>
						</TABLE>
						<center>
						<iframe id="adsFrame" src="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-L4	Z‹2/VL*¹´	¯Œ¬jP¿Ú¢	Z‹2/Z‹2/VL†Exë˯Œ¬jP¿ÚPûÄ
</TABLE>

			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
				<TR>
					<TD vAlign="top">
						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>08.11.2005 11:37:35</DIV>
						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available at <a href=\http://www.acunetix.com/wvs\>http://www.acunetix.com/wvs/</a>.</p>                           <p><strong>About Acunetix Ltd</strong><br />                           Acunetix is a newly formed company specializing in web                            security technology. Its product, Acunetix Web Vulnerabi

This file has been truncated. Go here to download in full.


stats.log - (236937 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
------------------------------------------------------------------------------------
Date: 4/12/2018 -- 16:04:02 (uptime: 0d, 00h 00m 08s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 39104
decoder.bytes                              | Total                     | 39791572
decoder.ipv4                               | Total                     | 39089
decoder.ethernet                           | Total                     | 39104
decoder.tcp                                | Total                     | 38007
decoder.udp                                | Total                     | 1082
decoder.avg_pkt_size                       | Total                     | 1017
decoder.max_pkt_size                       | Total                     | 7306
flow.tcp                                   | Total                     | 216
flow.udp                                   | Total                     | 8
tcp.sessions                               | Total                     | 170
tcp.syn                                    | Total                     | 174
tcp.synack                                 | Total                     | 168
tcp.rst                                    | Total                     | 586
tcp.overlap                                | Total                     | 2
detect.alert                               | Total                     | 26
detect.mpm_list                            | Total                     | 41
detect.nonmpm_list                         | Total                     | 108
detect.fnonmpm_list                        | Total                     | 68
detect.match_list                          | Total                     | 99
app_layer.flow.http                        | Total                     | 136
app_layer.tx.http                          | Total                     | 366
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 37
app_layer.flow.failed_udp                  | Total                     | 7
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 573456
tcp.reassembly_memuse                      | Total                     | 1476704
dns.memuse                                 | Total                     | 262
http.memuse                                | Total                     | 5399820
flow.memuse                                | Total                     | 7141408
------------------------------------------------------------------------------------
Date: 4/12/2018 -- 16:04:09 (uptime: 0d, 00h 00m 15s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 47360
decoder.bytes                              | Total                     | 48657544
decoder.ipv4                               | Total                     | 47336
decoder.ethernet                           | Total                     | 47360
decoder.tcp                                | Total                     | 46146
decoder.udp                                | Total                     | 1190
decoder.avg_pkt_size                       | Total                     | 1027
decoder.max_pkt_size                       | Total                     | 7306
flow.tcp                                   | Total                     | 268
flow.udp                                   | Total                     | 12
tcp.sessions                               | Total                     | 212
tcp.syn                                    | Total                     | 220
tcp.synack                                 | Total                     | 209
tcp.rst                                    | Total                     | 760
tcp.overlap                                | Total                     | 2
tcp.insert_list_fail                       | Total                     | 5
detect.alert                               | Total                     | 29
detect.mpm_list                            | Total                     | 49
detect.nonmpm_list                         | Total                     | 112
detect.fnonmpm_list                        | Total                     | 75
detect.match_list                          | Total                     | 110
app_layer.flow.http                        | Total                     | 167
app_layer.tx.http                          | Total                     | 588
app_layer.flow.tls                         | Total                     | 9
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 89
app_layer.flow.failed_udp                  | Total                     | 11
flow_mgr.new_pruned                        | Total                     | 1
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 573472
tcp.reassembly_memuse                      | Total                     | 1826936
dns.memuse                                 | Total                     | 647
http.memuse                                | Total                     | 5992669
flow.memuse                                | Total                     | 7157824
------------------------------------------------------------------------------------
Date: 4/12/2018 -- 16:04:16 (uptime: 0d, 00h 00m 22s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 59584
decoder.bytes                              | Total                     | 62728050
decoder.ipv4                               | Total                     | 59557
decoder.ethernet                           | Total                     | 59584
decoder.tcp                                | Total                     | 58002
decoder.udp                                | Total                     | 1555
decoder.avg_pkt_size                       | Total                     | 1052
decoder.max_pkt_size                       | Total                     | 7306
flow.tcp                                   | Total                     | 336
flow.udp                                   | Total                     | 17
tcp.sessions                               | Total                     | 277
tcp.syn                                    | Total                     | 294
tcp.synack                                 | Total                     | 272
tcp.rst                                    | Total                     | 1003
tcp.overlap                                | Total                     | 7
tcp.insert_list_fail                       | Total                     | 5
detect.alert                               | Total                     | 29
detect.mpm_list                            | Total                     | 48
detect.nonmpm_list                         | Total                     | 109
detect.fnonmpm_list                        | Total                     | 73
detect.match_list                          | Total                     | 108
app_layer.flow.http                        | Total                     | 223
app_layer.tx.http                          | Total                     | 942
app_layer.flow.tls                         | Total                     | 15
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 105
app_layer.flow.failed_udp                  | Total                     | 16
flow_mgr.new_pruned                        | Total                     | 35
flow.spare                                 | Total                     | 10001
flow_mgr.flows_checked                     | Total                     | 2
flow_mgr.flows_notimeout                   | Total                     | 2
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65534
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573472
tcp.reassembly_memuse                      | Total                     | 2285688
dns.memuse                                 | Total                     | 262
http.memuse                                | Total                     | 7392101
flow.memuse                                | Total                     | 7166464
------------------------------------------------------------------------------------
Date: 4/12/2018 -- 16:04:23 (uptime: 0d, 00h 00m 29s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 69824
decoder.bytes                              | Total                     | 74921717
decoder.ipv4                               | Total                     | 69795
decoder.ethernet                           | Total                     | 69824
decoder.tcp                                | Total                     | 67875
decoder.udp                                | Total                     | 1920
decoder.avg_pkt_size                       | Total                     | 1073
decoder.max_pkt_size                       | Total                     | 7306
flow.tcp                                   | Total                     | 378
flow.udp                                   | Total                     | 26
tcp.sessions                               | Total                     | 306
tcp.syn                                    | Total                     | 333
tcp.synack                                 | Total                     | 299
tcp.rst                                    | Total                     | 1113
tcp.overlap                                | Total                     | 8
tcp.insert_list_fail                       | Total                     | 5
detect.alert                               | Total                     | 31
detect.mpm_list                            | Total                     | 50
detect.nonmpm_list                         | Total                     | 110
detect.fnonmpm_list                        | Total                     | 75
detect.match_list                          | Total                     | 110
app_layer.flow.http                        | Total                     | 239
app_layer.tx.http                          | Total                     | 1040
app_layer.flow.tls                         | Total                     | 20
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 131
app_layer.flow.failed_udp                  | Total                     | 25
flow_mgr.new_pruned                        | Total                     | 46
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 4
flow_mgr.flows_notimeout                   | Total                     | 4
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65532
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573472
tcp.reassembly_memuse                      | Total                     | 2957480
dns.memuse                                 | Total                     | 262
http.memuse                                | Total                     | 7759124
flow.memuse                                | Total                     | 7185184
------------------------------------------------------------------------------------
Date: 4/12/2018 -- 16:04:30 (uptime: 0d, 00h 00m 36s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 82816
decoder.bytes                              | Total                     | 90318093
decoder.ipv4                               | Total                     | 82786
decoder.ethernet                           | Total                     | 82816
decoder.tcp                                | Total                     | 80357
decoder.udp                                | Total                     | 2429
decoder.avg_pkt_size                       | Total                     | 1090
decoder.max_pkt_size                       | Total                     | 7306
flow.tcp                                   | Total                     | 464
flow.udp                                   | Total                     | 32
tcp.sessions                               | Total                     | 379
tcp.syn                                    | Total                     | 422
tcp.synack                                 | Total                     | 368
tcp.rst                                    | Total                     | 1406
tcp.overlap                                | Total                     | 11
tcp.insert_list_fail                       | Total                     | 7
detect.alert                               | Total                     | 34
detect.mpm_list                            | Total                     | 52
detect.nonmpm_list                         | Total                     | 111
detect.fnonmpm_list                        | Total                     | 77
detect.match_list                          | Total                     | 113
app_layer.flow.http                        | Total                     | 268
app_layer.tx.http                          | Total                     | 1152
app_layer.flow.tls                         | Total                     | 37
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 179
app_layer.flow.failed_udp                  | Total                     | 31
flow_mgr.closed_pruned                     | Total                     | 23
flow_mgr.new_pruned                        | Total                     | 77
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 210
flow_mgr.flows_notimeout                   | Total                     | 6
flow_mgr.flows_timeout                     | Total                     | 204
flow_mgr.flows_timeout_inuse               | Total                     | 204
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65325
flow_mgr.rows_empty                        | Total                     | 4
flow_mgr.rows_maxlen                       | Total                     | 2
tcp.memuse                                 | Total                     | 573488
tcp.reassembly_memuse         

This file has been truncated. Go here to download in full.


eve.json - (11534470 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
{"timestamp":"2018-02-19T20:22:59.286658+0000","flow_id":2199653309439938,"pcap_cnt":126,"event_type":"alert","src_ip":"172.16.0.106","src_port":53490,"dest_ip":"192.168.1.9","dest_port":24800,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2002752,"rev":4,"signature":"ET POLICY Reserved Internal IP Traffic","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2018-02-19T20:23:00.471263+0000","flow_id":58878400409823,"pcap_cnt":381,"event_type":"alert","src_ip":"172.16.0.105","src_port":54880,"dest_ip":"172.16.0.255","dest_port":32412,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2002752,"rev":4,"signature":"ET POLICY Reserved Internal IP Traffic","category":"Potentially Bad Traffic","severity":2},"app_proto":"failed"}
{"timestamp":"2018-02-19T20:23:03.971941+0000","flow_id":528447175072270,"pcap_cnt":998,"event_type":"alert","src_ip":"104.25.90.97","src_port":443,"dest_ip":"172.16.0.106","dest_port":59866,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2002750,"rev":27,"signature":"ET DELETED Reserved IP Space Traffic - Bogon Nets 2","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2018-02-19T20:23:04.919120+0000","flow_id":2192927390959184,"pcap_cnt":1220,"event_type":"dns","src_ip":"172.16.0.106","src_port":43936,"dest_ip":"172.16.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11064,"rrname":"testaspnet.vulnweb.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-02-19T20:23:04.919167+0000","flow_id":2192927390959184,"pcap_cnt":1221,"event_type":"dns","src_ip":"172.16.0.106","src_port":43936,"dest_ip":"172.16.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":26728,"rrname":"testaspnet.vulnweb.com","rrtype":"AAAA","tx_id":1}}
{"timestamp":"2018-02-19T20:23:04.921015+0000","flow_id":2192927390959184,"pcap_cnt":1222,"event_type":"alert","src_ip":"172.16.0.1","src_port":53,"dest_ip":"172.16.0.106","dest_port":43936,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2002752,"rev":4,"signature":"ET POLICY Reserved Internal IP Traffic","category":"Potentially Bad Traffic","severity":2},"app_proto":"dns"}
{"timestamp":"2018-02-19T20:23:04.921015+0000","flow_id":2192927390959184,"pcap_cnt":1222,"event_type":"dns","src_ip":"172.16.0.1","src_port":53,"dest_ip":"172.16.0.106","dest_port":43936,"proto":"UDP","dns":{"type":"answer","id":11064,"rcode":"NOERROR","rrname":"testaspnet.vulnweb.com","rrtype":"A","ttl":3480,"rdata":"5.175.17.140"}}
{"timestamp":"2018-02-19T20:23:06.899412+0000","flow_id":2192927390959184,"pcap_cnt":1450,"event_type":"dns","src_ip":"172.16.0.106","src_port":43936,"dest_ip":"172.16.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":19172,"rrname":"testaspnet.vulnweb.com","rrtype":"A","tx_id":2}}
{"timestamp":"2018-02-19T20:23:06.899516+0000","flow_id":2192927390959184,"pcap_cnt":1451,"event_type":"dns","src_ip":"172.16.0.106","src_port":43936,"dest_ip":"172.16.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":17228,"rrname":"testaspnet.vulnweb.com","rrtype":"AAAA","tx_id":3}}
{"timestamp":"2018-02-19T20:23:06.902416+0000","flow_id":2192927390959184,"pcap_cnt":1452,"event_type":"dns","src_ip":"172.16.0.1","src_port":53,"dest_ip":"172.16.0.106","dest_port":43936,"proto":"UDP","dns":{"type":"answer","id":19172,"rcode":"NOERROR","rrname":"testaspnet.vulnweb.com","rrtype":"A","ttl":3478,"rdata":"5.175.17.140"}}
{"timestamp":"2018-02-19T20:23:07.940812+0000","flow_id":740859077663882,"pcap_cnt":1566,"event_type":"http","src_ip":"172.16.0.106","src_port":47240,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testaspnet.vulnweb.com","url":"\/ReadNews.aspx?id=3%3Bwaitfor%20delay%20%270%3A0%3A4%27--%20&NewsAd=ads%2Fdef.html","http_user_agent":"Arachni\/v1.5.1"}}
{"timestamp":"2018-02-19T20:23:07.994470+0000","flow_id":230516031149092,"pcap_cnt":1588,"event_type":"http","src_ip":"172.16.0.106","src_port":47234,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testaspnet.vulnweb.com","url":"\/ReadNews.aspx?id=3&NewsAd=ads%2Fdef.html%27%29%29%3Bselect%20pg_sleep%284%29%3B%20--%20","http_user_agent":"Arachni\/v1.5.1"}}
{"timestamp":"2018-02-19T20:23:08.001511+0000","flow_id":314413922336406,"pcap_cnt":1600,"event_type":"http","src_ip":"172.16.0.106","src_port":47242,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testaspnet.vulnweb.com","url":"\/ReadNews.aspx?id=3&NewsAd=ads%2Fdef.html%3Bwaitfor%20delay%20%270%3A0%3A4%27--%20","http_user_agent":"Arachni\/v1.5.1"}}
{"timestamp":"2018-02-19T20:23:08.006938+0000","flow_id":1765206630292981,"pcap_cnt":1609,"event_type":"http","src_ip":"172.16.0.106","src_port":47244,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testaspnet.vulnweb.com","url":"\/ReadNews.aspx?id=3%27%3Bwaitfor%20delay%20%270%3A0%3A4%27--%20&NewsAd=ads%2Fdef.html","http_user_agent":"Arachni\/v1.5.1"}}
{"timestamp":"2018-02-19T20:23:08.067700+0000","flow_id":2053308741551793,"pcap_cnt":1619,"event_type":"http","src_ip":"172.16.0.106","src_port":47246,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testaspnet.vulnweb.com","url":"\/ReadNews.aspx?id=3&NewsAd=ads%2Fdef.html%27%3Bwaitfor%20delay%20%270%3A0%3A4%27--%20","http_user_agent":"Arachni\/v1.5.1"}}
{"timestamp":"2018-02-19T20:23:08.130452+0000","flow_id":653261071891095,"pcap_cnt":1627,"event_type":"http","src_ip":"172.16.0.106","src_port":47212,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testaspnet.vulnweb.com","url":"\/ReadNews.aspx?id=3%3Bselect%20pg_sleep%284%29%3B%20--%20&NewsAd=ads%2Fdef.html","http_user_agent":"Arachni\/v1.5.1"}}
{"timestamp":"2018-02-19T20:23:08.141364+0000","flow_id":1880090562726637,"pcap_cnt":1635,"event_type":"http","src_ip":"172.16.0.106","src_port":47214,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testaspnet.vulnweb.com","url":"\/ReadNews.aspx?id=3&NewsAd=ads%2Fdef.html%3Bselect%20pg_sleep%284%29%3B%20--%20","http_user_agent":"Arachni\/v1.5.1"}}
{"timestamp":"2018-02-19T20:23:08.145391+0000","flow_id":2083410019561102,"pcap_cnt":1639,"event_type":"http","src_ip":"172.16.0.106","src_port":47216,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testaspnet.vulnweb.com","url":"\/ReadNews.aspx?id=3%27%3Bselect%20pg_sleep%284%29%3B%20--%20&NewsAd=ads%2Fdef.html","http_user_agent":"Arachni\/v1.5.1"}}
{"timestamp":"2018-02-19T20:23:08.148215+0000","flow_id":377768984672367,"pcap_cnt":1645,"event_type":"http","src_ip":"172.16.0.106","src_port":47220,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testaspnet.vulnweb.com","url":"\/ReadNews.aspx?id=3%29%3Bselect%20pg_sleep%284%29%3B%20--%20&NewsAd=ads%2Fdef.html","http_user_agent":"Arachni\/v1.5.1"}}
{"timestamp":"2018-02-19T20:23:08.159802+0000","flow_id":1541185430833837,"pcap_cnt":1649,"event_type":"http","src_ip":"172.16.0.106","src_port":47218,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testaspnet.vulnweb.com","url":"\/ReadNews.aspx?id=3&NewsAd=ads%2Fdef.html%27%3Bselect%20pg_sleep%284%29%3B%20--%20","http_user_agent":"Arachni\/v1.5.1"}}
{"timestamp":"2018-02-19T20:23:08.221179+0000","flow_id":2015064205272085,"pcap_cnt":1676,"event_type":"http","src_ip":"172.16.0.106","src_port":47252,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testaspnet.vulnweb.com","url":"\/ReadNews.aspx?id=3%29%3Bwaitfor%20delay%20%270%3A0%3A4%27--%20&NewsAd=ads%2Fdef.html","http_user_agent":"Arachni\/v1.5.1"}}
{"timestamp":"2018-02-19T20:23:08.277807+0000","flow_id":595906078982155,"pcap_cnt":1706,"event_type":"fileinfo","src_ip":"172.16.0.106","src_port":47304,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","http":{"hostname":"testaspnet.vulnweb.com","url":"\/default.aspx","http_user_agent":"Arachni\/v1.5.1","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/default.aspx","gaps":false,"state":"CLOSED","stored":false,"size":1018,"tx_id":0}}
{"timestamp":"2018-02-19T20:23:08.277859+0000","flow_id":2216813851590773,"pcap_cnt":1707,"event_type":"fileinfo","src_ip":"172.16.0.106","src_port":47306,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","http":{"hostname":"testaspnet.vulnweb.com","url":"\/default.aspx","http_user_agent":"Arachni\/v1.5.1","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/default.aspx","gaps":false,"state":"CLOSED","stored":false,"size":1018,"tx_id":0}}
{"timestamp":"2018-02-19T20:23:08.277902+0000","flow_id":2077313313816769,"pcap_cnt":1708,"event_type":"fileinfo","src_ip":"172.16.0.106","src_port":47308,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","http":{"hostname":"testaspnet.vulnweb.com","url":"\/default.aspx","http_user_agent":"Arachni\/v1.5.1","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/default.aspx","gaps":false,"state":"CLOSED","stored":false,"size":1018,"tx_id":0}}
{"timestamp":"2018-02-19T20:23:08.277951+0000","flow_id":167294112645386,"pcap_cnt":1709,"event_type":"fileinfo","src_ip":"172.16.0.106","src_port":47310,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","http":{"hostname":"testaspnet.vulnweb.com","url":"\/default.aspx","http_user_agent":"Arachni\/v1.5.1","http_method":"POST","protocol":"HTTP\/1.1","status":100,"length":0},"app_proto":"http","fileinfo":{"filename":"\/default.aspx","gaps":false,"state":"CLOSED","stored":false,"size":1026,"tx_id":0}}
{"timestamp":"2018-02-19T20:23:08.277992+0000","flow_id":359341427802452,"pcap_cnt":1710,"event_type":"fileinfo","src_ip":"172.16.0.106","src_port":47312,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","http":{"hostname":"testaspnet.vulnweb.com","url":"\/default.aspx","http_user_agent":"Arachni\/v1.5.1","http_method":"POST","protocol":"HTTP\/1.1","status":100,"length":0},"app_proto":"http","fileinfo":{"filename":"\/default.aspx","gaps":false,"state":"CLOSED","stored":false,"size":1026,"tx_id":0}}
{"timestamp":"2018-02-19T20:23:08.278035+0000","flow_id":182098864914859,"pcap_cnt":1711,"event_type":"fileinfo","src_ip":"172.16.0.106","src_port":47314,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","http":{"hostname":"testaspnet.vulnweb.com","url":"\/default.aspx","http_user_agent":"Arachni\/v1.5.1","http_method":"POST","protocol":"HTTP\/1.1","status":100,"length":0},"app_proto":"http","fileinfo":{"filename":"\/default.aspx","gaps":false,"state":"CLOSED","stored":false,"size":1026,"tx_id":0}}
{"timestamp":"2018-02-19T20:23:08.296933+0000","flow_id":626400346713265,"pcap_cnt":1744,"event_type":"http","src_ip":"172.16.0.106","src_port":47262,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testaspnet.vulnweb.com","url":"\/ReadNews.aspx?id=3%27%29%3Bwaitfor%20delay%20%270%3A0%3A4%27--%20&NewsAd=ads%2Fdef.html","http_user_agent":"Arachni\/v1.5.1"}}
{"timestamp":"2018-02-19T20:23:08.301036+0000","flow_id":1090267551863666,"pcap_cnt":1748,"event_type":"http","src_ip":"172.16.0.106","src_port":47226,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testaspnet.vulnweb.com","url":"\/ReadNews.aspx?id=3&NewsAd=ads%2Fdef.html%27%29%3Bselect%20pg_sleep%284%29%3B%20--%20","http_user_agent":"Arachni\/v1.5.1"}}
{"timestamp":"2018-02-19T20:23:08.307274+0000","flow_id":1539553343568579,"pcap_cnt":1756,"event_type":"http","src_ip":"172.16.0.106","src_port":47254,"dest_ip":"5.175.17.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"testaspnet.vulnweb.com","url":"\/ReadNews.aspx?id=3&NewsAd=ads%2Fdef.html%29%3Bwaitfor%20delay%20%270%3A0%3A4%27--%20","http_user_agent":"Arachni\/v1.5.1"}}
{"timestamp":"2018-02-19T20:23:08.374406+0000","flow_id":2192927390959184,"pcap_cnt":1780,"event_type":"dns","src_ip":"172.16.0.106","src_port":43936,"dest_ip":"172.16.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":26654,"rrname":"testaspnet.vulnweb.com","rrtype":"A","tx_id":4}}
{"timestamp":"2018-02-19T20:23:08.374423+0000","flow_id":2192927390959184,"pcap_cnt":1781,"event_type":"dns","src_ip":"172.16.0.106","src_port":43936,"dest_ip":"172.16.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":59423,"rrname":"testaspnet.vulnweb.com","rrtype":"AAAA","tx_id":5}}
{"timestamp":"2018-02-19T20:23:08.374437+0000","flow_id":2192927390959184,"pcap_cnt":1782,"event_type":"dns","src_ip":"172.16.0.106","src_port":43936,"dest_ip":"172.16.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":61298,"rrname":"testaspnet.vulnweb.com","rrtype":"A","tx_id":6}}
{"timestamp":"2018-02-19T20:23:08.374452+0000","flow_id":2192927390959184,"pcap_cnt":1783,"event_type":"dns","src_ip":"172.16.0.106","src_port":43936,"dest_ip":"172.16.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":19221,"rrname":"testaspnet.vulnweb.com","rrtype":"AAAA","tx_id":7}}
{"timestamp":"2018-02-19T20:23:08.374467+0000","flow_id":2192927390959184,"pcap_cnt":1784,"event_type":"dns","src_ip":"172.16.0.106","src_port":43936,"dest_ip":"172.16.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":19446,"rrname":"testaspnet.vulnweb.com","rrtype":"A","tx_id":8}}
{"timestamp":"2018-02-19T20:23:08.374485+0000","flow_id":2192927390959184,"pcap_cnt":1785,"event_type":"dns","src_ip":"172.16.0.106","src_port":43936,"dest_ip":"172.16.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":56011,"rrname":"testaspnet.vulnweb.com","rrtype":"AAAA","tx_id":9}}
{"timestamp":"2018-02-19T20:23:08.374499+0000","flow_id":2192927390959184,"pcap_cnt":1786,"event_type":"dns","src_ip":"172.16.0.106","src_port":43936,"dest_ip":"172.16.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":58501,"rrname":"testaspnet.vulnweb.com","rrtype":"A","tx_id":10}}
{"timestamp":"2018-02-19T20:23:08.374512+0000","flow_id":2192927390959184,"pcap_cnt":1787,"event_type":"dns","src_ip":"172.16.0.106","src_port":43936,"dest_ip":"172.16.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":13098,"rrname":"testaspnet.vulnweb.com","rrtype":"AAAA","tx_id":11}}
{"timestamp":"2018-02-19T20:23:08.374525+0000","flow_id":2192927390959184,"pcap_cnt":1788,"event_type":"dns","src_ip":"172.16.0.106","src_port":43936,"dest_ip":"172.16.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11967,"rrname":"testaspnet.vulnweb.com","rrtype":"A","tx_id":12}}
{"timestamp":"2018-02-19T20:23:08.374538+0000","flow_id":2192927390959184,"pcap_cnt":1789,"event_type":"dns","src_ip":"172.16.0.106","src_port":43936,"dest_ip":"172.16.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22665,"rrname":"testaspnet.vulnweb.com","rrtype":"AAAA","tx_id":13}}
{"timestamp":"2018-02-19T20:23:08.384290+0000","flow_id":2192927390959184,"pcap_cnt":1790,"event_type":"dns","src_ip":"172.16.0.1","src_port":53,"dest_ip":"172.16.0.106","dest_port":43936,"proto":"UDP","dns":{"type":"answer","id":26654,"rcode":"NOERROR","rrname":"testaspnet.vulnweb.com","rrtype":"A","ttl":3477,"rdata":"5.175.17.140"}}
{"timestamp":"2018-02-19T20:23:08.385736+0000","flow_id":2192927390959184,"pcap_cnt":1792,"event_type":"dns","src_ip":"172.16.0.1","src_port":53,"dest_ip":"172.16.0.106","dest_port":43936,"proto":"UDP","dns":{"type":"answer","id":61298,"rcode":"NOERROR","rrname":"testaspnet.vulnweb.com","rrtype":"A","ttl":3477,"rdata":"5.175.17.140"}}
{"timestamp":"2018-02-19T20:23:08.388006+0000","flow_id":2192927390959184,"pcap_cnt":1798,"event_type":"dns","src_ip":"172.16.0.1","src_port":53,"dest_ip":"172.16.0.106","dest_port":43936,"proto":"UDP","dns":{"type":"answer","id":19446,"rcode":"NOERROR","rrname":"testaspnet.vulnweb.com","rrtype":"A","ttl":3477,"rdata":"5.175.17.140"}}
{"timestamp":"2018-02-19T20:23:08.390634+0000","flow_id":2192927390959184,"pcap_cnt":1801,"event_type":"dns","src_ip":"172.16.0.1","src_port":53,"dest_ip":"172.16.0.106","dest_port":43936,"proto":"UDP","dns":{"type":"answer","id":58501,"rcode":"NOERROR","rrname":"testaspnet.vulnweb.com","rrtype":"A","ttl":3477,"rdata":"5.175.17.140"}}
{"timestamp":"2018-02-19T20:23:08.392384+0000","flow_id":2192927390959184,"pcap_cnt":1803,"event_type":"dns","src_ip":"172.16.0.1","src_port":53,"dest_ip":"172.16.0.106","dest_port":4393

This file has been truncated. Go here to download in full.


suricata-report-2018-04-12-T-16-11-46-04122018.1603-arachni.pcap.txt - (26883 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etproenall/suricata400-etproenall-all.yaml -l /var/www/html/d5c2a7721be6e26898adfc757f8db57b51cf25896b6b2454fe89507ba3b24642 -r /var/pcap/04122018.1603-arachni.pcap -vvv -k none
elapsedtime:509.918126
stderr:
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_checksum'.
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any 20000 -> $HOME_NET any (msg:"ETPRO DELETED PROSOFT (Event 16) Failed Checksum Error"; flow:established; dnp3_checksum:incorrect; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801093; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2314
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_resp_ii'.
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any 20000 -> $HOME_NET any (msg:"ETPRO DELETED SCHWEITZER (Event 20) Function Not Available Error"; flow:established; dnp3_resp_ii:unknown_func; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801164; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2321
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_cmd_fc'.
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $HOME_NET 20000 (msg:"ETPRO DELETED SCHWEITZER (Event 31) Reboot or Restart"; dnp3_cmd_fc:13; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801165; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2322
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_cmd_fc'.
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $HOME_NET 20000 (msg:"ETPRO DELETED SCHWEITZER (Event 31) Reboot or Restart"; dnp3_cmd_fc:14; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801166; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_03;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2323
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_cmd_fc'.
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $HOME_NET 20000 (msg:"ETPRO DELETED SCHWEITZER (Event 31) Reboot or Restart"; dnp3_cmd_fc:13; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801167; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2324
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_cmd_fc'.
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $HOME_NET 20000 (msg:"ETPRO DELETED SCHWEITZER (Event 31) Reboot or Restart"; dnp3_cmd_fc:14; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801168; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2325
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_cmd_fc'.
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $HOME_NET 20000 (msg:"ETPRO DELETED SCHWEITZER (Event 32)Time Change Attempt"; dnp3_cmd_fc:2; dnp3_cmd_ot:50; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801170; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2326
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_cmd_fc'.
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $DNP3_SERVER $DNP3_PORTS (msg:"ETPRO DELETED DNP3 Time Change Attempt"; dnp3_cmd_fc:2; dnp3_cmd_ot:50; metadata: former_category SCADA_SPECIAL; reference:url,digitalbond.com/tools/quickdraw/dnp3-rules; classtype:misc-activity; sid:2801708; rev:1; metadata:created_at 2011_03_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2381
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_checksum'.
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $DNP3_SERVER $DNP3_PORTS (msg:"ETPRO DELETED DNP3 Failed Checksum Error"; flags: PA; dnp3_checksum:incorrect; metadata: former_category SCADA_SPECIAL; reference:url,digitalbond.com/tools/quickdraw/dnp3-rules; classtype:bad-unknown; sid:2801709; rev:1; metadata:created_at 2011_03_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2382
Killed
stdout:
12/4/2018 -- 16:03:16 - <Info> - Configuration node 'rule-files' redefined.
12/4/2018 -- 16:03:16 - <Notice> - This is Suricata version 4.0.0 RELEASE
12/4/2018 -- 16:03:16 - <Info> - CPUs/cores online: 1
12/4/2018 -- 16:03:16 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33822 and 'request-body-inspect-window' set to 16328 after randomization.
12/4/2018 -- 16:03:16 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32808 and 'response-body-inspect-window' set to 16586 after randomization.
12/4/2018 -- 16:03:16 - <Config> - DNS request flood protection level: 500
12/4/2018 -- 16:03:16 - <Config> - DNS per flow memcap (state-memcap): 524288
12/4/2018 -- 16:03:16 - <Config> - DNS global memcap: 16777216
12/4/2018 -- 16:03:16 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
12/4/2018 -- 16:03:16 - <Config> - preallocated 1000 hosts of size 136
12/4/2018 -- 16:03:16 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
12/4/2018 -- 16:03:16 - <Config> - using magic-file /usr/share/file/magic
12/4/2018 -- 16:03:16 - <Config> - Core dump size is unlimited.
12/4/2018 -- 16:03:16 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
12/4/2018 -- 16:03:16 - <Config> - preallocated 1000 defrag trackers of size 168
12/4/2018 -- 16:03:16 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
12/4/2018 -- 16:03:16 - <Config> - stream "prealloc-sessions": 2048 (per thread)
12/4/2018 -- 16:03:16 - <Config> - stream "memcap": 33554432
12/4/2018 -- 16:03:16 - <Config> - stream "midstream" session pickups: disabled
12/4/2018 -- 16:03:16 - <Config> - stream "async-oneside": disabled
12/4/2018 -- 16:03:16 - <Config> - stream "checksum-validation": disabled
12/4/2018 -- 16:03:16 - <Config> - stream."inline": disabled
12/4/2018 -- 16:03:16 - <Config> - stream "bypass": disabled
12/4/2018 -- 16:03:16 - <Config> - stream "max-synack-queued": 5
12/4/2018 -- 16:03:16 - <Config> - stream.reassembly "memcap": 134217728
12/4/2018 -- 16:03:16 - <Config> - stream.reassembly "depth": 0
12/4/2018 -- 16:03:16 - <Config> - stream.reassembly "toserver-chunk-size": 2627
12/4/2018 -- 16:03:16 - <Config> - stream.reassembly "toclient-chunk-size": 2610
12/4/2018 -- 16:03:16 - <Config> - stream.reassembly.raw: enabled
12/4/2018 -- 16:03:16 - <Config> - stream.reassembly "segment-prealloc": 2048
12/4/2018 -- 16:03:16 - <Config> - Delayed detect disabled
12/4/2018 -- 16:03:16 - <Config> - pattern matchers: MPM: ac, SPM: bm
12/4/2018 -- 16:03:16 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
12/4/2018 -- 16:03:16 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
12/4/2018 -- 16:03:16 - <Config> - prefilter engines: MPM
12/4/2018 -- 16:03:16 - <Config> - IP reputation disabled
12/4/2018 -- 16:03:16 - <Perf> - Registered 148 keyword profiling counters.
12/4/2018 -- 16:03:16 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-ftp.rules
12/4/2018 -- 16:03:16 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-policy.rules
12/4/2018 -- 16:03:16 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-trojan.rules
12/4/2018 -- 16:03:23 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-games.rules
12/4/2018 -- 16:03:23 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-pop3.rules
12/4/2018 -- 16:03:23 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-user_agents.rules
12/4/2018 -- 16:03:24 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-activex.rules
12/4/2018 -- 16:03:24 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-rpc.rules
12/4/2018 -- 16:03:24 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-attack_response.rules
12/4/2018 -- 16:03:24 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-icmp.rules
12/4/2018 -- 16:03:24 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-scan.rules
12/4/2018 -- 16:03:24 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-voip.rules
12/4/2018 -- 16:03:24 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-chat.rules
12/4/2018 -- 16:03:24 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-icmp_info.rules
12/4/2018 -- 16:03:24 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-info.rules
12/4/2018 -- 16:03:24 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-shellcode.rules
12/4/2018 -- 16:03:25 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-web_client.rules
12/4/2018 -- 16:03:26 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-imap.rules
12/4/2018 -- 16:03:26 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-web_server.rules
12/4/2018 -- 16:03:26 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-current_events.rules
12/4/2018 -- 16:03:30 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-inappropriate.rules
12/4/2018 -- 16:03:30 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-smtp.rules
12/4/2018 -- 16:03:30 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-web_specific_apps.rules
12/4/2018 -- 16:03:33 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules
12/4/2018 -- 16:03:34 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-malware.rules
12/4/2018 -- 16:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-snmp.rules
12/4/2018 -- 16:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-worm.rules
12/4/2018 -- 16:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-dns.rules
12/4/2018 -- 16:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-misc.rules
12/4/2018 -- 16:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-sql.rules
12/4/2018 -- 16:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-dos.rules
12/4/2018 -- 16:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-netbios.rules
12/4/2018 -- 16:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-telnet.rules
12/4/2018 -- 16:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-exploit.rules
12/4/2018 -- 16:03:36 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-p2p.rules
12/4/2018 -- 16:03:36 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-tftp.rules
12/4/2018 -- 16:03:36 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-mobile_malware.rules
12/4/2018 -- 16:03:38 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-botcc.rules
12/4/2018 -- 16:03:38 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-compromised.rules
12/4/2018 -- 16:03:38 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-drop.rules
12/4/2018 -- 16:03:38 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-dshield.rules
12/4/2018 -- 16:03:38 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-tor.rules
12/4/2018 -- 16:03:38 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-ciarmy.rules
12/4/2018 -- 16:03:38 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/local.rules
12/4/2018 -- 16:03:38 - <Config> - No rules loaded from local.rules.
12/4/2018 -- 16:03:38 - <Info> - 44 rule files processed. 47411 rules successfully loaded, 9 rules failed
12/4/2018 -- 16:03:38 - <Info> - Threshold config parsed: 0 rule(s) found
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for tcp-packet
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for tcp-stream
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for udp-packet
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for other-ip
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_uri
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_request_line
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_client_body
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_response_line
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_header
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_header
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_header_names
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_header_names
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_accept
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_accept_enc
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_accept_lang
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_referer
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_connection
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_content_len
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_content_len
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_content_type
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_content_type
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_protocol
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_protocol
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_start
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_start
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_raw_header
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_raw_header
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_method
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_cookie
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_cookie
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_raw_uri
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_user_agent
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_host
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_raw_host
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_stat_msg
12/4/2018 -- 16:03:39 - <Perf> - using shared mpm ctx' for http_stat_code
12/4/2018 -- 16:03:39 - <Per

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (36175 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
2018-04-12 16:03:14,834 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-04-12 16:03:16,208 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-04-12 16:03:16,208 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etproenall-all
2018-04-12 16:03:16,209 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-04-12 16:03:16,209 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-04-12 16:03:16,210 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etproenall/suricata400-etproenall-all.yaml -l /var/www/html/d5c2a7721be6e26898adfc757f8db57b51cf25896b6b2454fe89507ba3b24642 -r /var/pcap/04122018.1603-arachni.pcap -vvv -k none
2018-04-12 16:11:46,128 - WARNING - cmd_wrapper - /opt/IDSDeathBlossom/IDSDeathBlossom.py +106 - there was an error executing ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etproenall/suricata400-etproenall-all.yaml -l /var/www/html/d5c2a7721be6e26898adfc757f8db57b51cf25896b6b2454fe89507ba3b24642 -r /var/pcap/04122018.1603-arachni.pcap -vvv -k none
2018-04-12 16:11:46,176 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_checksum'.
2018-04-12 16:11:46,177 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any 20000 -> $HOME_NET any (msg:"ETPRO DELETED PROSOFT (Event 16) Failed Checksum Error"; flow:established; dnp3_checksum:incorrect; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801093; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2314
2018-04-12 16:11:46,178 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_resp_ii'.
2018-04-12 16:11:46,179 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any 20000 -> $HOME_NET any (msg:"ETPRO DELETED SCHWEITZER (Event 20) Function Not Available Error"; flow:established; dnp3_resp_ii:unknown_func; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801164; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2321
2018-04-12 16:11:46,179 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_cmd_fc'.
2018-04-12 16:11:46,180 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $HOME_NET 20000 (msg:"ETPRO DELETED SCHWEITZER (Event 31) Reboot or Restart"; dnp3_cmd_fc:13; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801165; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2322
2018-04-12 16:11:46,181 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_cmd_fc'.
2018-04-12 16:11:46,181 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $HOME_NET 20000 (msg:"ETPRO DELETED SCHWEITZER (Event 31) Reboot or Restart"; dnp3_cmd_fc:14; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801166; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_03;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2323
2018-04-12 16:11:46,182 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_cmd_fc'.
2018-04-12 16:11:46,183 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $HOME_NET 20000 (msg:"ETPRO DELETED SCHWEITZER (Event 31) Reboot or Restart"; dnp3_cmd_fc:13; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801167; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2324
2018-04-12 16:11:46,183 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_cmd_fc'.
2018-04-12 16:11:46,184 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $HOME_NET 20000 (msg:"ETPRO DELETED SCHWEITZER (Event 31) Reboot or Restart"; dnp3_cmd_fc:14; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801168; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2325
2018-04-12 16:11:46,185 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_cmd_fc'.
2018-04-12 16:11:46,185 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $HOME_NET 20000 (msg:"ETPRO DELETED SCHWEITZER (Event 32)Time Change Attempt"; dnp3_cmd_fc:2; dnp3_cmd_ot:50; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801170; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2326
2018-04-12 16:11:46,186 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_cmd_fc'.
2018-04-12 16:11:46,187 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $DNP3_SERVER $DNP3_PORTS (msg:"ETPRO DELETED DNP3 Time Change Attempt"; dnp3_cmd_fc:2; dnp3_cmd_ot:50; metadata: former_category SCADA_SPECIAL; reference:url,digitalbond.com/tools/quickdraw/dnp3-rules; classtype:misc-activity; sid:2801708; rev:1; metadata:created_at 2011_03_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2381
2018-04-12 16:11:46,187 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_checksum'.
2018-04-12 16:11:46,188 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $DNP3_SERVER $DNP3_PORTS (msg:"ETPRO DELETED DNP3 Failed Checksum Error"; flags: PA; dnp3_checksum:incorrect; metadata: former_category SCADA_SPECIAL; reference:url,digitalbond.com/tools/quickdraw/dnp3-rules; classtype:bad-unknown; sid:2801709; rev:1; metadata:created_at 2011_03_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2382
2018-04-12 16:11:46,191 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +442 - suricata ran with errors
2018-04-12 16:11:46,191 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +449 - mode:suricata; lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etproenall/suricata400-etproenall-all.yaml -l /var/www/html/d5c2a7721be6e26898adfc757f8db57b51cf25896b6b2454fe89507ba3b24642 -r /var/pcap/04122018.1603-arachni.pcap -vvv -k none; returncode:137; elapsed:509.918126; Errors:
- 12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_checksum'.
- 12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any 20000 -> $HOME_NET any (msg:"ETPRO DELETED PROSOFT (Event 16) Failed Checksum Error"; flow:established; dnp3_checksum:incorrect; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801093; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2314
- 12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_resp_ii'.
- 12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any 20000 -> $HOME_NET any (msg:"ETPRO DELETED SCHWEITZER (Event 20) Function Not Available Error"; flow:established; dnp3_resp_ii:unknown_func; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801164; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2321
- 12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_cmd_fc'.
- 12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $HOME_NET 20000 (msg:"ETPRO DELETED SCHWEITZER (Event 31) Reboot or Restart"; dnp3_cmd_fc:13; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801165; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2322
- 12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_cmd_fc'.
- 12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $HOME_NET 20000 (msg:"ETPRO DELETED SCHWEITZER (Event 31) Reboot or Restart"; dnp3_cmd_fc:14; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801166; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_03;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2323
- 12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_cmd_fc'.
- 12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $HOME_NET 20000 (msg:"ETPRO DELETED SCHWEITZER (Event 31) Reboot or Restart"; dnp3_cmd_fc:13; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801167; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2324
- 12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_cmd_fc'.
- 12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $HOME_NET 20000 (msg:"ETPRO DELETED SCHWEITZER (Event 31) Reboot or Restart"; dnp3_cmd_fc:14; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801168; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2325
- 12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_cmd_fc'.
- 12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $HOME_NET 20000 (msg:"ETPRO DELETED SCHWEITZER (Event 32)Time Change Attempt"; dnp3_cmd_fc:2; dnp3_cmd_ot:50; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801170; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2326
- 12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_cmd_fc'.
- 12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $DNP3_SERVER $DNP3_PORTS (msg:"ETPRO DELETED DNP3 Time Change Attempt"; dnp3_cmd_fc:2; dnp3_cmd_ot:50; metadata: former_category SCADA_SPECIAL; reference:url,digitalbond.com/tools/quickdraw/dnp3-rules; classtype:misc-activity; sid:2801708; rev:1; metadata:created_at 2011_03_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2381
- 12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_checksum'.
- 12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $DNP3_SERVER $DNP3_PORTS (msg:"ETPRO DELETED DNP3 Failed Checksum Error"; flags: PA; dnp3_checksum:incorrect; metadata: former_category SCADA_SPECIAL; reference:url,digitalbond.com/tools/quickdraw/dnp3-rules; classtype:bad-unknown; sid:2801709; rev:1; metadata:created_at 2011_03_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2382

 Warnings:
None
 stderr:
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_checksum'.
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any 20000 -> $HOME_NET any (msg:"ETPRO DELETED PROSOFT (Event 16) Failed Checksum Error"; flow:established; dnp3_checksum:incorrect; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801093; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2314
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_resp_ii'.
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any 20000 -> $HOME_NET any (msg:"ETPRO DELETED SCHWEITZER (Event 20) Function Not Available Error"; flow:established; dnp3_resp_ii:unknown_func; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801164; rev:1; metadata:created_at 2010_12_22, updated_at 2017_10_02;)" from file /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules at line 2321
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'dnp3_cmd_fc'.
12/4/2018 -- 16:03:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> $HOME_NET 20000 (msg:"ETPRO DELETED SCHWEITZER (Event 31) Reboot or Restart"; dnp3_cmd_fc:13; metadata: former_category SCADA_SPECIAL; classtype:misc-activity; sid:2801165; rev:1; metadata:created_at 2010

This file has been truncated. Go here to download in full.