📄 appdefs.resp
字号:
###V:1#P:4.8###DO NOT EDIT THIS LINE!## This is the responses file "appdefs.resp" for amap## Responses have the following format:## NAME:[TRIGGER,[TRIGGER,...]]:[IP_PROTOCOL]:[MIN_LENGTH,MAX_LENGTH]:RESPONSE_REGEX## NAME - the name that is printed from amap if the definition matches# the received reply from the service# TRIGGER - (optional) requires that the received reply data was# triggered by a trigger with that name in appdefs.trig# As many triggers can be defined here as you wish, seperated# by a comma.# IP_PROTOCOL - (optional) requires that the received reply comes in via# tcp or udp protocol. default is both.# Valid values: empty, "both", "tcp", "udp" (in any case)# LENGTH - (optional) the minimum and maximum length of the reply# received, seperated by a comma, e.g. ":5,10:", or a single# number for an exact match. So: :5,5:" equals ":5:"# RESPONSE - This is a Perl regular expression (man perlre) which will be# tried on the reply data## A match is reported if the reponse matches the reply data and *all*# specified optional specifications.## Examples:# rlogin::tcp::rlogind: Any response coming in via TCP and where the# reply data contains the text "rlogind:"## time:::4:. This matches anything which has an exact length of four bytes.# The "." matches any one character (as it is defined with Perl regex)# and is just there so that the response string is not empty.# Otherwise amap would bail.## ftp:ftp:tcp::^220.*\n331 This matches any reply received via TCP,# which was generated from a trigger (in appdefs.trig). The perl regex# defines that the reply must start ("^") with the text "220", then# anything can follow (".*") up until a line feed ("\n") is received# and directly followed by the text "331" ## If you add new responses, please send them as well to amap-dev@thc.org# so we can add these for the next release! Thank you very much!## neither change name or value of this oneecho::::^GET / HTTP/1.0echo::::^\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00## ENTER YOUR RESPONSES HERE### CURRENT RESPONSE DATABASE#acap::::^\* acap adsgone::::adsgone blocked html adaix-netinstall::::netinstamanda-index::tcp::AMANDA indexapache-tomcat-connector_ajp12::tcp::^\x01\x00\x08\x00\x00\x00\x0aarkeia::tcp::\x00\x05\x00\x00\x00\x00\x00\x00auth::tcp:: : ERROR : auth::tcp::^Group id isauth::tcp:: : USERID :backdoor-fxsvc::tcp::^500 Not Loged inbackdoor-shell::::GET: commandbackdoor-shell::::sh: GET:bachdoor-shell::::[a-z]*sh: .* command not foundbackdoor-cmd::::^Microsoft Windows .* Copyright .*>bittorrent::::BitTorrent protblackboard-learning-system::tcp::,blackboard.collab.chargen::::@ABCDEFGHIJKLMNOPQRSTUVWXYZchargen::::\+,-./0123456789checkpoint-fw1::tcp::^\x00\x00\x00\x09checkpoint-fw1::tcp::^\x51\x00\x00checkpoint-fw1-authentication::::FireWall-1 Client Authencitrix-ica:::: ICA citrix-ica::::\x7f\x7f\x49\x43\x41CCProOSMSServer::tcp::ContactPro OSMS ServerCCProOSMSServer::tcp::ContactPro DOS Servercvs::tcp::^cvscvs::tcp::cvs [pserver aborted]:dameware remote control::tcp::^\x30\x11\x00\x00dante::tcp:2:\x05\x02dantz-retrospect::::^\x00\xca\x00daytime-unix:::26:^[A-Z].* [A-Z].* [0-3].* [0-9][0-9]:[0-9][0-9]:[0-9][0-9] 200.\r\ndaytime-windows:::26-50:^[A-Z][a-z]+, [A-Z][a-z]+ [0-9]+, 200[0-9] [0-9]+:[0-9]+:[0-9]+\x0a\x00daytime-unix:::20-36:^[A-Z][a-z]+ [A-Z][a-z]+ [0-9 ][0-9] [0-9]+:[0-9]+:[0-9]+ 200[0-9]\x0d\x0adaytime:::25-30:^[0-9][0-9] [A-Z][A-Z][A-Z] 200[0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9] [A-Z]*\x0d\x0adc++::tcp::^\x24\x4c\x6f\x63\x6bdhcp3d-isc::tcp:8:^\x00\x00\x00\x64\x00\x00\x00\x18dicom::::^\x07\x00\x00\x00\x00\x04DistributedObjectSwitch::tcp::I\x00n\x00v\x00a\x00l\x00i\x00d\x00 \x00T\x00r\x00a\x00n\x00s\x00a\x00c\x00t\x00i\x00o\x00ndns::::\x80\x81\x00dns::::^\x00\x00\x90dns::::^\x00\x0c\x00\x00\x90dns::::^\x03\x9b\xe1\x01dns::::^\x03\x9b\xe1\xc4\x00\x00dns::::^\x30\x82\x80\xa1\x00\x00dns::::^\x80\x00\x80\x01\x00\x00dns::::^\x80\x00\x80\xa1\x00\x00dns::::^\xcb\x00\x80\xf1\x00\x00dns-bind:dns:udp::^\x00\x00\x90\x01dns-bind9:dns-bind:udp::^...[\x00-\x7e]..........................\xc0dns-bind8:dns-bind:udp::^...[\x00-\x7e]..........................[^\xc0]dns-djb:dns-bind:udp::^...[\x80-\x83].*version.binddns-djb::udp::^\x79\x08\x80\x80\x00\x01\x00\x00\x00\x0ddns-ms:dns:udp::^\x00\x00\x90\x04dns-ms:netbios-session:udp::^\x79\x08.*a.root-servers.net\x00eggdropp::tcp::\(Eggdrop finger::tcp::Line Userfinger::tcp::Login name: finger::tcp::Login.*Name.*TTY.*Idlefinger::tcp::^No one logged onfinger::tcp::^\r\nWelcomefinger::tcp::^finger:finger::tcp::^must provide usernamefinger::tcp::finger: GET: ftp:ftp:tcp::^220.*\n331ftp:ftp:tcp::^220.*\n530ftp::tcp::^220.*FTPftp::tcp::^220 .* Microsoft .* FTPglftp::tcp::^220.*SSHglftp::tcp::^220.*SSH.*\n500gnu::::^gnudoit:goip::::^giopgopher::::^\x00.*error.hostgopher::::^\x03.* item is gopher::::gophergkrellmd::tcp::^<error>\nBad connect stringhp-openview-storage-protect::::hp openview storage protecthp-openview-storage-protect::tcp::\x00\x20INET\x00\x20http::tcp::^HTTP/0.http::tcp::^HTTP/1.http::tcp::<HEAD>.*<BODY>http::tcp::<HTML>http::tcp::^Invalid requested URL http-apache-1::tcp::^HTTP/.*\nServer: Apache/1http-apache-2::tcp::^HTTP/.*\nServer: Apache/2http-compaqinsightmanager::tcp:6:^HTTP/1http-cups::tcp::^HTTP/.*\nServer: CUPS/http-gnutella::tcp::^HTTP/.*\n.*gnutellahttp-hp-jet-direct::tcp::^HTTP/.*<title>Not supported</title>http-iis::tcp::^HTTP/.*\nServer: Microsoft-IIShttp-iis::tcp::^HTTP/.*Cookie.*ASPSESSIONIDhttp-iplanet::tcp::^HTTP/.*Cookie.*iPlanetUserIdhttp-jrun::tcp::^HTTP/.*Cookie.*JSESSIONIDhttp-jserv::tcp::^HTTP/.*Cookie.*JServSessionIdhttp-limewire::tcp::^HTTP/.*limewirehttp-lotus-domino::tcp::^HTTP/.*\nServer: Lotushttp-ncacn::tcp::ncacn_http/1.http-net.commerce::tcp::^HTTP/.*cookie.*SESSION_IDhttp-nettracker::tcp::^HTTP/.*Cookie.*SaneIDhttp-openadstream::tcp::^HTTP/.*Cookie.*RMIDhttp-mirapoint::tcp::^HTTP/.*\nServer: Mirapoint#http-proxy::tcp::^HTTP/1.. 500http-proxy::tcp::^HTTP/.*cache.*bad requesthttp-proxy::tcp::^HTTP/.*proxy-connection: http-proxy::tcp::^HTTP/.*via: #http-roxen::tcp::^Not implementedhttp-roxen::tcp::^HTTP/.*Cookie.*RoxenUserIDhttp-storyserver::tcp::^HTTP/.*Cookie.*ssuidhttp-tomcat::tcp::^HTTP/.*Cookie.*JSESSIONIDhttp-weblogic::tcp::^HTTP/.*Cookie.*WebLogicSessionhttp-vnc::tcp::^HTTP/.*VNC desktophttp-vnc::tcp::^HTTP/.*RealVNC/hylafax::tcp::^220 .*hylafaximap::tcp::^\* OKiplanet-ens::tcp::gap service ready#ircd::udp::AAAAAAAAAAAAAAAAAAAAAAAAAAircd::tcp::/ircd.confircd::tcp:::End of MOTD command.ircd::tcp:::This server was createdircd::tcp::Internet Relay Networkircd::tcp::^:.* NOTICE AUTH ircd::tcp::^ERROR Closing Link ircd-hybrid::tcp::^NOTICE AUTHiss-realsecure::tcp::iss ecnraiss-realsecure::tcp::^\x00\x00\x00.\x08\x01\x04\x01\x00jabber::tcp::^<stream:#jrmi::tcp::^Nkerberos-remsh::tcp::krshd: ksysguard::tcp::^ksysguarddldap::tcp::^\x30\x0c\x02\x01\x01\x61ldap::tcp::^\x30\x32\x02\x01ldap::tcp::^\x30\x33\x02\x01ldap::tcp::^\x30\x38\x02\x01ldap::tcp::^\x30\x84linux-gnome-desktop::tcp::^\x00\x01\x00\x40linux-gnome-session::tcp::\x02\x70\x70\x01linuxconf::tcp::linuxconflisa::tcp::^0 succeededlisa::tcp::\x0a\x00succeeded\x0a\x00lpd::tcp::^Invalid protocol requestlpd::tcp::lpd:lpd::tcp::lpschedlpd::tcp::no connect permissionslyskom::tcp::%%lyskom unsupported protocolmagellan-osp::tcp::^010100mailhurdle::udp:10:\x00\x08\x06\x9f\x7a\x06\x00\x00\x00\x00mldonkey::tcp::donkeyservermldonkey::tcp::mldonkeymldonkey::tcp:1:\x31mirapoint-admind::tcp::^\* OK .* admind .* server readymon::::520 command could not be executedms-active-sync-manager_(WCESMgr)::::^\x16\x00\x01\x00ms-distribution-transport::::\x0b\x00\x78\x01ms-distribution-transport:::6:^..\x0a\x00ms-distribution-transport:::6:^ERROR\x0ams-distribution-transport::tcp::^..\x0a\x00....\x0a\x00....\x0b\x00....\x0b\x00..ms-distribution-transport::tcp:6:\xb8\xef\x0c\x73\x00\x00ms-distribution-transport::tcp:6:\xc0\x52\x0d\x73\x60\x53ms-ds:ms-ds:::\x00\x00\x00\x55\xff\x53\x4d\x42\x72\x00ms-ds:ms-ds:::^.....SMBms-dtc::tcp::^\x68\xfe\x0a\x00\x78\x01ms-dtc::tcp::^\x78\x01\x07\x00ms-dtc::tcp:6:^..\x0b\x00ms-exchange-emsmta::::\x80\x07\x00\x7ams-location-service::::^\x04\x06ms-remote-desktop-protocol::::^\x03\x00\x00\x0bms-rpc-proxy-endpoint::::^ncacn_httpms-rpc::::^\x05\x00\x0d\x03\x10\x00\x00\x00\x18\x00\x00\x00\x00\x00ms-sql::::^\x04\x01\x00\x25ms-sql::::^\x05\x6e\x00ms-sql::::;MSSQLSERVER;ms-exchange::tcp::Microsoft Routing Servermsdtc:::3:..\nmysql::tcp::^\x19\x00\x00\x00\x0amysql::tcp::^\x2c\x00\x00\x00\x0amysql::::^.\x00\x00\x00mysql::tcp::hhost 'mysql::tcp::khost 'mysql::tcp::mysqladminmysql::tcp::whost 'mysql-blocked::tcp::^\x28\x00\x00mysql-secured::tcp::this MySQLnagiosd::::Sorry, you \(.*are not among the allowed hosts...nessus::tcp::< NTP 1.2 >\x0aUser:netbios-name::::^\x79\x08.*BROWSEnetbios-session::::^\x05\x00\x0d\x03netbios-session::::^\x83\x00netbios-session::tcp::^\x82\x00\x00\x00netbus::tcp::netbusnetstat:::: LISTEN netstreamer::tcp::^READY Radio Servernntp::tcp::/etc/vnews.confnntp::tcp::^200.* INN nntp::tcp::^200.*NNRPnntp::tcp::^200.*NNTPnntp::tcp::^200.*\n435nntp::tcp::^200.*\n500nntp::tcp::^502nntp-ms::tcp::^201 .* Microsoft .* News nntp-ms::tcp::^220.*Exchange Internet News Servicenntp-ms::tcp::^200.*Exchange Internet News Servicensclient::tcp::^ERROR:Wrongntalk::udp::^\x01\x00\x05\x00\x00\x00ntp::::^\x0cntp::::^\x34\x0b\x01\xef\x00\x00ntp::::^\xcc\x00\x04\xef\x00\x00ntp-ms::::^\x3a\x02\x00\xf9\x00\x00\x00\x00\x00\x00\x00\x00ntp-ms::::^....\x00\x00\x00\x00\x00\x00\x00\x00\xc0\x3d\x92\x75nuance-voice-recognition-client:oracle-tns-listener:tcp::^\x00\x18\x00\x00\x02\x00\x00\x00nuance-manager-protocol::tcp::\x54\x00\x03\x01\x00\x54\x31\x03\x02\x00oracle-tns-listener::tcp::\(ERROR_STACK=\(ERROR=\(CODE=oracle-tns-listener::tcp::\(ADDRESS=\(PROTOCOL=oracle-dbsnmp::tcp::^\x00\x0c\x00\x00\x04\x00\x00\x00\x00ph::::598:.*:command not recognizedpop2::tcp::^\+ pop3::tcp::^\+OKpop3-passwd::tcp::^220.*poppassdpop3-pw::tcp::500 Passwordpostgres::tcp::Invalid packet lengthpostgres::tcp::^EFATALpsybnc::::Welcome!.*psyBNCpsybnc::::welcome!psybnc@pyslsk::tcp::^.\x00\x00\x00\x09\x00\x00\x00qotd:::5-1000:^"[A-Z].* .* .*[!?.]"\r\n[A-Za-z].*\r\nraritan-console-system::tcp::<CSC/>realserver::::realserverrealserver::::rmserverremsh::tcp::rshd: remsh::tcp::^.remshrexec::tcp::^\x01\x4c\x6f\x67\x69\x6erexec::tcp::rexecd: rlogin::tcp::login: rlogin::tcp::rlogind: rpc-nfs::::^\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00rpc::::\x01\x86\xa0rpc::::\x03\x9b\x65\x42\x00\x00\x00\x01rpc::::^\x80\x00\x00rsync::tcp::^@RSYNCD:saint-nprep::tcp::^nrpep - sap-r3::tcp::^\x00\x00\x06\xc6sap-r3::tcp::^\x00\x00\x06\xf4sap-r3::tcp::^\x00\x00\x07\x5esendlog::tcp::SendLog Servershoutcast::::icy 200 oksieve::tcp::^.?IMPLEMENTATIONsmtp::tcp::^220.*\n250smtp::tcp::^220.*\n500smtp::tcp::^220.*SMTPsmtp-pix::tcp::^220.*\*\*\*\*\*\*\*\*smux::::^\x41\x01\x02\x00snmp-public:snmp-public:udp::\x70\x75\x62\x6c\x69\x63\xa2snmp::tcp:3:\x41\x01\x02socks::::^\x05[\x00-\x08]\x00spamd::tcp:1:\x32spamassassin::tcp::^SPAMD/svrloc::tcp::^\x02\x05\x00\x2e\x40\x00ssh::tcp::^SSH-ssh-openssh::tcp::^SSH-.*opensshssl::tcp::^\x15\x03ssl::tcp::^\x16\x03ssl::tcp::^\x82\xadssl::tcp::SSL.*GET_CLIENT_HELLOssl::tcp:1:\nssl::tcp::-ERR .*tls_start_servertlssybase::tcp::^\x04\x01\x00syntellect-vista::tcp::^89:[A-Za-z]+.*:\nsystat::::^USER tcpmux::::-service not availableteamspeak2::::[ts].errorteamspeakserver::::^\x5b\x54\x53\x5d\x0d\x0atelnet::tcp::^\xff\xfdtelnet::tcp::Telnet is disabled nowtelnet-aix::tcp::^\xff\xfetelnet-raptor-firewall::tcp::raptortelnet-t-rex-proxy::tcp::^\xff\xfbtimbuktu-pro::::^\x00\x25\xd1\x1ftime:::4:^\xc2time:::4:^\xc3time:::4:^\xc4time:::4:^\xc5timesync::tcp::TimeSync Serveruucp::::^login: password: vnc::tcp::^RFBvtun::::vtun serverwebseal::tcp::\x80\x03\x00\x00websm::tcp::Language received from client:.*Setlocale:websphere-javaw::tcp::^\x15\x00\x00\x00\x02\x02\x0ax-windows:x-windows:tcp::MIT-MAGIC-COOKIEx-windows:x-windows:tcp::^\x01\x00\x0b\x00\x00zannet::tcp::^ZanNet login:zebra::tcp::this is zebra(response_of_many_applications)::tcp:1:\x01⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -