snort 룰

# Alert for LDAP Injection
alert tcp any any -> 14.128.64.3 80 ( \
    msg:"LDAP injection detected"; \
    gid:1000007; \
    sid:1000018; \
    rev:1; \
    pcre:"/^(\(|cn=|\*|ldap:\/|uid=|userPassword=|version=|(&|\|){2})/Ui"; \
)

# Alert for Directory Indexing
alert tcp any any -> 14.128.64.3 80 ( \
    msg:"Directory indexing detected"; \
    gid:1000007; \
    sid:1000019; \
    rev:1; \
    content:"Index of /"; \
    nocase; \
    file_data; \
)

# Alert for Weak Passwords
alert tcp any any -> any any ( \
    msg:"Weak password detected"; \
    sid:1000001; \
    rev:1; \
    content:"password="; \
    nocase; \
    http_method; \
    http_client_body; \
    content:"/(?i)\bpassword=(admin|administrator|manager|guest|test|scott|tomcat|root|user|operator|anonymous|Abcd|aaaa|1234|1111|public|blank)\b/"; \
)

# Alert for Admin Page Exposure
alert tcp any any -> 14.128.64.3 80 ( \
    msg:"Admin page exposure detected"; \
    gid:1000004; \
    sid:1000009; \
    rev:1; \
    pcre:"/\b(administrator?|manager)\b/i"; \
    http_uri; \
)