####################################
# INTERESTING PAGES / FILES

# Detect private keys
id:31001; sev:2; memo:"DSA private key"; \
          mime:"text/plain"; \
          content:"-----BEGIN DSA PRIVATE KEY-----"; depth:100;
id:31002; sev:2; memo:"RSA private key"; \
          mime:"text/plain"; \
          content:"-----BEGIN RSA PRIVATE KEY-----"; depth:100;

# SQL credentials
id:31003; sev:3; memo:"SQL configuration or logs"; \
          content:'ADDRESS=(PROTOCOL=';
id:31004; sev:3; memo:"ODBC connect string"; \
          content:";pwd="; \
          content:";database="; depth:512;
id:31005; sev:3; memo:"ODBC connect string"; \
          content:"Data Source="; \
          content:";Password="; depth:512;
id:31006; sev:3; memo:"ODBC connect string"; \
          content:"Provider="; \
          content:";Password="; depth:512;
id:31007; sev:3; memo:"ODBC connect string"; \
          content:"Driver="; \
          content:";Pwd="; depth:512;

# Crossdomain & access policy files
id:31008; sev:2; memo:"Flash cross-domain policy with wildcard"; \
          content:"<cross-domain-policy>"; depth:512; \
          content:'<allow-access-from domain="*"'; depth:50;
id:31009; sev:4; memo:"Silverlight cross-domain policy with wildcard"; \
          content:"<access-policy>"; depth:512; \
          content:'<domain uri="*"/>'; depth:512;

# Web.xml config file
id:31010; sev:3; memo:"web.xml config file"; \
          content:"<web-app"; depth:512;

# SVN RCS data
id:31011; sev:3; memo:"SVN RCS data"; \
          mime:"text/plain"; \
          content:"svn:special svn"; depth:256;
id:31012; sev:3; memo:"SVN RCS data"; \
          mime:"text/plain"; \
          content:"SVN RCS data"; depth:256;
id:31018; sev:3; memo:"SVN entries file"; \
          mime:"text/plain"; \
          content:"10"; depth:1; \
          content:"dir"; depth:4;


# Log files
id:31013; sev:3; memo:"Apache access log"; \
          content:"0] \"GET /"; depth:1024;
id:31014; sev:3; memo:"Apache error log"; \
          content:"[error] [client "; depth:1024;
id:31015; sev:3; memo:"Microsoft IIS access log"; \
          content:"0, GET, /"; depth:1024;

# Generic robots.txt file
id:31016; sev:4; memo:"robots.txt file"; \
          content:"User-agent:"; depth:100; \
          content:"Disallow: /";

# Libcurl cookie files are created by some PHP apps (e.g. wordpress plugins)
id:31017; sev:3; memo:"libcurl cookie jar"; \
          mime:"text/plain"; \
          content:"# Netscape HTTP Cookie File"; depth:10; \
          content:"# This file was generated by libcurl"; depth:200;

# Signatures to detect SQL dumps
id:31101; sev:2; memo:"MySQL dump database file"; \
          mime:"text/plain"; \
          content:"-- MySQL dump"; depth:1; \
          content:"-- Host"; depth:256; \
          content:"-- Server version";
id:31103; sev:2; memo:"phpMyAdmin database dump file"; \
          mime:"text/plain"; \
          content:" phpMyAdmin SQL Dump"; depth:3; \
          content:" version"; \
          content:"CREATE TABLE";
id:31104; sev:2; memo:"SQL script detected"; \
          mime:"text/plain";   \
          content:"DECLARE @"; \
          content:"SET @";     \
          content:"(SELECT|INSERT|DELETE|BACKUP|CREATE)"; type:"regex"; depth:1024;

# Source code and scripts
id:32001; sev:3; memo:"Java source"; \
          content:"\nimport java."; depth:512;
id:32002; sev:3; memo:"C/C++ source"; \
          content:"\n#include"; depth:512;
id:32003; sev:3; memo:"Shell script"; \
          content:"#!/"; depth:1;
id:32004; sev:3; memo:"PHP source"; \
          content:!"# ?>"; \
          content:!"<?import"; \
          content:"<?"; \
          content:!"xml"; depth:1; \
          content:"?>";
id:32005; sev:3; memo:"JSP source"; \
          content:"<%@"; \
          content:"%>";
id:32006; sev:3; memo:"ASP source"; \
          content:"<%"; \
          content:"%>";

# These two need to be improved!
id:32007; sev:3; memo:"DOS batch script"; \
          content:"@echo "; depth:256;
id:32008; sev:3; memo:"Windows shell script"; \
          content:"(\"Wscript."; depth:256;