graMwWTr

1alert tcp any any -> 192.168.11.2 80 ( \
2classtype:network-scan; \
3msg:"Bank Oceanic login page SQML mapping"; \
4uricontent: "/accounts/loginproc.php"; nocase; \
5content: "post"; nocase; \
6flow:established,to_server; \
7content:"sqlmap"; http_header; \
8fast_pattern:only; \
9pcre:"/^User\x2dAgent\x3a\x20[^\r\n]*sqlmap/Hm"; \
10sid:000000004;)