# resource for shellshock attack
# copied and transformed from https://github.com/nccgroup/shocker/blob/master/shocker-cgi_list

CGI_FILES = (r'/',
 r'/admin.cgi',
 r'/administrator.cgi',
 r'/agora.cgi',
 r'/aktivate/cgi-bin/catgy.cgi',
 r'/analyse.cgi',
 r'/apps/web/vs_diag.cgi',
 r'/axis-cgi/buffer/command.cgi',
 r'/b2-include/b2edit.showposts.php',
 r'/bandwidth/index.cgi',
 r'/bigconf.cgi',
 r'/cartcart.cgi',
 r'/cart.cgi',
 r'/ccbill/whereami.cgi',
 r'/cgi-bin/14all-1.1.cgi',
 r'/cgi-bin/14all.cgi',
 r'/cgi-bin/a1disp3.cgi',
 r'/cgi-bin/a1stats/a1disp3.cgi',
 r'/cgi-bin/a1stats/a1disp4.cgi',
 r'/cgi-bin/addbanner.cgi',
 r'/cgi-bin/add_ftp.cgi',
 r'/cgi-bin/adduser.cgi',
 r'/cgi-bin/admin/admin.cgi',
 r'/cgi-bin/admin.cgi',
 r'/cgi-bin/admin/getparam.cgi',
 r'/cgi-bin/adminhot.cgi',
 r'/cgi-bin/admin.pl',
 r'/cgi-bin/admin/setup.cgi',
 r'/cgi-bin/adminwww.cgi',
 r'/cgi-bin/af.cgi',
 r'/cgi-bin/aglimpse.cgi',
 r'/cgi-bin/alienform.cgi',
 r'/cgi-bin/AnyBoard.cgi',
 r'/cgi-bin/architext_query.cgi',
 r'/cgi-bin/astrocam.cgi',
 r'/cgi-bin/AT-admin.cgi',
 r'/cgi-bin/AT-generate.cgi',
 r'/cgi-bin/auction/auction.cgi',
 r'/cgi-bin/auktion.cgi',
 r'/cgi-bin/ax-admin.cgi',
 r'/cgi-bin/ax.cgi',
 r'/cgi-bin/axs.cgi',
 r'/cgi-bin/badmin.cgi',
 r'/cgi-bin/banner.cgi',
 r'/cgi-bin/bannereditor.cgi',
 r'/cgi-bin/bb-ack.sh',
 r'/cgi-bin/bb-histlog.sh',
 r'/cgi-bin/bb-hist.sh',
 r'/cgi-bin/bb-hostsvc.sh',
 r'/cgi-bin/bb-replog.sh',
 r'/cgi-bin/bb-rep.sh',
 r'/cgi-bin/bbs_forum.cgi',
 r'/cgi-bin/bigconf.cgi',
 r'/cgi-bin/bizdb1-search.cgi',
 r'/cgi-bin/blog/mt-check.cgi',
 r'/cgi-bin/blog/mt-load.cgi',
 r'/cgi-bin/bnbform.cgi',
 r'/cgi-bin/book.cgi',
 r'/cgi-bin/boozt/admin/index.cgi',
 r'/cgi-bin/bsguest.cgi',
 r'/cgi-bin/bslist.cgi',
 r'/cgi-bin/build.cgi',
 r'/cgi-bin/bulk/bulk.cgi',
 r'/cgi-bin/cached_feed.cgi',
 r'/cgi-bin/cachemgr.cgi',
 r'/cgi-bin/calendar/index.cgi',
 r'/cgi-bin/cartmanager.cgi',
 r'/cgi-bin/cbmc/forums.cgi',
 r'/cgi-bin/ccvsblame.cgi',
 r'/cgi-bin/c_download.cgi',
 r'/cgi-bin/cgforum.cgi',
 r'/cgi-bin/.cgi',
 r'/cgi-bin/cgi_process',
 r'/cgi-bin/classified.cgi',
 r'/cgi-bin/classifieds.cgi',
 r'/cgi-bin/classifieds/classifieds.cgi',
 r'/cgi-bin/classifieds/index.cgi',
 r'/cgi-bin/.cobalt/alert/service.cgi',
 r'/cgi-bin/.cobalt/message/message.cgi',
 r'/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi',
 r'/cgi-bin/commandit.cgi',
 r'/cgi-bin/commerce.cgi',
 r'/cgi-bin/common/listrec.pl',
 r'/cgi-bin/compatible.cgi',
 r'/cgi-bin/Count.cgi',
 r'/cgi-bin/csChatRBox.cgi',
 r'/cgi-bin/csGuestBook.cgi',
 r'/cgi-bin/csLiveSupport.cgi',
 r'/cgi-bin/CSMailto.cgi',
 r'/cgi-bin/CSMailto/CSMailto.cgi',
 r'/cgi-bin/csNews.cgi',
 r'/cgi-bin/csNewsPro.cgi',
 r'/cgi-bin/csPassword.cgi',
 r'/cgi-bin/csPassword/csPassword.cgi',
 r'/cgi-bin/csSearch.cgi',
 r'/cgi-bin/csv_db.cgi',
 r'/cgi-bin/cvsblame.cgi',
 r'/cgi-bin/cvslog.cgi',
 r'/cgi-bin/cvsquery.cgi',
 r'/cgi-bin/cvsqueryform.cgi',
 r'/cgi-bin/day5datacopier.cgi',
 r'/cgi-bin/day5datanotifier.cgi',
 r'/cgi-bin/db_manager.cgi',
 r'/cgi-bin/dbman/db.cgi',
 r'/cgi-bin/dcforum.cgi',
 r'/cgi-bin/dcshop.cgi',
 r'/cgi-bin/dfire.cgi',
 r'/cgi-bin/diagnose.cgi',
 r'/cgi-bin/dig.cgi',
 r'/cgi-bin/directorypro.cgi',
 r'/cgi-bin/download.cgi',
 r'/cgi-bin/e87_Ba79yo87.cgi',
 r'/cgi-bin/emu/html/emumail.cgi',
 r'/cgi-bin/emumail.cgi',
 r'/cgi-bin/emumail/emumail.cgi',
 r'/cgi-bin/enter.cgi',
 r'/cgi-bin/environ.cgi',
 r'/cgi-bin/ezadmin.cgi',
 r'/cgi-bin/ezboard.cgi',
 r'/cgi-bin/ezman.cgi',
 r'/cgi-bin/ezshopper2/loadpage.cgi',
 r'/cgi-bin/ezshopper3/loadpage.cgi',
 r'/cgi-bin/ezshopper/loadpage.cgi',
 r'/cgi-bin/ezshopper/search.cgi',
 r'/cgi-bin/faqmanager.cgi',
 r'/cgi-bin/FileSeek2.cgi',
 r'/cgi-bin/FileSeek.cgi',
 r'/cgi-bin/finger.cgi',
 r'/cgi-bin/flexform.cgi',
 r'/cgi-bin/fom.cgi',
 r'/cgi-bin/fom/fom.cgi',
 r'/cgi-bin/FormHandler.cgi',
 r'/cgi-bin/FormMail.cgi',
 r'/cgi-bin/gbadmin.cgi',
 r'/cgi-bin/gbook/gbook.cgi',
 r'/cgi-bin/generate.cgi',
 r'/cgi-bin/getdoc.cgi',
 r'/cgi-bin/gH.cgi',
 r'/cgi-bin/gm-authors.cgi',
 r'/cgi-bin/gm.cgi',
 r'/cgi-bin/gm-cplog.cgi',
 r'/cgi-bin/guestbook.cgi',
 r'/cgi-bin/handler',
 r'/cgi-bin/handler.cgi',
 r'/cgi-bin/handler/netsonar',
 r'/cgi-bin/hitview.cgi',
 r'/cgi-bin/hsx.cgi',
 r'/cgi-bin/html2chtml.cgi',
 r'/cgi-bin/html2wml.cgi',
 r'/cgi-bin/htsearch.cgi',
 r'/cgi-bin/hw.sh', # testing
 r'/cgi-bin/icat',
 r'/cgi-bin/if/admin/nph-build.cgi',
 r'/cgi-bin/ikonboard/help.cgi',
 r'/cgi-bin/ImageFolio/admin/admin.cgi',
 r'/cgi-bin/imageFolio.cgi',
 r'/cgi-bin/index.cgi',
 r'/cgi-bin/infosrch.cgi',
 r'/cgi-bin/jammail.pl',
 r'/cgi-bin/journal.cgi',
 r'/cgi-bin/lastlines.cgi',
 r'/cgi-bin/loadpage.cgi',
 r'/cgi-bin/login.cgi',
 r'/cgi-bin/logit.cgi',
 r'/cgi-bin/log-reader.cgi',
 r'/cgi-bin/lookwho.cgi',
 r'/cgi-bin/lwgate.cgi',
 r'/cgi-bin/MachineInfo',
 r'/cgi-bin/MachineInfo',
 r'/cgi-bin/magiccard.cgi',
 r'/cgi-bin/mail/emumail.cgi',
 r'/cgi-bin/maillist.cgi',
 r'/cgi-bin/mailnews.cgi',
 r'/cgi-bin/mail/nph-mr.cgi',
 r'/cgi-bin/main.cgi',
 r'/cgi-bin/main_menu.pl',
 r'/cgi-bin/man.sh',
 r'/cgi-bin/mini_logger.cgi',
 r'/cgi-bin/mmstdod.cgi',
 r'/cgi-bin/moin.cgi',
 r'/cgi-bin/mojo/mojo.cgi',
 r'/cgi-bin/mrtg.cgi',
 r'/cgi-bin/mt.cgi',
 r'/cgi-bin/mt/mt.cgi',
 r'/cgi-bin/mt/mt-check.cgi',
 r'/cgi-bin/mt/mt-load.cgi',
 r'/cgi-bin/mt-static/mt-check.cgi',
 r'/cgi-bin/mt-static/mt-load.cgi',
 r'/cgi-bin/musicqueue.cgi',
 r'/cgi-bin/myguestbook.cgi',
 r'/cgi-bin/.namazu.cgi',
 r'/cgi-bin/nbmember.cgi',
 r'/cgi-bin/netauth.cgi',
 r'/cgi-bin/netpad.cgi',
 r'/cgi-bin/newsdesk.cgi',
 r'/cgi-bin/nlog-smb.cgi',
 r'/cgi-bin/nph-emumail.cgi',
 r'/cgi-bin/nph-exploitscanget.cgi',
 r'/cgi-bin/nph-publish.cgi',
 r'/cgi-bin/nph-test.cgi',
 r'/cgi-bin/pagelog.cgi',
 r'/cgi-bin/pbcgi.cgi',
 r'/cgi-bin/perlshop.cgi',
 r'/cgi-bin/pfdispaly.cgi',
 r'/cgi-bin/pfdisplay.cgi',
 r'/cgi-bin/phf.cgi',
 r'/cgi-bin/photo/manage.cgi',
 r'/cgi-bin/photo/protected/manage.cgi',
 r'/cgi-bin/php-cgi',
 r'/cgi-bin/php.cgi',
 r'/cgi-bin/php.fcgi',
 r'/cgi-bin/ping.sh',
 r'/cgi-bin/pollit/Poll_It_SSI_v2.0.cgi',
 r'/cgi-bin/pollssi.cgi',
 r'/cgi-bin/postcards.cgi',
 r'/cgi-bin/powerup/r.cgi',
 r'/cgi-bin/printenv',
 r'/cgi-bin/probecontrol.cgi',
 r'/cgi-bin/profile.cgi',
 r'/cgi-bin/publisher/search.cgi',
 r'/cgi-bin/quickstore.cgi',
 r'/cgi-bin/quizme.cgi',
 r'/cgi-bin/ratlog.cgi',
 r'/cgi-bin/r.cgi',
 r'/cgi-bin/register.cgi',
 r'/cgi-bin/replicator/webpage.cgi/',
 r'/cgi-bin/responder.cgi',
 r'/cgi-bin/robadmin.cgi',
 r'/cgi-bin/robpoll.cgi',
 r'/cgi-bin/rtpd.cgi',
 r'/cgi-bin/sbcgi/sitebuilder.cgi',
 r'/cgi-bin/scoadminreg.cgi',
 r'/cgi-bin-sdb/printenv',
 r'/cgi-bin/sdbsearch.cgi',
 r'/cgi-bin/search',
 r'/cgi-bin/search.cgi',
 r'/cgi-bin/search/search.cgi',
 r'/cgi-bin/sendform.cgi',
 r'/cgi-bin/shop.cgi',
 r'/cgi-bin/shopper.cgi',
 r'/cgi-bin/shopplus.cgi',
 r'/cgi-bin/showcheckins.cgi',
 r'/cgi-bin/simplestguest.cgi',
 r'/cgi-bin/simplestmail.cgi',
 r'/cgi-bin/smartsearch.cgi',
 r'/cgi-bin/smartsearch/smartsearch.cgi',
 r'/cgi-bin/snorkerz.bat',
 r'/cgi-bin/snorkerz.bat',
 r'/cgi-bin/snorkerz.cmd',
 r'/cgi-bin/snorkerz.cmd',
 r'/cgi-bin/sojourn.cgi',
 r'/cgi-bin/spin_client.cgi',
 r'/cgi-bin/start.cgi',
 r'/cgi-bin/status',
 r'/cgi-bin/status_cgi',
 r'/cgi-bin/store/agora.cgi',
 r'/cgi-bin/store.cgi',
 r'/cgi-bin/store/index.cgi',
 r'/cgi-bin/survey.cgi',
 r'/cgi-bin/sync.cgi',
 r'/cgi-bin/talkback.cgi',
 r'/cgi-bin/technote/main.cgi',
 r'/cgi-bin/test2.pl',
 r'/cgi-bin/test-cgi',
 r'/cgi-bin/test.cgi',
 r'/cgi-bin/testing_whatever',
 r'/cgi-bin/test/test.cgi',
 r'/cgi-bin/tidfinder.cgi',
 r'/cgi-bin/tigvote.cgi',
 r'/cgi-bin/title.cgi',
 r'/cgi-bin/top.cgi',
 r'/cgi-bin/traffic.cgi',
 r'/cgi-bin/troops.cgi',
 r'/cgi-bin/ttawebtop.cgi/',
 r'/cgi-bin/ultraboard.cgi',
 r'/cgi-bin/upload.cgi',
 r'/cgi-bin/urlcount.cgi',
 r'/cgi-bin/viewcvs.cgi',
 r'/cgi-bin/view_help.cgi',
 r'/cgi-bin/viralator.cgi',
 r'/cgi-bin/virgil.cgi',
 r'/cgi-bin/vote.cgi',
 r'/cgi-bin/vpasswd.cgi',
 r'/cgi-bin/way-board.cgi',
 r'/cgi-bin/way-board/way-board.cgi',
 r'/cgi-bin/webbbs.cgi',
 r'/cgi-bin/webcart/webcart.cgi',
 r'/cgi-bin/webdist.cgi',
 r'/cgi-bin/webif.cgi',
 r'/cgi-bin/webmail/html/emumail.cgi',
 r'/cgi-bin/webmap.cgi',
 r'/cgi-bin/webspirs.cgi',
 r'/cgi-bin/Web_Store/web_store.cgi',
 r'/cgi-bin/whois.cgi',
 r'/cgi-bin/whois_raw.cgi',
 r'/cgi-bin/whois/whois.cgi',
 r'/cgi-bin/wrap',
 r'/cgi-bin/wrap.cgi',
 r'/cgi-bin/wwwboard.cgi.cgi',
 r'/cgi-bin/YaBB/YaBB.cgi',
 r'/cgi-bin/zml.cgi',
 r'/cgi-mod/index.cgi',
 r'/cgis/wwwboard/wwwboard.cgi',
 r'/cgi-sys/addalink.cgi',
 r'/cgi-sys/defaultwebpage.cgi',
 r'/cgi-sys/domainredirect.cgi',
 r'/cgi-sys/entropybanner.cgi',
 r'/cgi-sys/entropysearch.cgi',
 r'/cgi-sys/FormMail-clone.cgi',
 r'/cgi-sys/helpdesk.cgi',
 r'/cgi-sys/mchat.cgi',
 r'/cgi-sys/randhtml.cgi',
 r'/cgi-sys/realhelpdesk.cgi',
 r'/cgi-sys/realsignup.cgi',
 r'/cgi-sys/signup.cgi',
 r'/connector.cgi',
 r'/cp/rac/nsManager.cgi',
 r'/create_release.sh',
 r'/CSNews.cgi',
 r'/csPassword.cgi',
 r'/dcadmin.cgi',
 r'/dcboard.cgi',
 r'/dcforum.cgi',
 r'/dcforum/dcforum.cgi',
 r'/debuff.cgi',
 r'/debug.cgi',
 r'/details.cgi',
 r'/edittag/edittag.cgi',
 r'/emumail.cgi',
 r'/enter_buff.cgi',
 r'/enter_bug.cgi',
 r'/ez2000/ezadmin.cgi',
 r'/ez2000/ezboard.cgi',
 r'/ez2000/ezman.cgi',
 r'/fcgi-bin/echo',
 r'/fcgi-bin/echo',
 r'/fcgi-bin/echo2',
 r'/fcgi-bin/echo2',
 r'/Gozila.cgi',
 r'/hitmatic/analyse.cgi',
 r'/hp_docs/cgi-bin/index.cgi',
 r'/html/cgi-bin/cgicso',
 r'/html/cgi-bin/cgicso',
 r'/index.cgi',
 r'/info.cgi',
 r'/infosrch.cgi',
 r'/login.cgi',
 r'/mailview.cgi',
 r'/main.cgi',
 r'/megabook/admin.cgi',
 r'/ministats/admin.cgi',
 r'/mods/apage/apage.cgi',
 r'/_mt/mt.cgi',
 r'/musicqueue.cgi',
 r'/ncbook.cgi',
 r'/newpro.cgi',
 r'/newsletter.sh',
 r'/oem_webstage/cgi-bin/oemapp_cgi',
 r'/page.cgi',
 r'/parse_xml.cgi',
 r'/photodata/manage.cgi',
 r'/photo/manage.cgi',
 r'/print.cgi',
 r'/process_buff.cgi',
 r'/process_bug.cgi',
 r'/pub/english.cgi',
 r'/quikmail/nph-emumail.cgi',
 r'/quikstore.cgi',
 r'/reviews/newpro.cgi',
 r'/ROADS/cgi-bin/search.pl',
 r'/sample01.cgi',
 r'/sample02.cgi',
 r'/sample03.cgi',
 r'/sample04.cgi',
 r'/sampleposteddata.cgi',
 r'/scancfg.cgi',
 r'/scancfg.cgi',
 r'/servers/link.cgi',
 r'/setpasswd.cgi',
 r'/SetSecurity.shm',
 r'/shop/member_html.cgi',
 r'/shop/normal_html.cgi',
 r'/site_searcher.cgi',
 r'/siteUserMod.cgi',
 r'/submit.cgi',
 r'/technote/print.cgi',
 r'/template.cgi',
 r'/test.cgi',
 r'/ucsm/isSamInstalled.cgi',
 r'/upload.cgi',
 r'/userreg.cgi',
 r'/users/scripts/submit.cgi',
 r'/vood/cgi-bin/vood_view.cgi',
 r'/Web_Store/web_store.cgi',
 r'/webtools/bonsai/ccvsblame.cgi',
 r'/webtools/bonsai/cvsblame.cgi',
 r'/webtools/bonsai/cvslog.cgi',
 r'/webtools/bonsai/cvsquery.cgi',
 r'/webtools/bonsai/cvsqueryform.cgi',
 r'/webtools/bonsai/showcheckins.cgi',
 r'/wwwadmin.cgi',
 r'/wwwboard.cgi',
 r'/wwwboard/wwwboard.cgi')