[nsp-sec] Recognise the HTTP poking tool?

[Scott A. McIntyre]

Hi all,

Anyone happen to recognise which tool this may be (keeping in mind it may be bespoke)?  The queries below were all suffixed with a URL to test against, in this case something at Google.

Source was:

24940   | 78.46.93.87      | HETZNER-AS Hetzner Online AG

And I reported it, but, yeah, Hetzner..

Thanks for any clues!

Scott A. McIntyre
Telstra AS1221

---



?&glob=1&cart_order_id=1&glob[rootDir]=
?1=lol&PAGES[lol]=
?ACS_path=
?ADODB_DIR=
?AGE=
?AMG_serverpath=
?AML_opensite=
?AMV_openconfig=1&AMV_serverpath=
?APB_SETTINGS[template_path]=
?API_HOME_DIR=
?Application_Root=
?BEAUT_PATH=
?BSX_LIBDIR=
?CFG[libdir]=
?CLASSPATH=
?CMS_ROOT=
?CONFIG[AdminPath]=
?CONFIG[BASE_PATH]=
?CONFIG[MWCHAT_Libs]=
?CONFIG_DATAREADERWRITER=
?CONFIG_EXT[ADMIN_PATH]=
?CONFIG_EXT[LANGUAGES_DIR]=
?CONF[local_path]=
?CONF_CONFIG_PATH=
?CRM_inc=
?CarpPath=
?CommonAbsD=
?CommonAbsDir=
?ConfigDir=
?Config_rootdir=
?CssFile=
?DFF_config[dir_include]
?DFF_config[dir_include]=
?DFORUM_PATH=
?DIR=
?DIR_ADMIN=
?DIR_LIBS=
?DIR_PLUGINS=
?DIR_PREFIX=
?DOCUMENT_ROOT=
?Dirroot=
?EASYSITE_BASE=
?FUSEBOX_APPLICATION_PATH=
?From=
?GALLERY_BASEDIR=
?GLOBALS[BASE]=
?GLOBALS[CHEMINMODULES]=
?GLOBALS[CLASS_PATH]=
?GLOBALS[PTH][classes]=
?GLOBALS[PT_Config][dir][data]=
?GLOBALS[_BIGACE][DIR][addon]=
?GLOBALS[_BIGACE][DIR][admin]=
?GLOBALS[basedir]=
?GLOBALS[config][framework_path]=
?GLOBALS[fileroot]=
?GLOBALS[mosConfig_absolute_path]=
?GLOBALS[phpQRootDir]=
?GLOBALS[preloc]=
?GLOBALS[root_path]=
?GLOBALS[where_framework]=
?GLOBALS[where_scs]=
?G_JGALL[inc_path]=
?G_PATH=
?HomeDir=
?Home_Path=
?INC=
?INCLUDE_DIR=
?INCLUDE_PATH=
?INC_DIR=
?INSTALL_FOLDER=
?IP=
?Include=
?Lang=AR&Page=
?Language=
?MY_ENV[BASE_ENGINE_LOC]=
?Madoa=
?NWCONF_SYSTEM[server_path]=
?NomVote=
?PATH=
?PHPGREETZ_INCLUDE_DIR=
?PHPOF_INCLUDE_PATH=
?PagePrefix=
?Parametre=0&DataDirectory=
?PathNews=
?PathToComment=
?RESPATH=
?ROOT_PATH=
?RP_PATH=
?SECURITY_FILE=
?SETS[path][physical]=
?SPL_CFG[dirroot]=
?SYS_PATH=
?Setting[OPT_includepath]=
?WEBCHATPATH=
?WK[wkPath]=
?XOOPS_ROOT_PATH=
?_APP_RELATIVE_PATH=
?_CCFG[_PKG_PATH_INCL]=
?_CONFIG[files][functions_page]=
?_ENV[asicms][path]=
?_PM_[path][handle]=
?_PSL[classdir]=
?_PX_config[manager_path]=
?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid=1&GLOBALS=&mosConfig_absolute_path=
?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=
?_SERVER[DOCUMENT_ROOT]=
?_VIEW=
?_mygamefile=
?_path=
?_path[counter]=
?_saz[settings][site_dir]=
?_saz[settings][site_url]=
?_settings[pluginpath]=
?a=
?abg_path=
?abs_path=
?abs_pfad=
?absolute_path=
?absolutepath=
?absoluteurl
?absoluteurl=
?abspath=
?addpath=
?addpoll=preview&thispath=
?adduser=true&lang=
?admin_folder=
?admindir=
?adminfolder=
?adodb=
?ads_file=
?aide=
?ains_path=
?app=
?appDirName=
?app_path=
?appconf[rootpath]=
?approot=
?appserv_root=
?arashlib_dir=
?arquivo=
?art=
?asin=
?athena_dir=
?b2inc=
?back=
?banned_file=
?baros_path=
?base==
?baseDir=
?basePath=
?base_dir=
?base_path=
?basedir=
?basepath=
?beryliumroot=
?bibtexrootrel=
?blog_dc_path=
?blog_theme=
?bm_content=
?bnrep=
?boarddir=
?body=
?bu_dir=
?bypass_installed=1&secure_page_path=
?c[components]=
?c_node[class_path]=
?cache_file=
?cal_dir=
?cart_isp_root=
?categoriesenabled=yes&do=categories&action=del&absoluteurl
?ccms_library_path=
?cfgIncludeDirectory=
?cfgProgDir=
?cfg[base_uri_admin]=
?cfg[document_uri]=
?cfg[path][contenido]=
?cfg[path][includes]=
?cfg[path][templates]=
?cfg[templates][right_top_blank]=
?cfg_dir=
?cfg_file=
?cfg_file=1&fpath=
?cfg_include_dir=
?cfg_racine=
?cfgfile=
?cfile=
?checkauth=
?chemin=
?chemin_appli=
?chemin_lib=
?cid=0&sid='%22&sortfield=title&sortorder=ASC&pagenumber=1&main=
?clarolineRepositorySys=
?class_path=
?classes_dir=
?classified_path=
?cmd=add&asin=
?cmd=dir&PGV_BASE_DIRECTORY=
?cms=
?comPath=
?commonIncludePath=
?commonpath=
?component_dir=
?confdir=
?config[%22sipssys%22]=
?config[include_dir]=
?config[installdir]=
?config[page_dir]=
?config[root_ordner]=
?config_atkroot=
?configuration=
?contenido_path=
?content=
?contenus=
?corpsdesign
?corpsdesign=
?cropimagedir=
?cs_base_path=
?current_blockmodule_path=
?custom_admin_path=
?cutepath=
?d_root=
?da_path=
?date=&v=
?dateiPfad=
?db_file=
?de=
?default_path_for_themes=
?dept=
?dir=
?dir[data]=
?dir_edge_lang=
?dirroot=
?dle_config_api=
?do=
?docroot=
?e107path=
?editor_insert_bottom=
?eng_dir=
?env_dir=
?eqdkp_root_path=
?err=hack&BSX_HTXDIR=
?error=
?eva[caminho]=
?example=
?exbb[home_path]=
?exec=
?ext=
?ezUserManager_Path=
?ezt_root_path=
?faq_path=
?ff_compath=
?ficStyle=
?fichero=
?file=
?fileOreonConf=
?file_name[]=
?file_newsportal=
?file_path=
?fileloc=
?filename=
?files_dir=
?fm_data[root]=
?fname=
?footer_file=
?format_menue=
?formurl=
?framefile=
?friendly_path=
?from=
?full_path=
?full_path_to_db=
?fullpath=
?func=
?function=
?g_include=
?g_root_dir=
?galleryfilesdir=
?gbpfad=
?globals[content_dir]=
?gorumDir=
?gszAppPath=
?hm=
?home=
?homedir=
?ht_pfad=
?id=
?inc_dir=
?inc_ordner=
?incl_page=
?include=
?includeFooter=
?includePath=
?include_dir=
?include_file=
?include_path=
?includedir=
?includepath=
?incpath=
?index=
?init_path=
?insPath=
?installed_config_file=
?irayodirhack=
?javascript_path=
?l=
?lang=
?lang_file=
?lang_list=
?lang_path=
?lang_pathr=
?language=
?languagePath=
?language_dir=
?language_path=
?level=
?lib_dir=
?libpath=
?livealbum_dir=
?lm_absolute_path=
?lm_absolute_path=../../../&install_dir=
?ln=
?load_page=
?loadadminpage=
?loc=
?locale=
?location=
?lowerTemplate=
?m=
?maand=
?main=
?main_path=
?mainframe=
?mainpath=
?menu=
?mfh_root_path=
?mj_config[src_path]=
?mod_dir=
?mod_root=
?module_cache_path='
?module_root_path=
?mosConfig_absolute_path=
?mosConfig_live_site=
?msetstr[%22PROGSDIR%22]=
?mx_root_path=
?myNewsConf[path][sys][index]=
?myPath=
?my[root]=
?myevent_path=
?myng_root=
?navigation_end=
?navigation_start=
?nbs=
?new_exbb[home_path]=
?newsSync_enable_phpnuke_mod=1&newsSync_NUKE_PATH=
?newsfile=
?no_connect=lol&chem_absolu=
?npage=-1&content_dir=
?npage=1&content_dir=
?oe_classpath=
?op[footer_body]=
?open_box=
?openid_root_path=
?ourlinux_root_path=
?output=
?p=admin&absoluteurl
?p=admin&do=edit&c=ok&absoluteurl
?p=admin&do=upload&c=ok&absoluteurl
?pConfig_auth[phpbb_path]=
?pConfig_auth[smf_path]=
?p_mode=
?pag=
?page
?page=
?page=online&doc_path=
?page[path]=
?pagina=
?path=
?path=psp/user.php&site=
?pathCGX=
?path[docroot]=
?path_escape=
?path_include=
?path_local=
?path_prefix=
?path_simpnews=
?path_to_bt_dir=
?path_to_calendar=
?path_to_folder=
?path_to_root=
?path_to_script=
?path_to_smf=
?pathtohomedir=
?pcConfig[smartyPath]=
?pear_dir=
?perso=
?pfad=
?pg=
?phpAds_path=
?phpbb_root_path=
?phpdns_basedir=
?phpht_real_path=
?phpraid_dir=
?plancia=
?plugin_file=
?pmp_rel_path=
?poll=1&templatePath=
?prefix=
?projectPath=
?pth['file']['config']=
?ptinclude=
?pwfile=
?qb_path=
?qte_root=
?quezza_root_path=
?racine=
?racineTBS=
?read_xml_include=
?reflect_base=
?rel_path=
?relative_script_path=
?repertoire=
?repertoire_config=
?repertorylevel=
?repphp=
?req_lang=
?response_dir=
?returnpath=
?rf=
?root=
?rootBase=
?root_dir=
?root_folder_path=
?root_path=
?root_path_admin=
?root_prefix=
?rootagenda=
?rootdir=
?rootpath=
?row[dir_name]=
?sPath=
?s[phppath]=
?s_fuss=
?sbp=
?scoreid=
?script_path=
?script_root=
?scriptpath=
?section=
?sections_file=
?securelib=
?set_depth=
?set_path=
?setmodules=attach&phpbb_root_path=
?setmodules=pagestart&phpbb_root_path=
?settings[footer]=
?show=
?site=
?site_absolute_path=
?site_path=
?site_url=
?sitepath=
?skindir=
?sourceFolder=
?sourcedir=
?sous_rep=
?spaw_dir=
?spaw_root=
?sql_language=
?squelette_cache=
?src=
?start=1&skindir=
?step=1&vwar_root=
?subd=
?subdir=
?submit=submit&form_include_template=
?sunPath=
?sys[path_addon]=
?sys_dir=
?systempath=
?t_path_core=
?target=
?tc_config[app_root]=
?tfooter=
?theme=1&inc_path=
?thispath=../includes&config[path]=
?thumb_template=
?tinybb_footers=
?top=
?topdir=
?tpath=
?tpelseifportalrepertoire=
?tsep_config[absPath]=
?type=
?url=
?urlModulo=
?url_index=
?url_phpartenaire=
?view=
?vwar_root=
?web_root=
?workdir=
?wpPATH=
?wwwRoot=
?x[1]=
?x_admindir=
?xcart_dir=
?xtrphome=