alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN Wapiti Web Server Vulnerability Scan"; flow:to_server,established; content:"GET /"; depth:5; content:"?http|3A|//www.google."; within:100; nocase; content:"|0d 0a|User-Agent|3A 20|Python-httplib2"; distance:0; reference:url,wapiti.sourceforge.net/; classtype:attempted-recon; sid:2008417; rev:9; metadata:created_at 2010_07_30, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_09_27;)