alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN Inspathx Path Disclosure Scan"; flow:established,to_server; threshold:type limit, count 1, seconds 30, track by_src; http.method; content:"GET"; http.uri; content:"varhttp|3A|/"; nocase; content:"wwwhttp|3A|/"; nocase; content:"htmlhttp|3A|/"; nocase; reference:url,code.google.com/p/inspathx/; reference:url,www.darknet.org.uk/2010/09/inspathx-tool-for-finding-path-disclosure-vulnerabilities/; classtype:attempted-recon; sid:2011809; rev:7; metadata:created_at 2010_10_13, confidence Medium, signature_severity Informational, updated_at 2020_09_11;)