alert tcp any any -> any any (msg:"DVWA-brute漏洞攻击"; flow:to_server,established; uricontent:"DVWA-master/vulnerabilities/brute"; fast_pattern:only; detection_filter:track by_dst, count 60, seconds 60; uricontent:"username="; pcre:"/username[\s=]+?.+?password[\s=]\w+?/iU"; metadata:service http; sid:7; rev:1;)

snort -de -c C:\Snort\etc\snort.conf -l C:\Snort\log -r C:\dvwa抓包\Brute-Force.pcapng