Adds detection for various bots (#8156)

* Improves detection for Cortex Xpanse
* Improves detection for generic bots
* Adds detection for Replicate-Bot
* Adds detection for Cypex
* Adds detection for TikTokSpider
* Adds detection for FHMS ITS Research Scanner
* Adds detection for Together-Bot
* Adds detection for xAI-Bot
* Adds detection for Groq-Bot
* Adds detection for Big Sur AI
* Improves detection for Cohere AI
* Adds detection for FirecrawlAgent

Author: liviuconcioiu

Tests/fixtures/bots.yml

@@ -4271,12 +4271,12 @@
 -
   user_agent: 'Expanse indexes the network perimeters of our customers. If you have any questions or concerns, please reach out to: scaninfo@expanseinc.com'
   bot:
-    name: Expanse
+    name: Cortex Xpanse
     category: Security Checker
-    url: https://expanse.co/
+    url: https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity
     producer:
-      name: Expanse Inc.
-      url: https://expanse.co/
+      name: Palo Alto Networks, Inc.
+      url: https://www.paloaltonetworks.com/
 -
   user_agent: HuaweiWebCatBot/6.0) (To acquire the allowed html pages as reliable information of URL categorization in the automatic process for Huawei Web Categorization.; https://isecurity.huawei.com/; sec at huawei dot com)
   bot:
@@ -5087,12 +5087,12 @@
 -
   user_agent: 'Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com'
   bot:
-    name: Expanse
+    name: Cortex Xpanse
     category: Security Checker
-    url: https://expanse.co/
+    url: https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity
     producer:
-      name: Expanse Inc.
-      url: https://expanse.co/
+      name: Palo Alto Networks, Inc.
+      url: https://www.paloaltonetworks.com/
 -
   user_agent: Mozilla/5.0 (compatible; MaCoCu; +https://www.clarin.si/info/macocu-massive-collection-and-curation-of-monolingual-and-bilingual-data/)
   bot:
@@ -8816,3 +8816,123 @@
     producer:
       name: 'Zoom Video Communications, Inc'
       url: 'https://www.zoom.com/'
+-
+  user_agent: Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity
+  bot:
+    name: Cortex Xpanse
+    category: Security Checker
+    url: https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity
+    producer:
+      name: Palo Alto Networks, Inc.
+      url: https://www.paloaltonetworks.com/
+-
+  user_agent: Mozilla/5.0 (Laravel Reaver .env Presence)
+  bot:
+    name: Generic Bot
+-
+  user_agent: Mozilla/5.0 (bang2013@atomicmail.io)
+  bot:
+    name: Generic Bot
+-
+  user_agent: libredtail-http
+  bot:
+    name: Generic Bot
+-
+  user_agent: Mozilla/5.0 (compatible; Replicate-Bot/1.0; +https://replicate.com/)
+  bot:
+    name: Replicate-Bot
+    category: Service Agent
+    url: https://replicate.com/
+    producer:
+      name: Replicate, Inc.
+      url: https://replicate.com/
+-
+  user_agent: cypex.ai/scanning Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36
+  bot:
+    name: Cypex
+    category: Security Checker
+    url: https://cypex.ai/scanning/
+    producer:
+      name: Cypex
+      url: https://cypex.ai/
+-
+  user_agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; TikTokSpider; ttspider-feedback@tiktok.com)
+  bot:
+    name: TikTokSpider
+    category: Search bot
+    url: https://www.tiktok.com/
+    producer:
+      name: TikTok Inc.
+      url: https://www.tiktok.com/
+-
+  user_agent: fhms-its-research-scanner/1.0 (+https://fb02itsscan02.fh-muenster.de)
+  bot:
+    name: FHMS ITS Research Scanner
+    category: Security Checker
+    url: https://fb02itsscan02.fh-muenster.de/
+    producer:
+      name: University of Applied Sciences Muenster
+      url: https://www.fh-muenster.de/
+-
+  user_agent: Mozilla/5.0 (compatible; Together-Bot/1.0; +https://together.ai/)
+  bot:
+    name: Together-Bot
+    category: Crawler
+    url: https://www.together.ai/
+    producer:
+      name: Together Computer Inc.
+      url: https://www.together.ai/
+-
+  user_agent: Mozilla/5.0 (compatible; xAI-Bot/1.0; +https://x.ai/)
+  bot:
+    name: xAI-Bot
+    category: Crawler
+    url: https://x.ai/
+    producer:
+      name: X.AI LLC
+      url: https://x.ai/
+-
+  user_agent: Mozilla/5.0 (compatible; Groq-Bot/1.0; +https://groq.com/)
+  bot:
+    name: Groq-Bot
+    category: Crawler
+    url: https://groq.com/
+    producer:
+      name: Groq, Inc.
+      url: https://groq.com/
+-
+  user_agent: Mozilla/5.0 (compatible; bigsur.ai/1.0)
+  bot:
+    name: Big Sur AI
+    category: Crawler
+    url: https://bigsur.ai/
+    producer:
+      name: Big Sur AI, Inc.
+      url: https://bigsur.ai/
+-
+  user_agent: Mozilla/5.0 (compatible; Cohere-Command/1.0; +https://cohere.com/)
+  bot:
+    name: Cohere AI
+    category: Crawler
+    url: https://cohere.com/
+    producer:
+      name: Cohere, Inc.
+      url: https://cohere.com/
+-
+  user_agent: cohere-training-data-crawler
+  bot:
+    name: Cohere AI
+    category: Crawler
+    url: https://cohere.com/
+    producer:
+      name: Cohere, Inc.
+      url: https://cohere.com/
+-
+  user_agent: Mozilla/5.0 (compatible; FirecrawlAgent/1.0)
+  bot:
+    name: FirecrawlAgent
+    category: Service Agent
+    url: https://www.firecrawl.dev/
+    producer:
+      name: SideGuide Technologies, Inc.
+      url: https://www.sideguide.dev/

regexes/bots.yml

@@ -2454,6 +2454,14 @@
     name: 'ByteDance Ltd.'
     url: 'https://bytedance.com/'
 
+- regex: 'TikTokSpider'
+  name: 'TikTokSpider'
+  category: 'Search bot'
+  url: 'https://www.tiktok.com/'
+  producer:
+    name: 'TikTok Inc.'
+    url: 'https://www.tiktok.com/'
+
 - regex: 'WikiDo'
   name: 'WikiDo'
   category: 'Search bot'
@@ -2773,13 +2781,13 @@
     name: 'ProjectDiscovery, Inc.'
     url: 'https://projectdiscovery.io/'
 
-- regex: 'scaninfo@(?:expanseinc|paloaltonetworks)\.com'
-  name: 'Expanse'
+- regex: '(?:expanseinc|paloaltonetworks)\.com'
+  name: 'Cortex Xpanse'
   category: 'Security Checker'
-  url: 'https://expanse.co/'
+  url: 'https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity'
   producer:
-    name: 'Expanse Inc.'
-    url: 'https://expanse.co/'
+    name: 'Palo Alto Networks, Inc.'
+    url: 'https://www.paloaltonetworks.com/'
 
 - regex: 'HuaweiWebCatBot'
   name: 'HuaweiWebCatBot'
@@ -4045,7 +4053,7 @@
     name: 'Exipert, Inc.'
     url: 'https://www.checkmarknetwork.com/'
 
-- regex: 'cohere-ai'
+- regex: 'cohere-(?:ai|command|training)'
   name: 'Cohere AI'
   category: 'Crawler'
   url: 'https://cohere.com/'
@@ -5106,8 +5114,72 @@
     name: 'Zoom Video Communications, Inc'
     url: 'https://www.zoom.com/'
 
+- regex: 'Replicate-Bot'
+  name: 'Replicate-Bot'
+  category: 'Service Agent'
+  url: 'https://replicate.com/'
+  producer:
+    name: 'Replicate, Inc.'
+    url: 'https://replicate.com/'
+
+- regex: 'cypex\.ai'
+  name: 'Cypex'
+  category: 'Security Checker'
+  url: 'https://cypex.ai/scanning/'
+  producer:
+    name: 'Cypex'
+    url: 'https://cypex.ai/'
+
+- regex: 'fhms-its-research-scanner'
+  name: 'FHMS ITS Research Scanner'
+  category: 'Security Checker'
+  url: 'https://fb02itsscan02.fh-muenster.de/'
+  producer:
+    name: 'University of Applied Sciences Muenster'
+    url: 'https://www.fh-muenster.de/'
+
+- regex: 'Together-Bot'
+  name: 'Together-Bot'
+  category: 'Crawler'
+  url: 'https://www.together.ai/'
+  producer:
+    name: 'Together Computer Inc.'
+    url: 'https://www.together.ai/'
+
+- regex: 'xAI-Bot'
+  name: 'xAI-Bot'
+  category: 'Crawler'
+  url: 'https://x.ai/'
+  producer:
+    name: 'X.AI LLC'
+    url: 'https://x.ai/'
+
+- regex: 'Groq-Bot'
+  name: 'Groq-Bot'
+  category: 'Crawler'
+  url: 'https://groq.com/'
+  producer:
+    name: 'Groq, Inc.'
+    url: 'https://groq.com/'
+
+- regex: 'bigsur\.ai'
+  name: 'Big Sur AI'
+  category: 'Crawler'
+  url: 'https://bigsur.ai/'
+  producer:
+    name: 'Big Sur AI, Inc.'
+    url: 'https://bigsur.ai/'
+
+- regex: 'FirecrawlAgent'
+  name: 'FirecrawlAgent'
+  category: 'Service Agent'
+  url: 'https://www.firecrawl.dev/'
+  producer:
+    name: 'SideGuide Technologies, Inc.'
+    url: 'https://www.sideguide.dev/'
+
 # Generic bots
-- regex: 'nuhk|grub-client|Download Demon|SearchExpress|Microsoft URL Control|borg|altavista|dataminr\.com|teoma|oegp|http%20client|htdig|mogimogi|larbin|scrubby|searchsight|semanticdiscovery|snappy|zeal(?!ot)|dataparksearch|findlinks|BrowserMob|URL2PNG|ZooShot|GomezA|Google SketchUp|Read%20Later|7Siters|centuryb\.o\.t9|InterNaetBoten|EasyBib AutoCite|Bidtellect|tomnomnom/meg|cortex|Re-re Studio|adreview|AHC/|NameOfAgent|Request-Promise|ALittle Client|Hello,? world|wp_is_mobile|0xAbyssalDoesntExist|Anarchy99|^revolt|nvd0rz|xfa1|Hakai|gbrmss|fuck-your-hp|IDBTE4M CODE87|Antoine|Insomania|Hells-Net|b3astmode|Linux Gnu \(cow\)|Test Certificate Info|iplabel|Magellan|TheSafex?Internetx?Search|Searcherx?web|kirkland-signature|LinkChain|survey-security-dot-txt|infrawatch|Time/|r00ts3c-owned-you|nvdorz|Root Slut|NiggaBalls|BotPoke|GlobalWebSearch|xx032_bo9vs83_2a|sslshed|geckotrail|Wordup|Keydrop|\(compatible\)|John Recon|SPARK COMMIT|masjesu|Komaru_The_Cat|Jesus Christ of Nazareth is LORD|Kowai|Hakai|LoliSec|LMAO|^xenu|^(?:chrome|firefox|Abcd|Dark|KvshClient|Node.js|Report Runner|url|Zeus|ZmEu)$|OnlyScans|TheInternetSearchx'
+- regex: 'nuhk|grub-client|Download Demon|SearchExpress|Microsoft URL Control|borg|altavista|dataminr\.com|teoma|oegp|http%20client|htdig|mogimogi|larbin|scrubby|searchsight|semanticdiscovery|snappy|zeal(?!ot)|dataparksearch|findlinks|BrowserMob|URL2PNG|ZooShot|GomezA|Google SketchUp|Read%20Later|7Siters|centuryb\.o\.t9|InterNaetBoten|EasyBib AutoCite|Bidtellect|tomnomnom/meg|cortex|Re-re Studio|adreview|AHC/|NameOfAgent|Request-Promise|ALittle Client|Hello,? world|wp_is_mobile|0xAbyssalDoesntExist|Anarchy99|^revolt|nvd0rz|xfa1|Hakai|gbrmss|fuck-your-hp|IDBTE4M CODE87|Antoine|Insomania|Hells-Net|b3astmode|Linux Gnu \(cow\)|Test Certificate Info|iplabel|Magellan|TheSafex?Internetx?Search|Searcherx?web|kirkland-signature|LinkChain|survey-security-dot-txt|infrawatch|Time/|r00ts3c-owned-you|nvdorz|Root Slut|NiggaBalls|BotPoke|GlobalWebSearch|xx032_bo9vs83_2a|sslshed|geckotrail|Wordup|Keydrop|\(compatible\)|John Recon|SPARK COMMIT|masjesu|Komaru_The_Cat|Jesus Christ of Nazareth is LORD|Kowai|Hakai|LoliSec|LMAO|^xenu|^(?:chrome|firefox|Abcd|Dark|KvshClient|Node.js|Report Runner|url|Zeus|ZmEu)$|OnlyScans|TheInternetSearchx|Laravel Reaver|bang2013|libredtail'
   name: 'Generic Bot'
 
 # Generic detections