2023-06-13 17:57:24 +00:00
id : evilginx
info :
name : EvilGinx - Detect
author : pussycat0x
severity : info
description : |
Evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies which in turn allows bypassing 2-factor authentication protection.
reference :
- https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-infrastructure/delivery/evilginx
metadata :
2023-06-21 21:03:53 +00:00
censys-query : b18d778b4e4b6bf1fd5b2d790c941270145a6a6d
max-request : 1
2023-06-13 17:57:24 +00:00
verified : "true"
2023-06-30 22:49:09 +00:00
tags : tech,evilginx,c2,phishing,panel
2023-06-13 17:57:24 +00:00
http :
- method : GET
path :
- "{{BaseURL}}/login"
matchers-condition : and
matchers :
- type : dsl
dsl :
- "status_code == 200 && contains(body, 'Evilginx')"
- "(\"b18d778b4e4b6bf1fd5b2d790c941270145a6a6d\" == sha1(body))"
condition : and