nuclei-templates/http/osint/phishing/gimp-phish.yaml

35 lines
816 B
YAML
Raw Normal View History

2024-02-17 19:59:25 +00:00
id: gimp-phish
2024-02-16 20:27:33 +00:00
info:
name: gimp phishing Detection
author: rxerium
severity: info
description: |
A gimp phishing website was detected
reference:
- https://gimp.org
metadata:
max-request: 1
2024-03-08 07:16:17 +00:00
tags: phishing,gimp,osint
2024-02-16 20:27:33 +00:00
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
2024-02-17 19:59:25 +00:00
- 'GIMP - GNU Image Manipulation Program'
2024-02-16 20:27:33 +00:00
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"gimp.org")'
# digest: 4b0a00483046022100de613f3f4d026fad163ea9c5ca93ccefe05946225122a7e5be05470e9ca48622022100bfc66884d50f11eef5a6d23d3dcb2d4a9ab185484512a79c05f2db36d97358da:922c64590222798bb761d5b6d8e72950