daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

initial templates

patch-1
Rishi 2024-02-16 20:27:33 +00:00 committed by GitHub
parent 7c46896600
commit 03a493215d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
29 changed files with 978 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
http/phishing/amazon-phish.yaml Normal file
View File

@ -0,0 +1,48 @@
id: amazon-phish
info:
name: Amazon Phishing Detection
author: rxerium
severity: info
description: |
A amazon Phishing website was detected
reference:
- https://amazon.com
tags: phishing,amazon
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Amazon Sign In'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"amazon.com")'
- '!contains(host,"amazon.co.uk")'
- '!contains(host,"amazon.co.es")'
- '!contains(host,"amazon.sg")'
- '!contains(host,"amazon.sa")'
- '!contains(host,"amazon.ca")'
- '!contains(host,"amazon.cn")'
- '!contains(host,"amazon.eg")'
- '!contains(host,"amazon.fr")'
- '!contains(host,"amazon.de")'
- '!contains(host,"amazon.in")'
- '!contains(host,"amazon.it")'
- '!contains(host,"amazon.co.jp")'
- '!contains(host,"amazon.pl")'
- '!contains(host,"amazon.se")'
- '!contains(host,"amazon.ae")'

33
http/phishing/bank-of-america-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: bank-of-america-phish
info:
name: Bank Of America Phishing Detection
author: rxerium
severity: info
description: |
A Bank Of America Phishing website was detected
reference:
- https://bankofamerica.com
tags: phishing,BankOfAmerica
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Bank of America - Banking, Credit Cards, Loans and Merrill Investing'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"bankofamerica.com")'

33
http/phishing/chase-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: Chase-phish
info:
name: Chase Phishing Detection
author: rxerium
severity: info
description: |
A Chase Phishing website was detected
reference:
- https://chase.com
tags: phishing,Chase
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Credit Card, Mortgage, Banking, Auto | Chase Online | Chase.com'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"chase.com")'

33
http/phishing/discord-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: Discord-phish
info:
name: Discord Phishing Detection
author: rxerium
severity: info
description: |
A Discord Phishing website was detected
reference:
- https://discord.com
tags: phishing,Discord
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Discord | Your Place to Talk and Hang Out'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"Discord.com")'

33
http/phishing/duckduckgo-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: duckduckgo-phish
info:
name: duckduckgo Phishing Detection
author: rxerium
severity: info
description: |
A duckduckgo Phishing website was detected
reference:
- https://duckduckgo.com
tags: phishing,duckduckgo
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'DuckDuckGo — Privacy, simplified.'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"duckduckgo.com")'

33
http/phishing/ebay-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: ebay-phish
info:
name: ebay Phishing Detection
author: rxerium
severity: info
description: |
A ebay Phishing website was detected
reference:
- https://ebay.com
tags: phishing,ebay
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Electronics, Cars, Fashion, Collectibles & More | eBay'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"ebay.com")'

33
http/phishing/facebook-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: facebook-phish
info:
name: Facebook Phishing Detection
author: rxerium
severity: info
description: |
A Facebook Phishing website was detected
reference:
- https://facebook.com
tags: phishing,facebook
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Facebook log in or sign up'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"facebook.com")'

33
http/phishing/github-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: github-phish
info:
name: github Phishing Detection
author: rxerium
severity: info
description: |
A github Phishing website was detected
reference:
- https://github.com
tags: phishing,github
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Sign in to GitHub · GitHub'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"github.com")'

33
http/phishing/google-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: google-phish
info:
name: Google Phishing Detection
author: rxerium
severity: info
description: |
A google Phishing website was detected
reference:
- https://google.com
tags: phishing,google
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Sign in - Google Accounts'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"google.com")'

33
http/phishing/icloud-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: iCloud-phish
info:
name: iCloud Phishing Detection
author: rxerium
severity: info
description: |
A iCloud Phishing website was detected
reference:
- https://icloud.com
tags: phishing,iCloud
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Log in to iCloud to access your photos, mail, notes, documents and more. Sign in with your Apple ID or create a new account to start using Apple services.'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"iCloud.com")'

33
http/phishing/linkedin-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: linkedin-phish
info:
name: linkedin Phishing Detection
author: rxerium
severity: info
description: |
A linkedin Phishing website was detected
reference:
- https://linkedin.com
tags: phishing,linkedin
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'LinkedIn: Log In or Sign Up'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"linkedin.com")'

35
http/phishing/microsoft-phish.yaml Normal file
View File

@ -0,0 +1,35 @@
id: microsoft-phish
info:
name: Microsoft Phishing Detection
author: rxerium
severity: info
description: |
A microsoft Phishing website was detected
reference:
- https://office.com
- https://microsoft.com
tags: phishing,microsoft
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- ''
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"office.com")'
- '!contains(host,"microsoft.com")'

33
http/phishing/netflix-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: netflix-phish
info:
name: netflix Phishing Detection
author: rxerium
severity: info
description: |
A netflix Phishing website was detected
reference:
- https://netflix.com
tags: phishing,netflix
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Watch Netflix films & TV programmes online or stream right to your smart TV, game console, PC, Mac, mobile, tablet and more.'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"netflix.com")'

33
http/phishing/openai-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: openai-phish
info:
name: openai Phishing Detection
author: rxerium
severity: info
description: |
A openai Phishing website was detected
reference:
- https://openai.com
tags: phishing,openai
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Log in to OpenAI to continue to OpenAI Platform.'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"openai.com")'

33
http/phishing/paypal-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: Paypal-phish
info:
name: Paypal Phishing Detection
author: rxerium
severity: info
description: |
A Paypal Phishing website was detected
reference:
- https://paypal.com
tags: phishing,Paypal
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- "Log in to PayPal automatically for faster checkout without entering your password wherever you're logged in with your Google account."
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"Paypal.com")'

37
http/phishing/pintrest-phish.yaml Normal file
View File

@ -0,0 +1,37 @@
id: pinterest-phish
info:
name: pinterest Phishing Detection
author: rxerium
severity: info
description: |
A pinterest Phishing website was detected
reference:
- https://pinterest.com
tags: phishing,pinterest
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Discover recipes, home ideas, style inspiration and other ideas to try'
- type: word
words:
- 'Pinterest'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"pinterest.com")'

33
http/phishing/quora-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: quora-phish
info:
name: quora Phishing Detection
author: rxerium
severity: info
description: |
A quora Phishing website was detected
reference:
- https://quora.com
tags: phishing,quora
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Quora - A place to share knowledge and better understand the world'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"quora.com")'

33
http/phishing/reddit-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: reddit-phish
info:
name: reddit Phishing Detection
author: rxerium
severity: info
description: |
A reddit Phishing website was detected
reference:
- https://reddit.com
tags: phishing,reddit
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Reddit - Dive into anything'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"reddit.com")'

33
http/phishing/roblox-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: roblox-phish
info:
name: roblox Phishing Detection
author: rxerium
severity: info
description: |
A roblox Phishing website was detected
reference:
- https://roblox.com
tags: phishing,roblox
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Roblox is ushering in the next generation of entertainment. Imagine, create, and play together with millions of people across an infinite variety of immersive, user-generated 3D worlds.'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"roblox.com")'

33
http/phishing/royal-mail-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: royal-mail-phish
info:
name: royal-mail Phishing Detection
author: rxerium
severity: info
description: |
A royal-mail Phishing website was detected
reference:
- https://royalmail.com
tags: phishing,royal-mail
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Log in | Royal Mail Group Ltd'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"royalmail.com")'

33
http/phishing/samsung-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: samsung-phish
info:
name: samsung Phishing Detection
author: rxerium
severity: info
description: |
A samsung Phishing website was detected
reference:
- https://samsung.com
tags: phishing,samsung
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Samsung UK | Mobile | Home Electronics | Home Appliances | TV'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"samsung.com")'

33
http/phishing/telegram-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: telegram-phish
info:
name: telegram Phishing Detection
author: rxerium
severity: info
description: |
A telegram Phishing website was detected
reference:
- https://telegram.org
tags: phishing,telegram
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Telegram is a cloud-based mobile and desktop messaging app with a focus on security and speed.'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"telegram.org")'

33
http/phishing/template.yaml Normal file
View File

@ -0,0 +1,33 @@
id: google-phish
info:
name: Google Phishing Detection
author: rxerium
severity: info
description: |
A google Phishing website was detected
reference:
- https://google.com
tags: phishing,google
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Sign in - Google Accounts'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"google.com")'

33
http/phishing/tiktok-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: tiktok-phish
info:
name: tiktok Phishing Detection
author: rxerium
severity: info
description: |
A tiktok Phishing website was detected
reference:
- https://tiktok.com
tags: phishing,tiktok
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'TikTok - Make Your Day'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"tiktok.com")'

33
http/phishing/twitch-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: twitch-phish
info:
name: Twitch Phishing Detection
author: rxerium
severity: info
description: |
A twitch Phishing website was detected
reference:
- https://twitch.tv
tags: phishing,twitch
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Twitch is an interactive livestreaming service for content spanning gaming, entertainment, sports, music, and more. Theres something for everyone on Twitch.'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"twitch.tv")'

33
http/phishing/whatsapp-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: Whatsapp-phish
info:
name: Whatsapp Phishing Detection
author: rxerium
severity: info
description: |
A Whatsapp Phishing website was detected
reference:
- https://Whatsapp.com
tags: phishing,Whatsapp
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'WhatsApp | Secure and Reliable Free Private Messaging and Callings'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"Whatsapp.com")'

33
http/phishing/wikipedia-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: Wikipedia-phish
info:
name: Wikipedia Phishing Detection
author: rxerium
severity: info
description: |
A Wikipedia Phishing website was detected
reference:
- https://Wikipedia.com
tags: phishing,Wikipedia
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Log in - Wikipedia'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"Wikipedia.org")'

33
http/phishing/yahoo-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: yahoo-phish
info:
name: Yahoo Phishing Detection
author: rxerium
severity: info
description: |
A yahoo Phishing website was detected
reference:
- https://yahoo.com
tags: phishing,yahoo
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Best-in-class Yahoo Mail, breaking local, national and global news, finance, sport, music, films and more. You get more out of the web, you get more out of life.'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"yahoo.com")'

33
http/phishing/zoom-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: zoom-phish
info:
name: zoom Phishing Detection
author: rxerium
severity: info
description: |
A zoom Phishing website was detected
reference:
- https://zoom.us
tags: phishing,zoom
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'One platform to connect | Zoom'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"zoom.us")'