daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9158 from rxerium/phishing-templates 

Phishing Templates
patch-1
Prince Chaddha 2024-03-08 13:37:42 +05:30 committed by GitHub
parent 7f071a1f5a c287ba0142
commit 4f8355f8b8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
758 changed files with 3785 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.nuclei-ignore
View File

@ -18,6 +18,7 @@ tags:
- "local"
- "brute-force"
- "bruteforce"
- "phishing"
# The following templates have been excluded because they have weak matchers and may generate FP results.
# Please feel free to create PR if you can update the templates with strict matchers.

6
config/osint.yml
View File

@ -13,4 +13,8 @@ tags:
- osint-social
- exposures
- malware
- enum
- enum
- phishing
include-tags:
- phishing

33
http/osint/phishing/1password-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: 1password-phish
info:
name: 1password phishing Detection
author: rxerium
severity: info
description: |
A 1password phishing website was detected
reference:
- https://1password.com
tags: phishing,1password,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Password Manager for Families, Enterprise & Business | 1Password'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"1password.com")'

33
http/osint/phishing/adobe-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: adobe-phish
info:
name: adobe phishing Detection
author: rxerium
severity: info
description: |
An adobe phishing website was detected
reference:
- https://adobe.com
tags: phishing,adobe,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Adobe: Creative, marketing and document management solutions'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"adobe.com")'

33
http/osint/phishing/aliexpress-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: aliexpress-phish
info:
name: aliexpress phishing Detection
author: rxerium
severity: info
description: |
An aliexpress phishing website was detected
reference:
- https://aliexpress.com
tags: phishing,aliexpress,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'AliExpress - Affordable Prices on Top Brands with Free Shipping'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"aliexpress.com")'

51
http/osint/phishing/amazon-phish.yaml Normal file
View File

@ -0,0 +1,51 @@
id: amazon-phish
info:
name: Amazon phishing Detection
author: rxerium
severity: info
description: |
An amazon phishing website was detected
reference:
- https://amazon.com
tags: phishing,amazon,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Amazon Sign In'
- 'Amazon Sign-In'
condition: or
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"amazon.com")'
- '!contains(host,"amazon.co.uk")'
- '!contains(host,"amazon.co.es")'
- '!contains(host,"amazon.sg")'
- '!contains(host,"amazon.sa")'
- '!contains(host,"amazon.ca")'
- '!contains(host,"amazon.cn")'
- '!contains(host,"amazon.eg")'
- '!contains(host,"amazon.fr")'
- '!contains(host,"amazon.de")'
- '!contains(host,"amazon.in")'
- '!contains(host,"amazon.it")'
- '!contains(host,"amazon.co.jp")'
- '!contains(host,"amazon.pl")'
- '!contains(host,"amazon.se")'
- '!contains(host,"amazon.ae")'
condition: and

33
http/osint/phishing/amazon-web-services-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: amazon-web-services-phish
info:
name: amazon web services phishing Detection
author: rxerium
severity: info
description: |
An amazon-web-services phishing website was detected
reference:
- https://signin.aws.amazon.com
tags: phishing,amazon-web-services,aws,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Amazon Web Services Sign-In'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"amazon.com")'

33
http/osint/phishing/american-express-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: american-express-phish
info:
name: american-express phishing Detection
author: rxerium
severity: info
description: |
An american express phishing website was detected
reference:
- https://www.americanexpress.com
tags: phishing,american-express,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Credit Cards, Rewards, Travel and Business Services | American Express'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"americanexpress.com")'

33
http/osint/phishing/anydesk-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: anydesk-phish
info:
name: anydesk phishing Detection
author: rxerium
severity: info
description: |
An anydesk phishing website was detected
reference:
- https://anydesk.com
tags: phishing,anydesk,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'The Fast Remote Desktop Application AnyDesk'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"anydesk.com")'

33
http/osint/phishing/avast-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: avast-phish
info:
name: avast phishing Detection
author: rxerium
severity: info
description: |
An avast phishing website was detected
reference:
- https://avast.com
tags: phishing,avast,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Avast | Download Free Antivirus & VPN | 100% Free & Easy'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"avast.com")'

33
http/osint/phishing/avg-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: avg-phish
info:
name: avg phishing Detection
author: rxerium
severity: info
description: |
An avg phishing website was detected
reference:
- https://avg.com
tags: phishing,avg,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'AVG 2024 | FREE Antivirus, VPN & TuneUp for All Your Devices'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"avg.com")'

33
http/osint/phishing/bank-of-america-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: bank-of-america-phish
info:
name: Bank Of America phishing Detection
author: rxerium
severity: info
description: |
A Bank Of America phishing website was detected
reference:
- https://bankofamerica.com
tags: phishing,BankOfAmerica,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Bank of America - Banking, Credit Cards, Loans and Merrill Investing'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"bankofamerica.com")'

34
http/osint/phishing/battlenet-phish.yaml Normal file
View File

@ -0,0 +1,34 @@
id: battlenet-phish
info:
name: battlenet phishing Detection
author: rxerium
severity: info
description: |
A battlenet phishing website was detected
reference:
- https://eu.account.battle.net/login
tags: phishing,battlenet,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Battle.net Login'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"battle.net")'
- '!contains(host,"blizzard.com")'

33
http/osint/phishing/bestbuy-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: best-buy-phish
info:
name: best buy phishing Detection
author: rxerium
severity: info
description: |
A best buy phishing website was detected
reference:
- https://bestbuy.com
tags: phishing,bestbuy,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Best Buy | Official Online Store | Shop Now & Save'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"bestbuy.com")'

34
http/osint/phishing/bitdefender-phish.yaml Normal file
View File

@ -0,0 +1,34 @@
id: bitdefender-phish
info:
name: bitdefender phishing Detection
author: rxerium
severity: info
description: |
A bitdefender phishing website was detected
reference:
- https://bitdefender.com
tags: phishing,bitdefender,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Bitdefender - Global Leader in Cybersecurity Software'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"bitdefender.com")'
- '!contains(host,"bitdefender.co.uk")'

33
http/osint/phishing/bitwarden-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: bitwarden-phish
info:
name: bitwarden phishing Detection
author: rxerium
severity: info
description: |
A bitwarden phishing website was detected
reference:
- https://bitwarden.com
tags: phishing,bitwarden,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'The password manager trusted by millions | Bitwarden'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"bitwarden.com")'

33
http/osint/phishing/blender-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: blender-phish
info:
name: blender phishing Detection
author: rxerium
severity: info
description: |
A blender phishing website was detected
reference:
- https://blender.org
tags: phishing,blender,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'blender.org - Home of the Blender project - Free and Open 3D Creation Software'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"blender.org")'

33
http/osint/phishing/booking-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: booking-phish
info:
name: booking phishing Detection
author: rxerium
severity: info
description: |
A booking phishing website was detected
reference:
- https://booking.com
tags: phishing,booking,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Booking.com | Official site | The best hotels, flights, car rentals & accommodations'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"booking.com")'

33
http/osint/phishing/box-storage-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: box-phish
info:
name: box phishing Detection
author: rxerium
severity: info
description: |
A box phishing website was detected
reference:
- https://box.com
tags: phishing,box-storage,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Secure File Sharing, Storage, and Collaboration | Box'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"box.com")'

33
http/osint/phishing/brave-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: brave-phish
info:
name: brave phishing Detection
author: rxerium
severity: info
description: |
A brave phishing website was detected
reference:
- https://brave.com
tags: phishing,brave,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Brave Browser Download | Brave'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"brave.com")'

33
http/osint/phishing/brighthr-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: brighthr-phish
info:
name: brighthr phishing Detection
author: rxerium
severity: info
description: |
A brighthr phishing website was detected
reference:
- https://brighthr.com
tags: phishing,brighthr,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'HR Software For SMEs | Human Resources Software | BrightHR'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"brighthr.com")'

33
http/osint/phishing/ccleaner-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: ccleaner-phish
info:
name: ccleaner phishing Detection
author: rxerium
severity: info
description: |
A ccleaner phishing website was detected
reference:
- https://ccleaner.com
tags: phishing,ccleaner,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'CCleaner Makes Your Computer Faster & More Secure | Official Website'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"ccleaner.com")'

33
http/osint/phishing/chase-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: Chase-phish
info:
name: Chase phishing Detection
author: rxerium
severity: info
description: |
A Chase phishing website was detected
reference:
- https://chase.com
tags: phishing,Chase,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Credit Card, Mortgage, Banking, Auto | Chase Online | Chase.com'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"chase.com")'

33
http/osint/phishing/chrome-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: chrome-phish
info:
name: chrome phishing Detection
author: rxerium
severity: info
description: |
A chrome phishing website was detected
reference:
- https://www.google.com/intl/en_uk/chrome/
tags: phishing,chrome,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Google Chrome Download the fast, secure browser from Google'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"google.com")'

33
http/osint/phishing/costa-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: costa-phish
info:
name: costa phishing Detection
author: rxerium
severity: info
description: |
A costa phishing website was detected
reference:
- https://costa.co.uk
tags: phishing,costa,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'The Nation's Favourite Coffee Shop | Costa Coffee'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"costa.co.uk")'

35
http/osint/phishing/dashlane-phish.yaml Normal file
View File

@ -0,0 +1,35 @@
id: dashlane-phish
info:
name: dashlane phishing Detection
author: rxerium
severity: info
description: |
A dashlane phishing website was detected
reference:
- https://dashlane.com
tags: phishing,dashlane,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Dashlane Password Manager'
- 'Dashlane Password Manager safeguards businesses & people with easy-to-use, powerful features. Protect & manage passwords and passkeys in one secure solution.'
condition: and
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"dashlane.com")'

33
http/osint/phishing/deezer-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: deezer-phish
info:
name: deezer phishing Detection
author: rxerium
severity: info
description: |
A deezer phishing website was detected
reference:
- https://deezer.com
tags: phishing,deezer,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Deezer | Listen to music | Online music streaming platform'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"deezer.com")'

34
http/osint/phishing/deliveroo-phish.yaml Normal file
View File

@ -0,0 +1,34 @@
id: deliveroo-phish
info:
name: deliveroo phishing Detection
author: rxerium
severity: info
description: |
A deliveroo phishing website was detected
reference:
- https://deliveroo.co.uk
tags: phishing,deliveroo,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Deliveroo - Takeaway Food Delivery from Local Restaurants & Shops'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"deliveroo.com")'
- '!contains(host,"deliveroo.co.uk")'

36
http/osint/phishing/digital-ocean-phish.yaml Normal file
View File

@ -0,0 +1,36 @@
id: digital-ocean-phish
info:
name: digital ocean phishing Detection
author: rxerium
severity: info
description: |
A digital-ocean phishing website was detected
reference:
- https://digitalocean.com
tags: phishing,digital-ocean,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'DigitalOcean | Cloud Infrastructure for Developers'
- 'DigitalOcean'
condition: and
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"digitalocean.com")'

33
http/osint/phishing/discord-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: Discord-phish
info:
name: Discord phishing Detection
author: rxerium
severity: info
description: |
A Discord phishing website was detected
reference:
- https://discord.com
tags: phishing,discord,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Discord | Your Place to Talk and Hang Out'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"discord.com")'

33
http/osint/phishing/disneyplus-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: disneyplus-phish
info:
name: disneyplus phishing Detection
author: rxerium
severity: info
description: |
A disneyplus phishing website was detected
reference:
- https://disneyplus.com
tags: phishing,disneyplus,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Disney+ | Stream new Originals, blockbusters and series'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"disneyplus.com")'

33
http/osint/phishing/dropbox-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: dropbox-phish
info:
name: dropbox phishing Detection
author: rxerium
severity: info
description: |
A dropbox phishing website was detected
reference:
- https://dropbox.com
tags: phishing,dropbox,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Dropbox is a home for all of your work. You can store and share files, collaborate on projects and bring your best ideas to life, whether youre working alone or as part of a team.'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"dropbox.com")'

33
http/osint/phishing/duckduckgo-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: duckduckgo-phish
info:
name: duckduckgo phishing Detection
author: rxerium
severity: info
description: |
A duckduckgo phishing website was detected
reference:
- https://duckduckgo.com
tags: phishing,duckduckgo,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'DuckDuckGo — Privacy, simplified.'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"duckduckgo.com")'

33
http/osint/phishing/ebay-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: ebay-phish
info:
name: ebay phishing Detection
author: rxerium
severity: info
description: |
A ebay phishing website was detected
reference:
- https://ebay.com
tags: phishing,ebay,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Electronics, Cars, Fashion, Collectibles & More | eBay'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"ebay.com")'

33
http/osint/phishing/edge-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: edge-phish
info:
name: edge phishing Detection
author: rxerium
severity: info
description: |
A edge phishing website was detected
reference:
- https://www.microsoft.com/en-us/edge/download?form=MA13FJ&ch=1
tags: phishing,edge,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Sign in - edge Accounts'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"microsoft.com")'

33
http/osint/phishing/ee-mobile-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: ee-mobile-phish
info:
name: ee phishing Detection
author: rxerium
severity: info
description: |
A ee phishing website was detected
reference:
- https://ee.co.uk
tags: phishing,ee,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Superfast 5G & 4G Phones, Tablets and Fibre Broadband | EE'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"ee.co.uk")'

33
http/osint/phishing/eset-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: eset-phish
info:
name: eset phishing Detection
author: rxerium
severity: info
description: |
A eset phishing website was detected
reference:
- https://eset.com
tags: phishing,eset,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Malware Protection & Internet Security | ESET'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"eset.com")'

33
http/osint/phishing/evernote-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: evernote-phish
info:
name: evernote phishing Detection
author: rxerium
severity: info
description: |
A evernote phishing website was detected
reference:
- https://evernote.com
tags: phishing,evernote,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Best Note Taking App - Organize Your Notes with Evernote'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"evernote.com")'

33
http/osint/phishing/facebook-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: facebook-phish
info:
name: Facebook phishing Detection
author: rxerium
severity: info
description: |
A Facebook phishing website was detected
reference:
- https://facebook.com
tags: phishing,facebook,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Facebook log in or sign up'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"facebook.com")'

33
http/osint/phishing/figma-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: figma-phish
info:
name: figma phishing Detection
author: rxerium
severity: info
description: |
A figma phishing website was detected
reference:
- https://figma.com
tags: phishing,figma,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Figma: The Collaborative Interface Design Tool'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"figma.com")'

33
http/osint/phishing/filezilla-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: filezilla-phish
info:
name: filezilla phishing Detection
author: rxerium
severity: info
description: |
A filezilla phishing website was detected
reference:
- https://filezilla-project.org
tags: phishing,filezilla,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'FileZilla - The free FTP solution'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"filezilla-project.org")'

33
http/osint/phishing/firefox-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: firefox-phish
info:
name: firefox phishing Detection
author: rxerium
severity: info
description: |
A firefox phishing website was detected
reference:
- https://www.mozilla.org/en-GB/firefox/new/
tags: phishing,firefox,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Download Firefox for Desktop — Mozilla'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"mozilla.org")'

33
http/osint/phishing/gimp-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: gimp-phish
info:
name: gimp phishing Detection
author: rxerium
severity: info
description: |
A gimp phishing website was detected
reference:
- https://gimp.org
tags: phishing,gimp,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'GIMP - GNU Image Manipulation Program'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"gimp.org")'

33
http/osint/phishing/github-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: github-phish
info:
name: github phishing Detection
author: rxerium
severity: info
description: |
A github phishing website was detected
reference:
- https://github.com
tags: phishing,github,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Sign in to GitHub · GitHub'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"github.com")'

33
http/osint/phishing/google-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: google-phish
info:
name: Google phishing Detection
author: rxerium
severity: info
description: |
A google phishing website was detected
reference:
- https://google.com
tags: phishing,google,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Sign in - Google Accounts'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"google.com")'

35
http/osint/phishing/icloud-phish.yaml Normal file
View File

@ -0,0 +1,35 @@
id: iCloud-phish
info:
name: iCloud phishing Detection
author: rxerium
severity: info
description: |
A iCloud phishing website was detected
reference:
- https://icloud.com
tags: phishing,icloud,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Log in to iCloud to access your photos, mail, notes, documents and more. Sign in with your Apple ID or create a new account to start using Apple services.'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"icloud.com")'
- '!contains(host,"apple.com")'
condition: and

33
http/osint/phishing/instagram-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: instagram-phish
info:
name: instagram phishing Detection
author: rxerium
severity: info
description: |
A instagram phishing website was detected
reference:
- https://instagram.com
tags: phishing,instagram,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Login • Instagram'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"instagram.com")'

34
http/osint/phishing/kaspersky-phish.yaml Normal file
View File

@ -0,0 +1,34 @@
id: kaspersky-phish
info:
name: kaspersky phishing Detection
author: rxerium
severity: info
description: |
A kaspersky phishing website was detected
reference:
- https://kaspersky.co.uk
tags: phishing,kaspersky,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Kaspersky Cyber Security Solutions for Home and Business | Kaspersky'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"kaspersky.co.uk")'
- '!contains(host,"kaspersky.com")'

33
http/osint/phishing/kayak-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: kayak-phish
info:
name: kayak phishing Detection
author: rxerium
severity: info
description: |
A kayak phishing website was detected
reference:
- https://kayak.co.uk
tags: phishing,kayak,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Search Flights, Hotels & Car Hire | KAYAK'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"kayak.co.uk")'

33
http/osint/phishing/keepass-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: keepass-phish
info:
name: keepass phishing Detection
author: rxerium
severity: info
description: |
A keepass phishing website was detected
reference:
- https://keepass.info
tags: phishing,keepass,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'KeePass is a free open source password manager. Passwords can be stored in an encrypted database, which can be unlocked with one master key.'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"keepass.info")'

33
http/osint/phishing/keepersecurity-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: keepersecurity-phish
info:
name: keepersecurity phishing Detection
author: rxerium
severity: info
description: |
A keepersecurity phishing website was detected
reference:
- https://keepersecurity.com
tags: phishing,keepersecurity,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Password and Secrets Management - Keeper Security'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"keepersecurity.com")'

33
http/osint/phishing/keybase-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: keybase-phish
info:
name: keybase phishing Detection
author: rxerium
severity: info
description: |
A keybase phishing website was detected
reference:
- https://keybase.io
tags: phishing,keybase,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- "Keybase is for keeping everyone's chats and files safe, from families to communities to companies. MacOS, Windows, Linux, iPhone, and Android."
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"keybase.io")'

33
http/osint/phishing/lastpass-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: lastpass-phish
info:
name: lastpass phishing Detection
author: rxerium
severity: info
description: |
A lastpass phishing website was detected
reference:
- https://lastpass.com
tags: phishing,lastpass,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- '#1 Password Manager & Vault App with Single-Sign On & MFA Solutions - LastPass'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"lastpass.com")'

33
http/osint/phishing/libre-office-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: libre-office-phish
info:
name: libre office phishing Detection
author: rxerium
severity: info
description: |
A libre office phishing website was detected
reference:
- https://libreoffice.org
tags: phishing,libre-office,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Home | LibreOffice - Free Office Suite - Based on OpenOffice - Compatible with Microsoft'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"libreoffice.org")'

33
http/osint/phishing/linkedin-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: linkedin-phish
info:
name: linkedin phishing Detection
author: rxerium
severity: info
description: |
A linkedin phishing website was detected
reference:
- https://linkedin.com
tags: phishing,linkedin,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'LinkedIn: Log In or Sign Up'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"linkedin.com")'

35
http/osint/phishing/malwarebytes-phish.yaml Normal file
View File

@ -0,0 +1,35 @@
id: malwarebytes-phish
info:
name: malwarebytes phishing Detection
author: rxerium
severity: info
description: |
A malwarebytes phishing website was detected
reference:
- https://malwarebytes.com
tags: phishing,malwarebytes,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Cyber Security Software and Anti-Malware | Malwarebytes'
- 'Protect your home and business PCs, Macs, iOS and Android devices from the latest cyber threats and malware, including ransomware.'
condition: and
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"malwarebytes.com")'

33
http/osint/phishing/mcafee-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: mcafee-phish
info:
name: mcafee phishing Detection
author: rxerium
severity: info
description: |
A mcafee phishing website was detected
reference:
- https://mcafee.com
tags: phishing,mcafee,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Antivirus, VPN, Identity & Privacy Protection | McAfee'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"mcafee.com")'

35
http/osint/phishing/mega-phish.yaml Normal file
View File

@ -0,0 +1,35 @@
id: mega-phish
info:
name: mega phishing Detection
author: rxerium
severity: info
description: |
A mega phishing website was detected
reference:
- https://mega.io
tags: phishing,mega,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Home - MEGA'
- 'Secure and private cloud storage for everyone. Store and share files, chat, meet, back up, sync, and more.'
condition: and
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"mega.io")'

33
http/osint/phishing/messenger-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: messenger-phish
info:
name: messenger phishing Detection
author: rxerium
severity: info
description: |
A messenger phishing website was detected
reference:
- https://messenger.com
tags: phishing,messenger,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Hang out anytime, anywhere—Messenger makes it easy and fun to stay close to your favorite people'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"messenger.com")'

33
http/osint/phishing/microcenter-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: microcenter-phish
info:
name: microcenter phishing Detection
author: rxerium
severity: info
description: |
A microcenter phishing website was detected
reference:
- https://microcenter.com
tags: phishing,microcenter,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Micro Center - Computer & Electronics Retailer - Shop Now'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"microcenter.com")'

35
http/osint/phishing/microsoft-phish.yaml Normal file
View File

@ -0,0 +1,35 @@
id: microsoft-phish
info:
name: Microsoft phishing Detection
author: rxerium
severity: info
description: |
A microsoft phishing website was detected
reference:
- https://office.com
- https://microsoft.com
tags: phishing,microsoft,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Login | Microsoft 365'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"office.com")'
- '!contains(host,"microsoft.com")'

33
http/osint/phishing/microsoft-teams-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: microsoft-teams-phish
info:
name: microsoft teams phishing Detection
author: rxerium
severity: info
description: |
A microsoft teams phishing website was detected
reference:
- https://www.microsoft.com/en-gb/microsoft-teams/download-app
tags: phishing,microsoft-teams,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Download Microsoft Teams Desktop and Mobile Apps | Microsoft Teams'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"microsoft.com")'

33
http/osint/phishing/netflix-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: netflix-phish
info:
name: netflix phishing Detection
author: rxerium
severity: info
description: |
A netflix phishing website was detected
reference:
- https://netflix.com
tags: phishing,netflix,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Watch Netflix films & TV programmes online or stream right to your smart TV, game console, PC, Mac, mobile, tablet and more.'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"netflix.com")'

33
http/osint/phishing/nordpass-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: nordpass-phish
info:
name: nordpass phishing Detection
author: rxerium
severity: info
description: |
A nordpass phishing website was detected
reference:
- https://nordpass.com
tags: phishing,nordpass,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Securely Store, Manage & Autofill Passwords | NordPass'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"nordpass.com")'

33
http/osint/phishing/norton-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: norton-phish
info:
name: norton phishing Detection
author: rxerium
severity: info
description: |
A norton phishing website was detected
reference:
- https://norton.com
tags: phishing,norton,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Official Site | Norton™ - Antivirus & Anti-Malware Software'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"norton.com")'

33
http/osint/phishing/notion-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: notion-phish
info:
name: notion phishing Detection
author: rxerium
severity: info
description: |
A notion phishing website was detected
reference:
- https://notion.so
tags: phishing,notion,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Your connected workspace for wiki, docs & projects | Notion'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"notion.so")'

33
http/osint/phishing/o2-mobile-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: o2-mobile-phish
info:
name: o2 phishing Detection
author: rxerium
severity: info
description: |
A o2 phishing website was detected
reference:
- https://o2.co.uk
tags: phishing,o2,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'O2 | Phone, SIM & Tech Deals - See What You Can Do'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"o2.co.uk")'

33
http/osint/phishing/openai-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: openai-phish
info:
name: openai phishing Detection
author: rxerium
severity: info
description: |
A openai phishing website was detected
reference:
- https://openai.com
tags: phishing,openai,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Log in to OpenAI to continue to OpenAI Platform.'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"openai.com")'

33
http/osint/phishing/opera-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: opera-phish
info:
name: opera phishing Detection
author: rxerium
severity: info
description: |
A opera phishing website was detected
reference:
- https://opera.com
tags: phishing,opera,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Opera Web Browser | Faster, Safer, Smarter | Oper'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"opera.com")'

33
http/osint/phishing/paramountplus-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: paramountplus-phish
info:
name: paramountplus phishing Detection
author: rxerium
severity: info
description: |
A paramountplus phishing website was detected
reference:
- https://paramountplus.com
tags: phishing,paramountplus,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Paramount+ United Kingdom - Stream Blockbusters, New Originals and Hit Shows'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"paramountplus.com")'

33
http/osint/phishing/paypal-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: Paypal-phish
info:
name: Paypal phishing Detection
author: rxerium
severity: info
description: |
A Paypal phishing website was detected
reference:
- https://paypal.com
tags: phishing,paypal,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- "Log in to PayPal automatically for faster checkout without entering your password wherever you're logged in with your Google account."
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"paypal.com")'

33
http/osint/phishing/pcloud-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: pcloud-phish
info:
name: pcloud phishing Detection
author: rxerium
severity: info
description: |
A pcloud phishing website was detected
reference:
- https://pcloud.com
tags: phishing,pcloud,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- "pCloud - Europe's Most Secure Cloud Storage"
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"pcloud.com")'

37
http/osint/phishing/pintrest-phish.yaml Normal file
View File

@ -0,0 +1,37 @@
id: pinterest-phish
info:
name: pinterest phishing Detection
author: rxerium
severity: info
description: |
A pinterest phishing website was detected
reference:
- https://pinterest.com
tags: phishing,pinterest,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Discover recipes, home ideas, style inspiration and other ideas to try'
- type: word
words:
- 'Pinterest'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"pinterest.com")'

33
http/osint/phishing/plusnet-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: plusnet-phish
info:
name: plusnet phishing Detection
author: rxerium
severity: info
description: |
A plusnet phishing website was detected
reference:
- https://plus.net
tags: phishing,plusnet,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Multi-Award Winner with Even Faster UK Broadband | Plusnet'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"plus.net")'

33
http/osint/phishing/proton-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: proton-phish
info:
name: proton phishing Detection
author: rxerium
severity: info
description: |
A proton phishing website was detected
reference:
- https://proton.me
tags: phishing,proton,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Proton Account: Sign-in'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"proton.me")'

33
http/osint/phishing/putty-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: putty-phish
info:
name: putty phishing Detection
author: rxerium
severity: info
description: |
A putty phishing website was detected
reference:
- https://putty.org
tags: phishing,putty,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Download PuTTY - a free SSH and telnet client for Windows'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"putty.org")'

36
http/osint/phishing/python-phish.yaml Normal file
View File

@ -0,0 +1,36 @@
id: python-phish
info:
name: python phishing Detection
author: rxerium
severity: info
description: |
A python phishing website was detected
reference:
- https://python.org
tags: phishing,python,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Welcome to Python.org'
- 'The official home of the Python Programming Language'
condition: and
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"python.org")'

33
http/osint/phishing/quora-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: quora-phish
info:
name: quora phishing Detection
author: rxerium
severity: info
description: |
A quora phishing website was detected
reference:
- https://quora.com
tags: phishing,quora,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Quora - A place to share knowledge and better understand the world'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"quora.com")'

33
http/osint/phishing/reddit-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: reddit-phish
info:
name: reddit phishing Detection
author: rxerium
severity: info
description: |
A reddit phishing website was detected
reference:
- https://reddit.com
tags: phishing,reddit,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Reddit - Dive into anything'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"reddit.com")'

33
http/osint/phishing/roblox-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: roblox-phish
info:
name: roblox phishing Detection
author: rxerium
severity: info
description: |
A roblox phishing website was detected
reference:
- https://roblox.com
tags: phishing,roblox,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Roblox is ushering in the next generation of entertainment. Imagine, create, and play together with millions of people across an infinite variety of immersive, user-generated 3D worlds.'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"roblox.com")'

36
http/osint/phishing/roboform-phish.yaml Normal file
View File

@ -0,0 +1,36 @@
id: roboform-phish
info:
name: roboform phishing Detection
author: rxerium
severity: info
description: |
A roboform phishing website was detected
reference:
- https://roboform.com
tags: phishing,roboform,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Best Password Manager: No more writing down passwords'
- 'Multi-platform secure solution to simplify your online experience. One click login on Chrome, Firefox, Safari, IE, Opera, Edge, Windows, Mac, iOS, Android.'
- 'roboform'
condition: and
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"roboform.com")'

33
http/osint/phishing/royal-mail-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: royal-mail-phish
info:
name: royal-mail phishing Detection
author: rxerium
severity: info
description: |
A royal-mail phishing website was detected
reference:
- https://royalmail.com
tags: phishing,royal-mail,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Log in | Royal Mail Group Ltd'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"royalmail.com")'

33
http/osint/phishing/samsung-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: samsung-phish
info:
name: samsung phishing Detection
author: rxerium
severity: info
description: |
A samsung phishing website was detected
reference:
- https://samsung.com
tags: phishing,samsung,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Samsung UK | Mobile | Home Electronics | Home Appliances | TV'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"samsung.com")'

33
http/osint/phishing/signal-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: signal-phish
info:
name: signal phishing Detection
author: rxerium
severity: info
description: |
A signal phishing website was detected
reference:
- https://signal.org
tags: phishing,signal,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Say "hello" to a different messaging experience. An unexpected focus on privacy, combined with all of the features you expect.'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"signal.org")'

33
http/osint/phishing/sky-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: sky-phish
info:
name: sky phishing Detection
author: rxerium
severity: info
description: |
A sky phishing website was detected
reference:
- https://sky.com
tags: phishing,sky,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Discover TV, Broadband & Mobile Phone Packages with Sky'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"sky.com")'

33
http/osint/phishing/skype-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: skype-phish
info:
name: skype phishing Detection
author: rxerium
severity: info
description: |
A skype phishing website was detected
reference:
- https://skype.com
tags: phishing,skype,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Skype | Stay connected with free video calls worldwide'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"skype.com")'

33
http/osint/phishing/skyscanner-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: skyscanner-phish
info:
name: skyscanner phishing Detection
author: rxerium
severity: info
description: |
A skyscanner phishing website was detected
reference:
- https://skyscanner.net
tags: phishing,skyscanner,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Compare Cheap Flights & Book Airline Tickets to Everywhere | Skyscanner'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"skyscanner.net")'

33
http/osint/phishing/slack-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: slack-phish
info:
name: slack phishing Detection
author: rxerium
severity: info
description: |
A slack phishing website was detected
reference:
- https://slack.com
tags: phishing,slack,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Slack is a new way to communicate with your team. Its faster, better organised and more secure than email.'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"slack.com")'

33
http/osint/phishing/sophos-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: sophos-phish
info:
name: sophos phishing Detection
author: rxerium
severity: info
description: |
A sophos phishing website was detected
reference:
- https://sophos.com
tags: phishing,sophos,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Cybersecurity as a Service Delivered | Sophos'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"sophos.com")'

33
http/osint/phishing/spotify-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: spotify-phish
info:
name: spotify phishing Detection
author: rxerium
severity: info
description: |
A spotify phishing website was detected
reference:
- https://spotify.com
tags: phishing,spotify,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Spotify - Web Player: Music for everyone'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"spotify.com")'

36
http/osint/phishing/steam-phish.yaml Normal file
View File

@ -0,0 +1,36 @@
id: steam-phish
info:
name: steam phishing Detection
author: rxerium
severity: info
description: |
A steam phishing website was detected
reference:
- https://steampowered.com
tags: phishing,steam,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Welcome to Steam'
- 'Steam is the ultimate destination for playing, discussing, and creating games.'
condition: and
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"steampowered.com")'

33
http/osint/phishing/sync-storage-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: sync-phish
info:
name: sync storage phishing Detection
author: rxerium
severity: info
description: |
A sync storage phishing website was detected
reference:
- https://sync.com
tags: phishing,sync,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Sync | Secure Cloud Storage, File Sharing and Document Collaboration'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"sync.com")'

33
http/osint/phishing/target-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: target-phish
info:
name: target phishing Detection
author: rxerium
severity: info
description: |
A target phishing website was detected
reference:
- https://target.com
tags: phishing,target,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Target : Expect More. Pay Less.'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"target.com")'

33
http/osint/phishing/teamviewer-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: teamviewer-phish
info:
name: teamviewer phishing Detection
author: rxerium
severity: info
description: |
A teamviewer phishing website was detected
reference:
- https://teamviewer.com
tags: phishing,teamviewer,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'TeamViewer The Remote Connectivity Software'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"teamviewer.com")'

33
http/osint/phishing/telegram-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: telegram-phish
info:
name: telegram phishing Detection
author: rxerium
severity: info
description: |
A telegram phishing website was detected
reference:
- https://telegram.org
tags: phishing,telegram,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Telegram is a cloud-based mobile and desktop messaging app with a focus on security and speed.'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"telegram.org")'

33
http/osint/phishing/three-mobile-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: three-mobile-phish
info:
name: three phishing Detection
author: rxerium
severity: info
description: |
A three phishing website was detected
reference:
- https://three.co.uk
tags: phishing,three,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Three | Phones, Broadband & SIM Only deals'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"three.co.uk")'

33
http/osint/phishing/thunderbird-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: thunderbird-phish
info:
name: thunderbird phishing Detection
author: rxerium
severity: info
description: |
A thunderbird phishing website was detected
reference:
- https://thunderbird.net
tags: phishing,thunderbird,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Thunderbird — Free Your Inbox. — Thunderbird'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"thunderbird.net")'

33
http/osint/phishing/ticketmaster-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: ticket-master-phish
info:
name: ticket master phishing Detection
author: rxerium
severity: info
description: |
A ticket-master phishing website was detected
reference:
- https://ticketmaster.com
tags: phishing,ticket-master,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Buy and sell tickets online for concerts, sports, theater, family and other events near you from Ticketmaster.'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"ticketmaster.com")'

33
http/osint/phishing/tiktok-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: tiktok-phish
info:
name: tiktok phishing Detection
author: rxerium
severity: info
description: |
A tiktok phishing website was detected
reference:
- https://tiktok.com
tags: phishing,tiktok,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'TikTok - Make Your Day'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"tiktok.com")'

33
http/osint/phishing/trading212-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: trading212-phish
info:
name: trading212 phishing Detection
author: rxerium
severity: info
description: |
A trading212 phishing website was detected
reference:
- https://trading212.com
tags: phishing,trading212,osint
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Commission-free investing for everyone | Trading 212'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"trading212.com")'

Some files were not shown because too many files have changed in this diff Show More