new phishing templates
parent
abd960230c
commit
7e4392474c
|
@ -0,0 +1,33 @@
|
|||
id: amazon-web-services-phish
|
||||
|
||||
info:
|
||||
name: amazon web services phishing Detection
|
||||
author: rxerium
|
||||
severity: info
|
||||
description: |
|
||||
A amazon-web-services phishing website was detected
|
||||
reference:
|
||||
- https://signin.aws.amazon.com
|
||||
tags: phishing,amazon-web-services
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'Amazon Web Services Sign-In'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: dsl
|
||||
dsl:
|
||||
- '!contains(host,"amazon.com")'
|
|
@ -0,0 +1,33 @@
|
|||
id: booking-phish
|
||||
|
||||
info:
|
||||
name: booking phishing Detection
|
||||
author: rxerium
|
||||
severity: info
|
||||
description: |
|
||||
A booking phishing website was detected
|
||||
reference:
|
||||
- https://booking.com
|
||||
tags: phishing,booking
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'Booking.com | Official site | The best hotels, flights, car rentals & accommodations'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: dsl
|
||||
dsl:
|
||||
- '!contains(host,"booking.com")'
|
|
@ -0,0 +1,33 @@
|
|||
id: brave-phish
|
||||
|
||||
info:
|
||||
name: brave phishing Detection
|
||||
author: rxerium
|
||||
severity: info
|
||||
description: |
|
||||
A brave phishing website was detected
|
||||
reference:
|
||||
- https://brave.com
|
||||
tags: phishing,brave
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'Brave Browser Download | Brave'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: dsl
|
||||
dsl:
|
||||
- '!contains(host,"brave.com")'
|
|
@ -0,0 +1,33 @@
|
|||
id: chrome-phish
|
||||
|
||||
info:
|
||||
name: chrome phishing Detection
|
||||
author: rxerium
|
||||
severity: info
|
||||
description: |
|
||||
A chrome phishing website was detected
|
||||
reference:
|
||||
- https://www.google.com/intl/en_uk/chrome/
|
||||
tags: phishing,chrome
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'Google Chrome – Download the fast, secure browser from Google'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: dsl
|
||||
dsl:
|
||||
- '!contains(host,"google.com")'
|
|
@ -0,0 +1,37 @@
|
|||
id: digital-ocean-phish
|
||||
|
||||
info:
|
||||
name: digital ocean phishing Detection
|
||||
author: rxerium
|
||||
severity: info
|
||||
description: |
|
||||
A digital-ocean phishing website was detected
|
||||
reference:
|
||||
- https://digitalocean.com
|
||||
tags: phishing,digital-ocean
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'DigitalOcean | Cloud Infrastructure for Developers'
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- 'DigitalOcean'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: dsl
|
||||
dsl:
|
||||
- '!contains(host,"digitalocean.com")'
|
|
@ -0,0 +1,33 @@
|
|||
id: edge-phish
|
||||
|
||||
info:
|
||||
name: edge phishing Detection
|
||||
author: rxerium
|
||||
severity: info
|
||||
description: |
|
||||
A edge phishing website was detected
|
||||
reference:
|
||||
- https://www.microsoft.com/en-us/edge/download?form=MA13FJ&ch=1
|
||||
tags: phishing,edge
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'Sign in - edge Accounts'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: dsl
|
||||
dsl:
|
||||
- '!contains(host,"microsoft.com")'
|
|
@ -0,0 +1,33 @@
|
|||
id: kayak-phish
|
||||
|
||||
info:
|
||||
name: kayak phishing Detection
|
||||
author: rxerium
|
||||
severity: info
|
||||
description: |
|
||||
A kayak phishing website was detected
|
||||
reference:
|
||||
- https://kayak.co.uk
|
||||
tags: phishing,kayak
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'Search Flights, Hotels & Car Hire | KAYAK'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: dsl
|
||||
dsl:
|
||||
- '!contains(host,"kayak.co.uk")'
|
|
@ -0,0 +1,33 @@
|
|||
id: skyscanner-phish
|
||||
|
||||
info:
|
||||
name: skyscanner phishing Detection
|
||||
author: rxerium
|
||||
severity: info
|
||||
description: |
|
||||
A skyscanner phishing website was detected
|
||||
reference:
|
||||
- https://skyscanner.net
|
||||
tags: phishing,skyscanner
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'Compare Cheap Flights & Book Airline Tickets to Everywhere | Skyscanner'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: dsl
|
||||
dsl:
|
||||
- '!contains(host,"skyscanner.net")'
|
|
@ -0,0 +1,33 @@
|
|||
id: trip-phish
|
||||
|
||||
info:
|
||||
name: trip phishing Detection
|
||||
author: rxerium
|
||||
severity: info
|
||||
description: |
|
||||
A trip phishing website was detected
|
||||
reference:
|
||||
- https://trip.com
|
||||
tags: phishing,trip
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'Trip.com: Book cheap flights, hotels, car rentals, trains and more'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: dsl
|
||||
dsl:
|
||||
- '!contains(host,"trip.com")'
|
|
@ -0,0 +1,33 @@
|
|||
id: vultr-phish
|
||||
|
||||
info:
|
||||
name: vultr phishing Detection
|
||||
author: rxerium
|
||||
severity: info
|
||||
description: |
|
||||
A vultr phishing website was detected
|
||||
reference:
|
||||
- https://my.vultr.com/
|
||||
tags: phishing,vultr
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'Log In to your Vultr Account - Vultr.com'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: dsl
|
||||
dsl:
|
||||
- '!contains(host,"vultr.com")'
|
Loading…
Reference in New Issue