daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

new phishing templates

patch-1
Rishi 2024-02-17 11:46:39 +00:00 committed by GitHub
parent abd960230c
commit 7e4392474c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
10 changed files with 334 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
http/phishing/amazon-web-services-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: amazon-web-services-phish
info:
name: amazon web services phishing Detection
author: rxerium
severity: info
description: |
A amazon-web-services phishing website was detected
reference:
- https://signin.aws.amazon.com
tags: phishing,amazon-web-services
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Amazon Web Services Sign-In'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"amazon.com")'

33
http/phishing/booking-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: booking-phish
info:
name: booking phishing Detection
author: rxerium
severity: info
description: |
A booking phishing website was detected
reference:
- https://booking.com
tags: phishing,booking
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Booking.com | Official site | The best hotels, flights, car rentals & accommodations'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"booking.com")'

33
http/phishing/brave-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: brave-phish
info:
name: brave phishing Detection
author: rxerium
severity: info
description: |
A brave phishing website was detected
reference:
- https://brave.com
tags: phishing,brave
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Brave Browser Download | Brave'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"brave.com")'

33
http/phishing/chrome-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: chrome-phish
info:
name: chrome phishing Detection
author: rxerium
severity: info
description: |
A chrome phishing website was detected
reference:
- https://www.google.com/intl/en_uk/chrome/
tags: phishing,chrome
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Google Chrome Download the fast, secure browser from Google'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"google.com")'

37
http/phishing/digital-ocean-phish.yaml Normal file
View File

@ -0,0 +1,37 @@
id: digital-ocean-phish
info:
name: digital ocean phishing Detection
author: rxerium
severity: info
description: |
A digital-ocean phishing website was detected
reference:
- https://digitalocean.com
tags: phishing,digital-ocean
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'DigitalOcean | Cloud Infrastructure for Developers'
- type: word
words:
- 'DigitalOcean'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"digitalocean.com")'

33
http/phishing/edge-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: edge-phish
info:
name: edge phishing Detection
author: rxerium
severity: info
description: |
A edge phishing website was detected
reference:
- https://www.microsoft.com/en-us/edge/download?form=MA13FJ&ch=1
tags: phishing,edge
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Sign in - edge Accounts'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"microsoft.com")'

33
http/phishing/kayak-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: kayak-phish
info:
name: kayak phishing Detection
author: rxerium
severity: info
description: |
A kayak phishing website was detected
reference:
- https://kayak.co.uk
tags: phishing,kayak
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Search Flights, Hotels & Car Hire | KAYAK'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"kayak.co.uk")'

33
http/phishing/skyscanner-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: skyscanner-phish
info:
name: skyscanner phishing Detection
author: rxerium
severity: info
description: |
A skyscanner phishing website was detected
reference:
- https://skyscanner.net
tags: phishing,skyscanner
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Compare Cheap Flights & Book Airline Tickets to Everywhere | Skyscanner'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"skyscanner.net")'

33
http/phishing/trip-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: trip-phish
info:
name: trip phishing Detection
author: rxerium
severity: info
description: |
A trip phishing website was detected
reference:
- https://trip.com
tags: phishing,trip
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Trip.com: Book cheap flights, hotels, car rentals, trains and more'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"trip.com")'

33
http/phishing/vultr-phish.yaml Normal file
View File

@ -0,0 +1,33 @@
id: vultr-phish
info:
name: vultr phishing Detection
author: rxerium
severity: info
description: |
A vultr phishing website was detected
reference:
- https://my.vultr.com/
tags: phishing,vultr
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'Log In to your Vultr Account - Vultr.com'
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(host,"vultr.com")'