id: supershell-c2

info:
  name: Supershell C2 - Detect
  author: pussycat0x
  severity: info
  description: |
    Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel, a fully interactive shell can be obtained, and it supports multi-platform architecture Payload.
  reference:
    - https://twitter.com/S4nsLimit3/status/1693619836339859497
    - https://github.com/tdragon6/Supershell/blob/main/README_EN.md
  metadata:
    verified: true
    max-request: 1
    fofa-query: icon_hash="-1010228102"
  tags: c2,ir,osint,supershell,panel

http:
  - method: GET
    path:
      - '{{BaseURL}}'

    host-redirects: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<title>Supershell - 登录</title>'

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100e9c0fcd9b24b3a263acb78969fe716aa9da0312cb70c5509eb5b79fc10662e50022100ed849496590862afaa9f8a0cfa29f3ed1b621f1430688cba705289b5931d8dc5:922c64590222798bb761d5b6d8e72950