id: evilginx info: name: EvilGinx - Detect author: pussycat0x severity: info description: | Evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies which in turn allows bypassing 2-factor authentication protection. reference: - https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-infrastructure/delivery/evilginx metadata: censys-query: b18d778b4e4b6bf1fd5b2d790c941270145a6a6d max-request: 1 verified: "true" tags: tech,evilginx,c2,phishing,panel http: - method: GET path: - "{{BaseURL}}/login" matchers-condition: and matchers: - type: dsl dsl: - "status_code == 200 && contains(body, 'Evilginx')" - "(\"b18d778b4e4b6bf1fd5b2d790c941270145a6a6d\" == sha1(body))" condition: and