id: defaced-website-detect

info:
  name: Defaced Website - Detection
  author: ggranjus
  severity: info
  description: The detected website is defaced.
  metadata:
    verified: 'true'
    max-request: 1
    shodan-query: http.title:"Hacked By"
  tags: defacement,misc

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: regex
        part: body
        regex:
          - '(?i)<title>.*Hacked( By .+)?<\/title>'

    extractors:
      - type: xpath
        xpath:
          - '/html/head/title'

# digest: 4a0a0047304502204a06a6a8401f0e8a7b169cb244fc412c2a3538dc755e976d448038281adcd6ee022100fe560032361f38aee7c9d8de45b1675b9e4654e4276cc43a7bd1c47e2c6c5344:922c64590222798bb761d5b6d8e72950