Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

new patterns

Browse Source
This commit is contained in:
Palma Solutions LTD 2018-05-11 12:51:15 +02:00
parent 202a1a5f20
commit bd417a4cf8
2 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
scan.php
View File

@ -53,7 +53,7 @@ error_reporting(0);
"eval\(base64_decode\(<(.*)POST(.*)>php",
"\.\"<html><head><title>404\s*Not\s*Found<\/title><\/head><body>",
"@error_reporting\(0\)",
"==========================+(\s*)Credit.Mutuel.ReZult(\s*)+==================",
"==========================+(\s*)Credit.Mutuel.ReZult(\s*)+==================", //
"X-Mailer:(\s*)The(\s*)Bat\!(\s*)\(v",
"WordPress(\s*)Inserter(\s*)Links",
"The(\s*)Sword(\s*)Config(\s*)Fuck(\s*)Script",
@ -62,11 +62,11 @@ error_reporting(0);
"d.=sprintf\(\(substr\(urlencode\(print_r\(array\(",
"eval\(gzinflate\(base64_decode\(",
"eval\(gzinflate\(str_rot13\(base64_decode\(",
"Bank(\s*)of(\s*)America(\s*)\|(\s*)Home(\s*)\|(\s*)Personal",
"Bank(\s*)of(\s*)America(\s*)\|(\s*)Online(\s*)Banking(\s*)\|(\s*)Sign(\s*)In(\s*)to(\s*)Online(\s*)Banking",
"Bank(\s*)of(\s*)America(\s*)\|(\s*)Thank(\s*)you",
"Wells(\s*)Fargo(\s*)Home(\s*)Page",
"Chase(\s*)Online(\s*)-(\s*)Logon",
"Bank(\s*)of(\s*)America(\s*)\|(\s*)Home(\s*)\|(\s*)Personal", //
"Bank(\s*)of(\s*)America(\s*)\|(\s*)Online(\s*)Banking(\s*)\|(\s*)Sign(\s*)In(\s*)to(\s*)Online(\s*)Banking", //
"Bank(\s*)of(\s*)America(\s*)\|(\s*)Thank(\s*)you", //
"Wells(\s*)Fargo(\s*)Home(\s*)Page", //
"Chase(\s*)Online(\s*)-(\s*)Logon", //
"Send(\s*)Money,(\s*)Pay(\s*)Online(\s*)or(\s*)Set(\s*)Up(\s*)a(\s*)Merchant(\s*)Account(\s*)with(\s*)PayPal",
"Login(\s*)-(\s*)PayPal",
"Sign(\s*)Up(\s*)for(\s*)PayPal(\s*)-(\s*)It\'s(\s*)Free(\s*)and(\s*)Easy(\s*)to(\s*)Get(\s*)Started",

8
scan.py
View File

@ -540,7 +540,13 @@ def is_hacked(filename):
or 'https://www.colourbox.com/preview/11775720-hacker-boy-icon.jpg' in l \
or 'https://image.prntscr.com/image/dQ_-z9pTRL6tA2kqbnXH6A.jp' in l:
score.append(('SOCIALS', ''))
if '==========================+ Credit.Mutuel.ReZult +==================' in l \
or 'Bank of America | Home | Personal' in l \
or 'Bank of America | Online Banking | Sign In to Online Banking' in l \
or 'Bank of America | Thank you' in l \
or 'Wells Fargo Home Page' in l \
or 'Chase Online - Logon' in l \
core.append(('PHISHING', ''))
previous_line = l
if line_num < 20: