new patterns
This commit is contained in:
Palma Solutions LTD
12
scan.php
12
scan.php
@@ -53,7 +53,7 @@ error_reporting(0);
|
|||||||
"eval\(base64_decode\(<(.*)POST(.*)>php",
|
"eval\(base64_decode\(<(.*)POST(.*)>php",
|
||||||
"\.\"<html><head><title>404\s*Not\s*Found<\/title><\/head><body>",
|
"\.\"<html><head><title>404\s*Not\s*Found<\/title><\/head><body>",
|
||||||
"@error_reporting\(0\)",
|
"@error_reporting\(0\)",
|
||||||
"==========================+(\s*)Credit.Mutuel.ReZult(\s*)+==================",
|
"==========================+(\s*)Credit.Mutuel.ReZult(\s*)+==================", //
|
||||||
"X-Mailer:(\s*)The(\s*)Bat\!(\s*)\(v",
|
"X-Mailer:(\s*)The(\s*)Bat\!(\s*)\(v",
|
||||||
"WordPress(\s*)Inserter(\s*)Links",
|
"WordPress(\s*)Inserter(\s*)Links",
|
||||||
"The(\s*)Sword(\s*)Config(\s*)Fuck(\s*)Script",
|
"The(\s*)Sword(\s*)Config(\s*)Fuck(\s*)Script",
|
||||||
@@ -62,11 +62,11 @@ error_reporting(0);
|
|||||||
"d.=sprintf\(\(substr\(urlencode\(print_r\(array\(",
|
"d.=sprintf\(\(substr\(urlencode\(print_r\(array\(",
|
||||||
"eval\(gzinflate\(base64_decode\(",
|
"eval\(gzinflate\(base64_decode\(",
|
||||||
"eval\(gzinflate\(str_rot13\(base64_decode\(",
|
"eval\(gzinflate\(str_rot13\(base64_decode\(",
|
||||||
"Bank(\s*)of(\s*)America(\s*)\|(\s*)Home(\s*)\|(\s*)Personal",
|
"Bank(\s*)of(\s*)America(\s*)\|(\s*)Home(\s*)\|(\s*)Personal", //
|
||||||
"Bank(\s*)of(\s*)America(\s*)\|(\s*)Online(\s*)Banking(\s*)\|(\s*)Sign(\s*)In(\s*)to(\s*)Online(\s*)Banking",
|
"Bank(\s*)of(\s*)America(\s*)\|(\s*)Online(\s*)Banking(\s*)\|(\s*)Sign(\s*)In(\s*)to(\s*)Online(\s*)Banking", //
|
||||||
"Bank(\s*)of(\s*)America(\s*)\|(\s*)Thank(\s*)you",
|
"Bank(\s*)of(\s*)America(\s*)\|(\s*)Thank(\s*)you", //
|
||||||
"Wells(\s*)Fargo(\s*)Home(\s*)Page",
|
"Wells(\s*)Fargo(\s*)Home(\s*)Page", //
|
||||||
"Chase(\s*)Online(\s*)-(\s*)Logon",
|
"Chase(\s*)Online(\s*)-(\s*)Logon", //
|
||||||
"Send(\s*)Money,(\s*)Pay(\s*)Online(\s*)or(\s*)Set(\s*)Up(\s*)a(\s*)Merchant(\s*)Account(\s*)with(\s*)PayPal",
|
"Send(\s*)Money,(\s*)Pay(\s*)Online(\s*)or(\s*)Set(\s*)Up(\s*)a(\s*)Merchant(\s*)Account(\s*)with(\s*)PayPal",
|
||||||
"Login(\s*)-(\s*)PayPal",
|
"Login(\s*)-(\s*)PayPal",
|
||||||
"Sign(\s*)Up(\s*)for(\s*)PayPal(\s*)-(\s*)It\'s(\s*)Free(\s*)and(\s*)Easy(\s*)to(\s*)Get(\s*)Started",
|
"Sign(\s*)Up(\s*)for(\s*)PayPal(\s*)-(\s*)It\'s(\s*)Free(\s*)and(\s*)Easy(\s*)to(\s*)Get(\s*)Started",
|
||||||
|
|||||||
8
scan.py
8
scan.py
@@ -540,7 +540,13 @@ def is_hacked(filename):
|
|||||||
or 'https://www.colourbox.com/preview/11775720-hacker-boy-icon.jpg' in l \
|
or 'https://www.colourbox.com/preview/11775720-hacker-boy-icon.jpg' in l \
|
||||||
or 'https://image.prntscr.com/image/dQ_-z9pTRL6tA2kqbnXH6A.jp' in l:
|
or 'https://image.prntscr.com/image/dQ_-z9pTRL6tA2kqbnXH6A.jp' in l:
|
||||||
score.append(('SOCIALS', ''))
|
score.append(('SOCIALS', ''))
|
||||||
|
if '==========================+ Credit.Mutuel.ReZult +==================' in l \
|
||||||
|
or 'Bank of America | Home | Personal' in l \
|
||||||
|
or 'Bank of America | Online Banking | Sign In to Online Banking' in l \
|
||||||
|
or 'Bank of America | Thank you' in l \
|
||||||
|
or 'Wells Fargo Home Page' in l \
|
||||||
|
or 'Chase Online - Logon' in l \
|
||||||
|
core.append(('PHISHING', ''))
|
||||||
previous_line = l
|
previous_line = l
|
||||||
|
|
||||||
if line_num < 20:
|
if line_num < 20:
|
||||||
|
|||||||
Reference in New Issue
Block a user