Artemis icon indicating copy to clipboard operation
Artemis copied to clipboard

Published 20 hours ago verified publisher icon CERT-Polska

Detect that a site got hacked (having a list of known payloads that are put on hacked websites)

Open kazet opened this issue 1 year ago • 4 comments

kazet avatar Sep 28 '23 09:09 kazet

just to be clear, you want to compare it with payloads like, say OWASP Cheat Sheets? like you somewhat scrape the site to see that right?

RasenRhino avatar Mar 21 '24 19:03 RasenRhino

I am not sure whether OWASP cheat cheets are a good direction. I was rather thinking of detecting victims of e.g. https://www.bleepingcomputer.com/news/security/new-balada-injector-campaign-infects-6-700-wordpress-sites/ or https://github.com/projectdiscovery/nuclei-templates/blob/3fcda12c44c235e09586fd929c37fa60fbe28f71/http/miscellaneous/defacement-detect.yaml#L4

kazet avatar Mar 22 '24 14:03 kazet

so why not add this nuclei template ?

RasenRhino avatar Mar 28 '24 14:03 RasenRhino

I think this template has two drawbacks:

  • it performs a significant number of HTTP requests,
  • it has a significant risk of FPs (e.g. any occurence of TangoDown causes the template to match).

kazet avatar Mar 31 '24 16:03 kazet