Detect that a site got hacked (having a list of known payloads that are put on hacked websites)
Opened this issue · 4 comments
kazet commented
Detect that a site got hacked (having a list of known payloads that are put on hacked websites)
RasenRhino commented
just to be clear, you want to compare it with payloads like, say OWASP Cheat Sheets? like you somewhat scrape the site to see that right?
kazet commented
I am not sure whether OWASP cheat cheets are a good direction. I was rather thinking of detecting victims of e.g. https://www.bleepingcomputer.com/news/security/new-balada-injector-campaign-infects-6-700-wordpress-sites/ or https://github.com/projectdiscovery/nuclei-templates/blob/3fcda12c44c235e09586fd929c37fa60fbe28f71/http/miscellaneous/defacement-detect.yaml#L4
RasenRhino commented
so why not add this nuclei template ?
kazet commented
I think this template has two drawbacks:
- it performs a significant number of HTTP requests,
- it has a significant risk of FPs (e.g. any occurence of
TangoDowncauses the template to match).