From 924252c1a6f684d668be4ba373cc46f578bd773d Mon Sep 17 00:00:00 2001 From: cccs-kevin Date: Tue, 18 Jun 2024 18:34:44 +0000 Subject: [PATCH] If short_form sig is raised, set 'is_phishing' to True --- jsjaws.py | 1 + .../result.json | 68 ++++++++++++++++++- 2 files changed, 68 insertions(+), 1 deletion(-) diff --git a/jsjaws.py b/jsjaws.py index 0dde1ca9..0ff97189 100755 --- a/jsjaws.py +++ b/jsjaws.py @@ -1475,6 +1475,7 @@ def _run_the_gauntlet(self, request, file_path, file_content, subsequent_run: bo phishing_inputs_sec.add_lines([f"\t- {item}" for item in sorted(self.phishing_inputs)]) if self.short_form: phishing_inputs_heur.add_signature_id("short_form", 500) + self.is_phishing = True if self.num_of_web_bugs: web_bugs_sec = ResultTextSection("Web bugs found", parent=request.result) diff --git a/tests/results/b96949f50cf1cf7e6abe4c3e1d77902e694b1098a57619e68bfe7afb5aa1c19d/result.json b/tests/results/b96949f50cf1cf7e6abe4c3e1d77902e694b1098a57619e68bfe7afb5aa1c19d/result.json index 03206989..38274b9f 100644 --- a/tests/results/b96949f50cf1cf7e6abe4c3e1d77902e694b1098a57619e68bfe7afb5aa1c19d/result.json +++ b/tests/results/b96949f50cf1cf7e6abe4c3e1d77902e694b1098a57619e68bfe7afb5aa1c19d/result.json @@ -1,7 +1,7 @@ { "extra": { "drop_file": false, - "score": 2571, + "score": 3071, "sections": [ { "auto_collapse": false, @@ -705,6 +705,44 @@ "title_text": "URLs", "zeroize_on_tag_safe": false }, + { + "auto_collapse": false, + "body": "\t-\thttps://couponhagen.churchontheranch.uk/app/exlca.php", + "body_config": {}, + "body_format": "TEXT", + "classification": "TLP:C", + "depth": 1, + "heuristic": { + "attack_ids": [], + "frequency": 1, + "heur_id": 1, + "score": 500, + "score_map": { + "is_phishing_url": 500 + }, + "signatures": { + "is_phishing_url": 1 + } + }, + "promote_to": null, + "tags": { + "network": { + "dynamic": { + "domain": [ + "couponhagen.churchontheranch.uk" + ], + "uri": [ + "https://couponhagen.churchontheranch.uk/app/exlca.php" + ], + "uri_path": [ + "/app/exlca.php" + ] + } + } + }, + "title_text": "URLs used for POSTs, found in a file containing suspicious phishing characteristics", + "zeroize_on_tag_safe": false + }, { "auto_collapse": false, "body": "Multiple rounds of tool runs were required due to nested document.write calls", @@ -762,6 +800,13 @@ "single_script_url" ] }, + { + "attack_ids": [], + "heur_id": 1, + "signatures": [ + "is_phishing_url" + ] + }, { "attack_ids": [], "heur_id": 2, @@ -879,6 +924,13 @@ ], "value": "couponhagen.churchontheranch.uk" }, + { + "heur_id": 1, + "signatures": [ + "is_phishing_url" + ], + "value": "couponhagen.churchontheranch.uk" + }, { "heur_id": 1, "signatures": [ @@ -902,6 +954,13 @@ ], "value": "https://couponhagen.churchontheranch.uk/app/exlca.php" }, + { + "heur_id": 1, + "signatures": [ + "is_phishing_url" + ], + "value": "https://couponhagen.churchontheranch.uk/app/exlca.php" + }, { "heur_id": 1, "signatures": [ @@ -918,6 +977,13 @@ ], "value": "/app/exlca.php" }, + { + "heur_id": 1, + "signatures": [ + "is_phishing_url" + ], + "value": "/app/exlca.php" + }, { "heur_id": 1, "signatures": [