nuclei-templates/http/osint/phishing/visual-studio-code-phish.yaml

id: visual-studio-code-phish

info:
  name: visual studio code phishing Detection
  author: rxerium
  severity: info
  description: |
    A visual studio code phishing website was detected
  reference:
    - https://visualstudio.com
  metadata:
    max-request: 1
  tags: phishing,visual-studio-code,osint
http:
  - method: GET
    path:
      - "{{BaseURL}}"

    host-redirects: true
    max-redirects: 2

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'Visual Studio Code is a code editor redefined and optimized for building and debugging modern web and cloud applications.  Visual Studio Code is free and available on your favorite platform - Linux, macOS, and Windows.'
          - 'Visual Studio Code - Code Editing. Redefined'
        condition: and

      - type: status
        status:
          - 200

      - type: dsl
        dsl:
          - '!contains(host,"visualstudio.com")'
# digest: 490a0046304402201621520efe1a68a5270d774a9f145ae407ce3c939f3bb0fcaa04482acd2b01f60220010baf1c6cd2342d9ef75c3ab568c41c7f818d2816602d01d590e71b2eaa902f:922c64590222798bb761d5b6d8e72950