Login Pages Database forms a knowledge base on login pages related to malicious activities (C2 panels, phishing kits...).
https://lp-db.github.io/lp-db/
Login Pages Database forms a knowledge base on login pages related to malicious activities (C2 panels, phishing kits...).
This encyclopedia uses urlscan.io, allowing to have screenshots of unified size and to have access to the DOM of the pages. In addition, each login page has tags to better define their use cases. Whenever possible, a Malpedia link is also present.
It's possible that some login pages don't correspond to their name or their tags, these data are provided on best effort. In this case, or in order to complete the database, don't hesitate to contribute.
It's possible to perform a reverse image search to identify a login page. For best results, it's recommended to use screenshots from urlscan.io. Everything is done client side, the image recognition is based on blockhash perceptual image hashing algorithm.
There are several ways to contribute to the project by adding or identifying logins pages, they are detailed below.
Only login pages that are not already in the database and that show a significant visual change compared to other panels of the same family will be added.
You don't need to run
npm run hash
before the merge request, it's done automatically during deployment.
To add an identified login page in the database, you need to add an entry in data.json.
{
"name": "AZORult",
"id": "af4c5e46-f867-49b6-b3ad-f124694c9c6a",
"tags": ["Windows", "Stealer", "Loader"],
"malpedia": "win.azorult"
}
/
. Example: AZORult / ManaBotnet, DiamondFox / Gorynych.If you have found a login page related to malicious activities, but were unable to identify it, you can still add it by indicating Unknown in the name and in the tags. If the main tag has been identified, you can add it.
{
"name": "Unknown",
"id": "3e223ae3-5955-440c-a2ed-7700d21bd72f",
"tags": ["Android", "Unknown"]
}
An issue should contain information about the panel name, urlscan.io uuid, tags to identify malware functionality and Malpedia link if possible.
If the login page has not been identified, the urlscan.io uuid is sufficient.
External links can be added in order to better understand the context in which the panel is used.
You can also message me on Twitter with the urlscan.io link or tag me.
npm install
npm run serve
Every time you make changes in data.json you need to run npm run hash
in order to compute perceptual hash for reverse image search and to update src/data.js.
npm run build