-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.html
More file actions
103 lines (94 loc) · 9.58 KB
/
index.html
File metadata and controls
103 lines (94 loc) · 9.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Nehboro Detection Test Suite</title>
<style>
* { box-sizing: border-box; }
body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; margin: 0; padding: 24px; background: #0b0e17; color: #e0e0e0; }
h1 { color: #00d4ff; font-size: 28px; margin-top: 0; }
h2 { color: #00d4ff; font-size: 18px; margin-top: 32px; border-bottom: 1px solid #1a1f2e; padding-bottom: 8px; }
.warning { background: #3a1a1a; border-left: 4px solid #ff5577; padding: 12px 16px; margin-bottom: 24px; border-radius: 4px; }
.warning strong { color: #ff9999; }
.grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(300px, 1fr)); gap: 12px; margin-bottom: 16px; }
.card { background: #161a26; border: 1px solid #1a1f2e; padding: 14px 16px; border-radius: 6px; text-decoration: none; color: #e0e0e0; transition: all .15s; }
.card:hover { background: #1a1f2e; border-color: #00d4ff; transform: translateY(-1px); }
.card h3 { margin: 0 0 6px 0; font-size: 14px; color: #fff; }
.card p { margin: 0; font-size: 12px; color: #888; line-height: 1.4; }
.card .id { font-family: 'JetBrains Mono', monospace; font-size: 10px; color: #00d4ff; text-transform: uppercase; letter-spacing: 0.5px; margin-top: 8px; }
.category-count { color: #888; font-size: 13px; font-weight: normal; margin-left: 8px; }
</style>
</head>
<body>
<h1>🛡️ Nehboro Detection Test Suite</h1>
<div class="warning">
<strong>⚠️ For testing purposes only.</strong> These pages simulate various threats that Nehboro detects. They are <strong>harmless</strong> -
they only contain fake text/UI and never execute real malicious code. Use them to verify the extension is working and to demo its detection
capabilities. Open each page with the extension enabled.
</div>
<h2>🎯 ClickFix Family <span class="category-count">(7 pages)</span></h2>
<div class="grid">
<a href="clickfix-basic.html" class="card"><h3>Basic ClickFix Sequence</h3><p>Win+R → Ctrl+V → Enter with PowerShell payload</p><span class="id">CLICKFIX_FULL_SEQUENCE</span></a>
<a href="clickfix-cloudflare.html" class="card"><h3>Fake Cloudflare ClickFix</h3><p>Cloudflare-branded fake CAPTCHA with verification ID</p><span class="id">FAKE_CLOUDFLARE + FAKE_VERIFICATION_ID</span></a>
<a href="clickfix-multilang.html" class="card"><h3>Multilingual ClickFix (Spanish)</h3><p>Spanish Opera browser error with "Copiar solución"</p><span class="id">CLICKFIX_MULTILANG</span></a>
<a href="clickfix-pretext-driver.html" class="card"><h3>Fake Meet - Audio Driver</h3><p>"Your audio drivers are outdated" with fix command</p><span class="id">CLICKFIX_PRETEXT + FAKE_MEETING</span></a>
<a href="clickfix-pretext-font.html" class="card"><h3>Missing Font + BSOD</h3><p>Fake "missing font" prompt and Windows BSOD</p><span class="id">CLICKFIX_PRETEXT + FAKE_ERROR_PAGE</span></a>
<a href="clickfix-filefix.html" class="card"><h3>FileFix (Explorer Address Bar)</h3><p>Paste path into File Explorer address bar</p><span class="id">FILEFIX + CLICKFIX_PRETEXT</span></a>
<a href="clickfix-winx.html" class="card"><h3>Win+X Terminal ClickFix</h3><p>BSOD recovery via Win+X → Terminal</p><span class="id">CLICKFIX_FULL_SEQUENCE (Win+X variant)</span></a>
</div>
<h2>🎣 Phishing & Impersonation <span class="category-count">(6 pages)</span></h2>
<div class="grid">
<a href="phishing-browser-in-browser.html" class="card"><h3>Browser-in-the-Browser (BitB)</h3><p>Fake OAuth popup with inset URL bar</p><span class="id">FAKE_URL_BAR + PHISHING_IMPERSONATION</span></a>
<a href="phishing-docusign.html" class="card"><h3>DocuSign Device Code Phish</h3><p>Fake DocuSign page with verification code</p><span class="id">DEVICE_CODE_PHISH</span></a>
<a href="phishing-insecure-login.html" class="card"><h3>Insecure HTTP Login</h3><p>Login form submitted over HTTP</p><span class="id">INSECURE_LOGIN</span></a>
<a href="phishing-lookalike.html" class="card"><h3>Lookalike / Typosquat Domain</h3><p>Mentions of typosquatted domains</p><span class="id">LOOKALIKE_TYPOSQUAT</span></a>
<a href="phishing-punycode.html" class="card"><h3>Punycode Domain (IDN)</h3><p>xn-- domain name indicator</p><span class="id">PUNYCODE_DOMAIN</span></a>
<a href="phishing-raw-ip.html" class="card"><h3>Raw IP Hosting</h3><p>Suspicious content on raw IP address</p><span class="id">RAW_IP_HOSTING</span></a>
</div>
<h2>🆘 Tech Support Scams <span class="category-count">(8 pages)</span></h2>
<div class="grid">
<a href="scam-fake-antivirus.html" class="card"><h3>Fake Antivirus Scan</h3><p>Fake Windows Defender threats found</p><span class="id">FAKE_ANTIVIRUS</span></a>
<a href="scam-fake-error.html" class="card"><h3>Fake Error with Support Number</h3><p>Error code + call this number scam</p><span class="id">FAKE_ERROR_PAGE + SCAM_PHONE</span></a>
<a href="scam-fake-os-ui.html" class="card"><h3>Fake Windows UI Overlay</h3><p>Imitation Windows dialogs/notifications</p><span class="id">FAKE_OS_UI</span></a>
<a href="scam-browser-lock.html" class="card"><h3>Browser Lock / Fullscreen</h3><p>Page attempts to lock the browser</p><span class="id">BROWSER_LOCK + FULLSCREEN_SPAM</span></a>
<a href="scam-print-loop.html" class="card"><h3>Print Dialog Spam</h3><p>window.print() called repeatedly</p><span class="id">PRINT_LOOP</span></a>
<a href="scam-data-theft.html" class="card"><h3>Data Theft Scare</h3><p>"Your personal data has been stolen"</p><span class="id">DATA_THEFT_SCARE + IP_GEOLOCATION_SCARE</span></a>
<a href="scam-multilang.html" class="card"><h3>Multilingual Scam (French)</h3><p>French-language tech support scam</p><span class="id">SCAM_MULTILANG</span></a>
<a href="scam-av-dismissal.html" class="card"><h3>Antivirus Dismissal Pretext</h3><p>"Ignore Windows Defender warning, it's normal"</p><span class="id">AV_DISMISSAL_PRETEXT</span></a>
</div>
<h2>🧠 Social Engineering <span class="category-count">(6 pages)</span></h2>
<div class="grid">
<a href="social-urgency.html" class="card"><h3>Urgency + Countdown</h3><p>"Act now! Only 5 minutes left!"</p><span class="id">URGENCY + FAKE_COUNTDOWN</span></a>
<a href="social-fake-update.html" class="card"><h3>Fake Browser Update</h3><p>"Chrome is outdated, update now"</p><span class="id">FAKE_UPDATE + FAKE_BROWSER_ERROR</span></a>
<a href="social-fake-software.html" class="card"><h3>Fake Software Download</h3><p>Fake Zoom/Teams/antivirus download page</p><span class="id">FAKE_SOFTWARE_DL + FAKE_DOWNLOAD</span></a>
<a href="social-fake-social-proof.html" class="card"><h3>Fake Social Proof</h3><p>"2,847 people downloaded this today"</p><span class="id">FAKE_SOCIAL_PROOF</span></a>
<a href="social-notification-spam.html" class="card"><h3>Notification Permission Spam</h3><p>Repeated requestPermission() calls</p><span class="id">NOTIFICATION_SPAM</span></a>
<a href="social-dialog-spam.html" class="card"><h3>Alert/Confirm Dialog Spam</h3><p>Repeated alert() calls</p><span class="id">DIALOG_SPAM</span></a>
</div>
<h2>🦠 Malware Indicators <span class="category-count">(8 pages)</span></h2>
<div class="grid">
<a href="malware-clipboard-hijack.html" class="card"><h3>Clipboard Hijack</h3><p>Live clipboard.writeText interception</p><span class="id">CLIPBOARD_HIJACK</span></a>
<a href="malware-powershell.html" class="card"><h3>PowerShell Payload</h3><p>Encoded PowerShell commands in page</p><span class="id">POWERSHELL_PAYLOAD + PS_ENCODED</span></a>
<a href="malware-lolbin.html" class="card"><h3>LOLBin Commands</h3><p>mshta, regsvr32, certutil references</p><span class="id">LOLBIN_COMMAND</span></a>
<a href="malware-base64.html" class="card"><h3>Verified Base64 Payload</h3><p>Large base64 with decoded PowerShell</p><span class="id">BASE64_PAYLOAD</span></a>
<a href="malware-obfuscation.html" class="card"><h3>JavaScript Obfuscation</h3><p>Heavy eval / Function() chains</p><span class="id">OBFUSCATION + EVAL_DYNAMIC</span></a>
<a href="malware-crypto-address.html" class="card"><h3>Crypto Wallet Address Swap</h3><p>BTC/ETH/SOL addresses in page</p><span class="id">CRYPTO_ADDRESS_SWAP + CRYPTO_WALLET</span></a>
<a href="malware-card-skimmer.html" class="card"><h3>Credit Card Skimmer</h3><p>Payment field + exfil pattern</p><span class="id">CARD_SKIMMER_ENHANCED + FORMJACKING</span></a>
<a href="malware-keylogger.html" class="card"><h3>Keylogger Pattern</h3><p>Global keydown listener + POST</p><span class="id">KEYLOGGER_PATTERN</span></a>
</div>
<h2>🔍 Visual & Advanced <span class="category-count">(4 pages)</span></h2>
<div class="grid">
<a href="visual-brand-imposter.html" class="card"><h3>Visual Brand Impersonation</h3><p>Microsoft/Google colors + logos on fake domain</p><span class="id">VISUAL_BRAND_IMPERSONATION</span></a>
<a href="advanced-consentfix.html" class="card"><h3>ConsentFix / OAuth Consent</h3><p>Fake OAuth consent with device code flow</p><span class="id">CONSENTFIX</span></a>
<a href="advanced-finger-abuse.html" class="card"><h3>Browser Fingerprinting Abuse</h3><p>Canvas/WebGL/audio fingerprinting</p><span class="id">FINGER_ABUSE</span></a>
<a href="advanced-history-loop.html" class="card"><h3>History API Loop</h3><p>pushState spam prevents back button</p><span class="id">HISTORY_LOOP</span></a>
</div>
<h2>📋 Combo Tests <span class="category-count">(1 page)</span></h2>
<div class="grid">
<a href="combo-full-scam-kit.html" class="card"><h3>Full Scam Kit (Kitchen Sink)</h3><p>Many detections at once for stress-testing</p><span class="id">Multiple + BONUS_SCAM_FULLKIT</span></a>
</div>
<p style="color: #666; font-size: 12px; text-align: center; margin-top: 40px;">
Nehboro Detection Test Suite · 40 test pages · Built for the Nehboro browser extension
</p>
</body>
</html>