Scanner rule for malicious WebSocket handlers

[0xRapi]

Bounty: Scanner rule for malicious WebSocket handlers

Reward: 200 $ISNAD
Track: Detection
Difficulty: Medium

Description

Create a scanner rule to detect malicious WebSocket handler patterns in packages. Some supply chain attacks use WebSocket connections for bidirectional C2 communication, which is harder to detect than simple HTTP exfiltration.

Requirements

• Detect WebSocket connections to suspicious endpoints
• Detect data exfiltration over WebSocket channels
• Detect reverse shell patterns via WebSocket
• At least 5 test cases
• Tests passing

How to Submit

Open a PR referencing this issue. See Bounty Program for full rules.

[aliraza556]

@0xRapi Could you please let me know how much 750 $ISNAD is equal to in USDT or USD (any stable dollar equivalent)? This is my first time seeing $ISNAD, so I’d appreciate the clarification. Thank you!

[0xRapi]

Thanks for your interest! $ISNAD is the native token of the ISNAD Protocol — bounties are paid in $ISNAD, not USD. Token value depends on market dynamics once trading is active. Contributing to bounties now is a way to earn tokens early in the project.

If you're interested in working on this issue, share your proposed approach and we can discuss scope.