Scanner rule for malicious WebSocket handlers

## Bounty: Scanner rule for malicious WebSocket handlers

**Reward:** 200 $ISNAD
**Track:** Detection
**Difficulty:** Medium

### Description
Create a scanner rule to detect malicious WebSocket handler patterns in packages. Some supply chain attacks use WebSocket connections for bidirectional C2 communication, which is harder to detect than simple HTTP exfiltration.

### Requirements
- [ ] Detect WebSocket connections to suspicious endpoints
- [ ] Detect data exfiltration over WebSocket channels
- [ ] Detect reverse shell patterns via WebSocket
- [ ] At least 5 test cases
- [ ] Tests passing

### How to Submit
Open a PR referencing this issue. See [Bounty Program](https://isnad.md/bounties) for full rules.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Scanner rule for malicious WebSocket handlers #3

Bounty: Scanner rule for malicious WebSocket handlers

Description

Requirements

How to Submit

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Scanner rule for malicious WebSocket handlers #3

Description

Bounty: Scanner rule for malicious WebSocket handlers

Description

Requirements

How to Submit

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions