Site Integrity
Signs of compromise: injected pages, phishing kits, malware, SEO spam
Site Integrity rules answer a question SEO tools usually ignore: is this site hacked?
A compromised page is, by construction, an anomaly — off-theme, hidden from your own navigation, impersonating a third-party brand, or carrying an obfuscated payload. squirrelscan already crawls every page’s DOM, scripts, links, and sitemap, so it can spot these patterns for free, with no external calls.
Correlation gating (low false positives)
A single suspicious signal is rarely proof of compromise — a big inline script, one off-theme page, or a brand mention can all be innocent. So high-severity integrity findings require at least two corroborating signals on the same page (for example brand-impersonation and an obfuscated script). A lone signal is reported as info for review, not flagged as a failure. This is what keeps a legitimate “we integrate with Calendly” page from ever tripping the brand-impersonation rule.
These rules run locally and free — no login required.
Rules
Detects pages whose markup diverges hard from the site’s common template
Detects crawled pages absent from every sitemap AND linked from nowhere
Detects pages impersonating a third-party brand’s login or booking surface
Detects large inline scripts with high entropy and obfuscation markers
Detects full-viewport credential overlays and off-brand sign-in controls
Detects injected off-topic, keyword-stuffed affiliate doorway posts
Disable All Site Integrity Rules
[rules]
disable = ["integrity/*"]