ninoseki / Miteru
Licence: mit
An experimental phishing kit detection tool
Stars: ✭ 125
Programming Languages
ruby
36898 projects - #4 most used programming language
Labels
Projects that are alternatives of or similar to Miteru
Fiercephish
FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.
Stars: ✭ 960 (+668%)
Mutual labels: phishing
Zphisher
An automated phishing tool with 30+ templates.
Stars: ✭ 1,321 (+956.8%)
Mutual labels: phishing
Analyzer
🔍 Offline Analyzer for extracting features, artifacts and IoCs from Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more
Stars: ✭ 108 (-13.6%)
Mutual labels: phishing
Shellphish
Phishing Tool for 18 social media: Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest
Stars: ✭ 1,037 (+729.6%)
Mutual labels: phishing
Domainfuzz
Domain name permutation engine for detecting typo squatting, phishing and corporate espionage
Stars: ✭ 74 (-40.8%)
Mutual labels: phishing
Stinkyphish
Monitor Certificate Transparency Logs For Phishing Domains
Stars: ✭ 25 (-80%)
Mutual labels: phishing
Etherscamdb
Keep track of all current ethereum scams in a large database
Stars: ✭ 121 (-3.2%)
Mutual labels: phishing
Wifiphisher
Wifiphisher is a rogue Access Point framework for conducting red team engagements or Wi-Fi security testing. Using Wifiphisher, penetration testers can easily achieve a man-in-the-middle position against wireless clients by performing targeted Wi-Fi association attacks. Wifiphisher can be further used to mount victim-customized web phishing attacks against the connected clients in order to capture credentials (e.g. from third party login pages or WPA/WPA2 Pre-Shared Keys) or infect the victim stations with malwares.
Stars: ✭ 10,333 (+8166.4%)
Mutual labels: phishing
Phisher
Tool designed for performing various social engineering attacks, for phishing.
Stars: ✭ 66 (-47.2%)
Mutual labels: phishing
Sooty
The SOC Analysts all-in-one CLI tool to automate and speed up workflow.
Stars: ✭ 867 (+593.6%)
Mutual labels: phishing
Url Classification
Machine learning to classify Malicious (Spam)/Benign URL's
Stars: ✭ 95 (-24%)
Mutual labels: phishing
Phishingkittracker
Let's track phishing kits to give to research community raw material to study !
Stars: ✭ 126 (+0.8%)
Mutual labels: phishing
King Phisher Templates
Templates for the King Phisher open source phishing campaign toolkit.
Stars: ✭ 119 (-4.8%)
Mutual labels: phishing
Grayfish
light weight phishing framework with 18+ pages.
Stars: ✭ 101 (-19.2%)
Mutual labels: phishing
Miteru
Miteru is an experimental phishing kit detection tool.
How it works
- It collects phishy URLs from the following feeds:
- CertStream-Suspicious feed via urlscan.io
- OpenPhish feed via urlscan.io
- PhishTank feed via urlscan.io
- URLhaus feed via urlscan.io
- urlscan.io phish feed (available for Pro users)
- Ayashige feed
- Phishing Database feed
- PhishStats feed
- It checks each phishy URL whether it enables directory listing and contains a phishing kit (compressed file) or not.
- Note: compressed file =
*.zip,*.rar,*.7z,*.tarand*.gz.
- Note: compressed file =
Features
- [x] Phishing kit detection & collection.
- [x] Slack notification.
- [x] Threading.
Installation
gem install miteru
Usage
$ miteru
Commands:
miteru execute # Execute the crawler
miteru help [COMMAND] # Describe available commands or one specific command
$ miteru help execute
Usage:
miteru execute
Options:
[--auto-download], [--no-auto-download] # Enable or disable auto-download of phishing kits
[--ayashige], [--no-ayashige] # Enable or disable ayashige(ninoseki/ayashige) feed
[--directory-traveling], [--no-directory-traveling] # Enable or disable directory traveling
[--download-to=DOWNLOAD_TO] # Directory to download file(s)
# Default: /tmp
[--post-to-slack], [--no-post-to-slack] # Post a message to Slack if it detects a phishing kit
[--size=N] # Number of urlscan.io's results. (Max: 10,000)
# Default: 100
[--threads=N] # Number of threads to use
[--verbose], [--no-verbose]
# Default: true
Execute the crawler
$ miteru execute
...
https://dummy1.com: it doesn't contain a phishing kit.
https://dummy2.com: it doesn't contain a phishing kit.
https://dummy3.com: it doesn't contain a phishing kit.
https://dummy4.com: it might contain a phishing kit (dummy.zip).
Using Docker (alternative if you don't install Ruby)
$ docker pull ninoseki/miteru
# ex. auto-download detected phishing kit(s) into host machines's /tmp directory
$ docker run --rm -v /tmp:/tmp ninoseki/miteru execute --auto-download
Configuration
For using --post-to-slack feature, you should set the following environment variables:
-
SLACK_WEBHOOK_URL: Your Slack Webhook URL. -
SLACK_CHANNEL: Slack channel to post a message (default: "#general").
If you are a urlscan.io Pro user, set your API key as an environment variable URLSCAN_API_KEY.
It enables you to subscribe the urlscan.io phish feed.
Examples
Aasciinema cast
Slack notification
Alternatives
- t4d/StalkPhish: The Phishing kits stalker, harvesting phishing kits for investigations.
- duo-labs/phish-collect: Python script to hunt phishing kits.
- leunammejii/analyst_arsenal: A tool belt for analysts to continue fighting the good fight.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].