atenreiro / Opensquat
Licence: gpl-3.0
Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.
Stars: ✭ 149
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Opensquat
Stalkphish
StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
Stars: ✭ 256 (+71.81%)
Mutual labels: osint, phishing, threat-hunting, threat-intelligence
Dnstwist
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Stars: ✭ 3,124 (+1996.64%)
Mutual labels: osint, phishing, threat-hunting, threat-intelligence
Threatingestor
Extract and aggregate threat intelligence.
Stars: ✭ 439 (+194.63%)
Mutual labels: osint, security-tools, threat-hunting, threat-intelligence
Intelowl
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+1318.79%)
Mutual labels: osint, security-tools, threat-hunting, threat-intelligence
Osweep
Don't Just Search OSINT. Sweep It.
Stars: ✭ 225 (+51.01%)
Mutual labels: osint, threat-hunting, threat-intelligence
Ioc Explorer
Explore Indicators of Compromise Automatically
Stars: ✭ 73 (-51.01%)
Mutual labels: security-tools, threat-hunting, threat-intelligence
Phishing catcher
Phishing catcher using Certstream
Stars: ✭ 1,232 (+726.85%)
Mutual labels: osint, phishing, threat-intelligence
Patrowldocs
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (-29.53%)
Mutual labels: security-tools, threat-hunting, threat-intelligence
Scrummage
The Ultimate OSINT and Threat Hunting Framework
Stars: ✭ 355 (+138.26%)
Mutual labels: osint, threat-hunting, threat-intelligence
censys-recon-ng
recon-ng modules for Censys
Stars: ✭ 29 (-80.54%)
Mutual labels: osint, threat-hunting, threat-intelligence
OSINT-Brazuca
Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
Stars: ✭ 508 (+240.94%)
Mutual labels: osint, threat-hunting, threat-intelligence
Patrowlmanager
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (+143.62%)
Mutual labels: security-tools, threat-hunting, threat-intelligence
Patrowlengines
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (+8.72%)
Mutual labels: security-tools, threat-hunting, threat-intelligence
Phishingkithunter
Find phishing kits which use your brand/organization's files and image.
Stars: ✭ 177 (+18.79%)
Mutual labels: phishing, threat-hunting, threat-intelligence
Mihari
A helper to run OSINT queries & manage results continuously
Stars: ✭ 239 (+60.4%)
Mutual labels: osint, threat-hunting, threat-intelligence
Spiderfoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+4518.79%)
Mutual labels: osint, security-tools, threat-intelligence
Analyst Arsenal
A toolkit for Security Researchers
Stars: ✭ 112 (-24.83%)
Mutual labels: osint, threat-hunting, threat-intelligence
Signature Base
Signature base for my scanner tools
Stars: ✭ 1,212 (+713.42%)
Mutual labels: threat-hunting, threat-intelligence
Sysmon Modular
A repository of sysmon configuration modules
Stars: ✭ 1,229 (+724.83%)
Mutual labels: security-tools, threat-hunting
Malware Feed
Bringing you the best of the worst files on the Internet.
Stars: ✭ 69 (-53.69%)
Mutual labels: threat-hunting, threat-intelligence
openSquat
What is openSquat
openSquat is an opensource Intelligence (OSINT) security tool to identify cyber squatting threats to specific companies or domains, such as:
- Phishing campaigns
- Domain squatting
- Typo squatting
- Bitsquatting
- IDN homograph attacks
- Doppenganger domains
- Other brand/domain related scams
It does support some key features such as:
- Automatic newly registered domain updating (once a day)
- Levenshtein distance to calculate word similarity
- Fetches active and known phishing domains (Phishing Database project)
- IDN homograph attack detection
- Integration with VirusTotal
- Integration with Quad9 DNS service
- Use different levels of confidence threshold to fine tune
- Save output into different formats (txt, JSON and CSV)
- Can be integrated with other threat intelligence tools and DNS sinkholes
This is an opensource project so everyone's welcomed to contribute.
Screenshot / Video Demo
Check the 40 seconds Demo Video (v1.95)
Web Demo
Please check Phishy Domains for a simple version of the openSquat.
How to Install
git clone https://github.com/atenreiro/opensquat
pip install -r requirements.txt
Make sure you have Python 3.6+ and pip3 in your environment
How to Update
To update your current version, just type the following commands inside the openSquat directory:
git pull
pip install -r requirements.txt
The "pip install" is just to make sure no new libs were added with the new upgrade.
Usage Examples
Edit the "keywords.txt" with your customised keywords to hunt.
# Lazy run with default options
python opensquat.py
# for all the options
python opensquat.py -h
# Search for generic terms used in phishing campaigns (can lead to false positives)
python opensquat.py -k generic.txt
# With DNS validation (quad9)
python opensquat.py --dns
# Subdomain search
python opensquat.py --subdomains
# Check for domains with open ports 80/443
python opensquat.py --portcheck
# With Phishing validation (Phishing Database)
python opensquat.py --phishing phish_results.txt
# Save output as JSON
python opensquat.py -o example.json -t json
# Save output as CSV
python opensquat.py -o example.csv -t csv
# Conduct a certificate transparency (ct) hunt
python opensquat.py --ct
# Period search - registrations from the last month (default: day)
python opensquat.py -p month
# Tweak confidence level. The lower values bring more false positives
# (0: very high, 1: high (default), 2: medium, 3: low, 4: very low
python opensquat.py -c 2
# All validations options
python opensquat.py --phishing phishing_domains.txt --dns --ct --subdomains --portcheck
To Do / Roadmap
Integration with VirusTotal (VT) for subdomains validation- Integratration with VirusTotal (VT) for malware detection
Use certificate transparency-
Homograph detectiondone Improve code quality from B to A grade (codacy)PEP8 compliance- Add documentation
Feature Request
To request for a new feature, create a "new issue" and describe the feature and potential use cases. If something similar already exists, you can upvote the "issue" and contribute to the discussions.
Changelog
- Check the CHANGELOG file.
Authors
Project founder
- Andre Tenreiro (LinkedInk)
- [email protected]
Contributors
- Please check the contributors page on GitHub
How to help
You can help this project in many ways:
- Providing your time and coding skills to enhance the project
- Build a decent but simple project webpage
- Provide access to OSINT feeds
- Open new issues with new suggestions, ideas, bug report or feature requests
- Spread this project within your network
- Share your story how have you been using the openSquat and what impact it brought to you
- Make a project logo
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].