Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → x0rz → Phishing_catcher

x0rz / Phishing_catcher

Licence: gpl-3.0

Phishing catcher using Certstream

Programming Languages

python

139335 projects - #7 most used programming language

Labels

osint phishing threat-intelligence threatintel certificate-transparency

Projects that are alternatives of or similar to Phishing catcher

Stalkphish

StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

Stars: ✭ 256 (-79.22%)

Mutual labels: osint, phishing, threat-intelligence, threatintel

Intelowl

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

Stars: ✭ 2,114 (+71.59%)

Mutual labels: osint, threat-intelligence, threatintel

Chatter

internet monitoring osint telegram bot for windows

Stars: ✭ 123 (-90.02%)

Mutual labels: osint, threat-intelligence, threatintel

Threatingestor

Extract and aggregate threat intelligence.

Stars: ✭ 439 (-64.37%)

Mutual labels: osint, threat-intelligence, threatintel

Python Iocextract

Defanged Indicator of Compromise (IOC) Extractor.

Stars: ✭ 300 (-75.65%)

Mutual labels: osint, threat-intelligence, threatintel

Analyst Arsenal

A toolkit for Security Researchers

Stars: ✭ 112 (-90.91%)

Mutual labels: osint, threat-intelligence, certificate-transparency

Opensquat

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

Stars: ✭ 149 (-87.91%)

Mutual labels: osint, phishing, threat-intelligence

Dnsmorph

Domain name permutation engine written in Go

Stars: ✭ 148 (-87.99%)

Mutual labels: phishing, threat-intelligence, threatintel

Osweep

Don't Just Search OSINT. Sweep It.

Stars: ✭ 225 (-81.74%)

Mutual labels: osint, threat-intelligence, certificate-transparency

MurMurHash

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Stars: ✭ 79 (-93.59%)

Mutual labels: phishing, threatintel, threat-intelligence

Harpoon

CLI tool for open source and threat intelligence

Stars: ✭ 679 (-44.89%)

Mutual labels: osint, threat-intelligence, threatintel

Dnstwist

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Stars: ✭ 3,124 (+153.57%)

Mutual labels: osint, phishing, threat-intelligence

OSINT-Brazuca

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

Stars: ✭ 508 (-58.77%)

Mutual labels: osint, threatintel, threat-intelligence

Misp Training

MISP trainings, threat intel and information sharing training materials with source code

Stars: ✭ 185 (-84.98%)

Mutual labels: osint, threat-intelligence, threatintel

censys-recon-ng

recon-ng modules for Censys

Stars: ✭ 29 (-97.65%)

Mutual labels: osint, threatintel, threat-intelligence

Spiderfoot

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Stars: ✭ 6,882 (+458.6%)

Mutual labels: osint, threatintel, threat-intelligence

Streamingphish

Python-based utility that uses supervised machine learning to detect phishing domains from the Certificate Transparency log network.

Stars: ✭ 271 (-78%)

Mutual labels: phishing, certificate-transparency

Urlextractor

Information gathering & website reconnaissance | https://phishstats.info/

Stars: ✭ 341 (-72.32%)

Mutual labels: osint, phishing

Threatpinchlookup

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

Stars: ✭ 257 (-79.14%)

Mutual labels: osint, threatintel

Misp

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Stars: ✭ 3,485 (+182.87%)

Mutual labels: threat-intelligence, threatintel

View All Similar Projects ➔

Phishing Catcher

Catch possible phishing domains in near real time by looking for suspicious TLS certificate issuances reported to the Certificate Transparency Log (CTL) via the CertStream API. "Suspicious" issuances are those whose domain name scores beyond a certain threshold based on a configuration file.

This is just a working PoC. Feel free to contribute and tweak the code to fit your needs. 👍

Installation

The script should work fine using Python2 or Python3. In either case, install the requirements after cloning or downloading the source code:

pip install -r requirements.txt

Configuration

Phishing Catcher uses a simple YAML configuration file to assign a numeric score for strings that can be found in a TLS certificate's common name or SAN field (i.e., a cert's domain name). The configuration file, suspicious.yaml, ships with sensible defaults, but you can adjust or add to both the strings it contains and the score assigned to each string by editing an override file, external.yaml.

Both the default suspicious.yaml and the user-modifiable external.yaml configuration files contain two YAML dictionaries: keywords and tlds. The keys of the dictionaries are the strings and the values are the scores to assign if that string is found in the domain name for an issued certificate. For example:

keywords:
    'login': 25

Here, a score of 25 is added to the generic keyword login when it is found in a TLS certificate domain name. Increasing this value will raise the level of suspicion against domains with the string login in them, thus allowing you to subject these certificate issuances to increased scrutiny.

However, in order to be reported as suspicious by Phishing Catcher, the score assigned to a given certificate must meet or exceed (>=, "greater than or equal to") the following thresholds:

Score	Reported as
65	`Potential`
80	`Likely`
90	`Suspicious`

💡 See the score_domain() function in the source code for details regarding the scoring algorithm.

Usage

Once configured to your liking, usage is as simple as running the script:

$ ./catch_phishing.py

Example phishing caught

Phishing catcher in Docker container

If you running MacOs or having a different OS version that would make the installation of phishing_catcher difficult, then having the tool dockerized is one of your options.

docker build . -t phishing_catcher

License

GNU GPLv3

If this tool has been useful for you, feel free to thank me by buying me a coffee.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 1,232

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (20) 🔗