The phishing Kit Intelligence Tracker (KIT) APIs are a set of static analysis tools for investigating and comparing phishing kit content within single or multiple kits.
Project description
KIT Intel Wrapper
The phishing Kit Intelligence Tracker (KIT) APIs are a set of static analysis tools for investigating and comparing phishing kit content within single or multiple kits. It can search file hashes, search file content, retrieve content, and submit kits to KIT for cross-analysis.
A phishing kit is a package of software tools, often in the form of a compressed file, that makes it easier to launch phishing attacks and exploits. Phishing kits allow attackers to deploy and redeploy phishing infrastructure before and during an attack rapidly. There are various types of phishing kits, from those targeting consumers, employees, financial institutions, marketplaces, and many more. Kits can deploy malware, collect credentials, detect bots, block IP ranges, generate QR codes, and update dynamically. Use KIT to ingestigate and compare phishing kits, discover evidence about attackers and kit publishers, identify evasion techniques, and find new exploits.
Contents
Features
Search KIT Intel
Download content
Define time parameters
Define result count
Automatically extract fields
Set API as environment variable
This script uses Environment Variables to get your API key.
Windows (cmd)
$ setx KITAPI "APIKEY"
Unix
$ export KITAPI="APIKEY"
Flags
Search
- -s / --search :: The search term
- -f / --filter :: Filter return keys. Split multiple keys with a comma
- -n / --number :: Number of items to return (Default=100)
- -d / --date :: Date range to search - 24h, 30d, 90d etc. (Default=24h)
Content
- -u / --uuid :: UUID(s) to retrieve content for - Can submit multiple either comma or space separated
- -d / --download :: Download content to file
- -j / --json :: Print return JSON
Submit
- -f / --file :: Submit a phishing kit for analysis. Submit a single file, multiple files, or a directory
Technical Usage
usage: KIT.py [-h] {search,content,submit} ...
Wrapper for KIT Intel's API
positional arguments:
{search,content,submit}
commands
search Search KIT Intel
content Download file content
submit Submit a phishing kit for analysis. Submit a single file, multiple files, or a directory
optional arguments:
-h, --help show this help message and exit
usage: mainV2.3.py search [-h] -s SEARCH [-f FILTER] [-n NUMBER] [-d DATE]
optional arguments:
-h, --help show this help message and exit
-s SEARCH, --search SEARCH
Search term
-f FILTER, --filter FILTER
Filter return keys. Split multiple keys with a comma
-n NUMBER, --number NUMBER
Number of items to return - Default 100
-d DATE, --date DATE Date range to search - 24h, 30d, 90d etc.
usage: mainV2.3.py content [-h] -u UUID [UUID ...] [-d] [-j]
optional arguments:
-h, --help show this help message and exit
-u UUID [UUID ...], --uuid UUID [UUID ...]
UUID(s) to retrieve scans for
-d, --download Download content to file
-j, --json Print JSON data
usage: KIT.py submit [-h] -f FILE [FILE ...]
optional arguments:
-h, --help show this help message and exit
-f FILE [FILE ...], --file FILE [FILE ...]
Zip file(s) to submit
Sample Usage
$ python3 KIT.py search -s 'content:google, filetype: php' -d 3d -f 'kit.UUID, filename' -n 3
$ python3 KIT.py content -u 2e517c8f-9375-4f55-a503-ca5bbd4d4a5b
$ python3 KIT.py submit -f ./16shop_V8.1_CRACKED.zip
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for kitintel-2.6.11-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ec801e56e61e8cdd4d1a29921780dd7032a8813e644c83a95c91418d2965a99c |
|
| MD5 | 77e661361e0776b1f701b02edffe9fd0 |
|
| BLAKE2b-256 | 51e80fb0939b8d807d5a75a6f294f1ca2d8faaa45d5a3d9fd09751913c12fdb0 |
