Skip to main content

The openSquat is a tool for detecting phishing domains and domain squatting.

Project description

openSquat

alt text

What is openSquat

openSquat is an opensource Intelligence (OSINT) security tool to identify cyber squatting threats to specific companies or domains, such as:

  • Phishing campaigns
  • Domain squatting
  • Typo squatting
  • Bitsquatting
  • IDN homograph attacks
  • Doppenganger domains
  • Other brand/domain related scams

It does support some key features such as:

  • Automatic newly registered domain updating (once a day)
  • Levenshtein distance to calculate word similarity
  • Fetches active and known phishing domains (Phishing Database project)
  • IDN homograph attack detection
  • Integration with VirusTotal
  • Integration with Quad9 DNS service
  • Use different levels of confidence threshold to fine tune
  • Save output into different formats (txt, JSON and CSV)
  • Can be integrated with other threat intelligence tools and DNS sinkholes

As an opensource project, everyone's welcome to contribute.

Screenshot / Video Demo

alt text

Check the 40 seconds Demo Video (v1.95)

Demo / Forks

Note: The forks do not contain all the openSquat features.

How to Install

    git clone https://github.com/atenreiro/opensquat
    pip install -r requirements.txt

Make sure you have Python 3.6+ and pip3 in your environment

How to Update

:warning: when updating: especially for a major release, re-run the pip install to check for new dependencies.

To update your current version, just type the following commands inside the openSquat directory:

    git pull
    pip install -r requirements.txt

The "pip install" is just to make sure no new libs were added with the new upgrade.

Usage Examples

Edit the "keywords.txt" with your customised keywords to hunt.

    # Lazy run with default options
    python opensquat.py

    # for all the options
    python opensquat.py -h
    
    # Search for generic terms used in phishing campaigns (can lead to false-positives)
    python opensquat.py -k generic.txt

    # With DNS validation (quad9)
    python opensquat.py --dns
    
    # Subdomain search
    python opensquat.py --subdomains
    
    # Check for domains with open ports 80/443
    python opensquat.py --portcheck

    # With Phishing validation (Phishing Database)
    python opensquat.py --phishing phish_results.txt

    # Save output as JSON
    python opensquat.py -o example.json -t json

    # Save output as CSV
    python opensquat.py -o example.csv -t csv

    # Conduct a certificate transparency (ct) hunt
    python opensquat.py --ct

    # Period search - registrations from the last month (default: day)
    python opensquat.py -p month

    # Tweak confidence level. The lower values bring more false positives
    # (0: very high, 1: high (default), 2: medium, 3: low, 4: very low
    python opensquat.py -c 2

    # All validations options
    python opensquat.py --phishing phishing_domains.txt --dns --ct --subdomains --portcheck 

Automations & Integrations

You can set up openSquat to run automatically using a task scheduler (such as crontab for Linux) to generate a new list of results daily.

We update our feeds with a fresh new list of domains every day around 7.30 am (UTC+0 / GMT+0)

# Crontab example - run openSquat every day at 8 am
# In this example, the results are saved to a JSON file format
0 8 * * * /home/john/opensquat/opensquat.py -k keywords.txt -o results.json -t json

You can use this output file to feed your SIEM, SOAR, or other tools that support importing from TXT/JSON/CSV formats.

Alternatively, currently in a Beta preview you can integrate using REST APIs, your application with RapidAPI

Do you have an integration idea or would like to share an integration you developed with our community? Open a GitHub issue or send me an email.

To Do / Roadmap

  • Integration with VirusTotal (VT) for subdomains validation
  • Integratration with VirusTotal (VT) for malware detection
  • Use certificate transparency
  • Homograph detection done
  • Improve code quality from B to A grade (codacy)
  • PEP8 compliance
  • AND logical condition for keywords search (e.g: google+login) - Thanks to Steff T.
  • Enhanced documentation

Feature Request

To request a new feature, create a "new issue" and describe the feature and potential use cases. You can upvote the "issue" and contribute to the discussions if something similar already exists.

Changelog

Authors

Project founder

Contributors

  • Please check the contributors page on GitHub

How to help

You can help this project in many ways:

  • Providing your time and coding skills to enhance the project
  • Build a decent but simple project webpage
  • Provide access to OSINT feeds
  • Open new issues with new suggestions, ideas, bug report or feature requests
  • Spread this project within your network
  • Share your story how have you been using the openSquat and what impact it brought to you

Project details


Release history Release notifications | RSS feed

This version

2.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

opensquat-2.2.tar.gz (29.5 kB view details)

Uploaded Source

Built Distribution

opensquat-2.2-py3-none-any.whl (32.5 kB view details)

Uploaded Python 3

File details

Details for the file opensquat-2.2.tar.gz.

File metadata

  • Download URL: opensquat-2.2.tar.gz
  • Upload date:
  • Size: 29.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.10.8

File hashes

Hashes for opensquat-2.2.tar.gz
Algorithm Hash digest
SHA256 71d6578daaebdcaf94dda63eb06c00348e7fd0f907811c70ffe1499a7a1dc1c2
MD5 75351f6cb34d52db76470a6f42df4864
BLAKE2b-256 5a9d9137166e9c0587d6de4d488bd8d2c34408118f2434bedc8a6bd6f4414e84

See more details on using hashes here.

File details

Details for the file opensquat-2.2-py3-none-any.whl.

File metadata

  • Download URL: opensquat-2.2-py3-none-any.whl
  • Upload date:
  • Size: 32.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.10.8

File hashes

Hashes for opensquat-2.2-py3-none-any.whl
Algorithm Hash digest
SHA256 12110a101b1c886c7086529212d04681c409943f973cf4155b259e16ccf7cfb9
MD5 ce64fc73d41125164f82180e99afc565
BLAKE2b-256 9923bf6a2830f07eb8b36e8ffa8fa17687a4cc31ceb985fa06b5ad782bebd006

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page