openSquat - Detection of domain squatting, typosquatting, IDN homograph attacks, and phishing threats
Project description
openSquat Core
📑 Table of Contents
- What is openSquat?
- Open-Core Model
- Key Features
- Quick Start
- Requirements
- Usage
- Configuration
- Automation
- CLI Reference
- Contributing
- Author
- License
🎯 What is openSquat?
openSquat is an Open Source Intelligence (OSINT) security tool that identifies cyber squatting threats targeting your brand or domains:
| Threat Type | Description |
|---|---|
| 🎣 Phishing | Fraudulent domains mimicking your brand |
| 🔤 Typosquatting | Domains with common typos (e.g., gooogle.com) |
| 🌐 IDN Homograph | Look-alike characters from other alphabets |
| 👥 Doppelgänger | Domains containing your brand name |
| 🔀 Bitsquatting | Single-bit errors in domain names |
🔓 Open-Core Model
openSquat follows an open-core model:
- Core detection engine — Open source and community-driven
- Advanced capabilities — Delivered through commercial intelligence services
This model enables transparency and community collaboration while supporting the scale, reliability, and operational requirements of enterprise use.
✨ Key Features
- 📅 Daily NRD feeds — Automatic newly registered domain updates
- 🔍 Similarity detection — Levenshtein distance algorithm
- 🛡️ VirusTotal integration — Check domain reputation
- 🌐 Quad9 DNS validation — Identify malicious domains
- 📜 Certificate Transparency — Monitor SSL/TLS certificates
- 📊 Multiple output formats — TXT, JSON, CSV
🚀 Quick Start
Install via pip (recommended)
pip install opensquat
opensquat -k keywords.txt
Or clone the repository
git clone https://github.com/atenreiro/opensquat
cd opensquat
pip install -r requirements.txt
python opensquat.py -k keywords.txt
📦 Requirements
- Python 3.8+
- Dependencies:
confusable_homoglyphs,homoglyphs,colorama,requests,dnspython,beautifulsoup4
📖 Usage
Basic Commands
# Default run
opensquat
# Show all options
opensquat -h
# Use custom keywords file
opensquat -k my_keywords.txt
Validation Options
# DNS validation via Quad9
opensquat --dns
# Check Certificate Transparency logs
opensquat --ct
# Scan for open ports (80/443)
opensquat --portcheck
# Cross-reference phishing databases
opensquat --phishing results.txt
Output Formats
# Save as JSON
opensquat -o results.json -t json
# Save as CSV
opensquat -o results.csv -t csv
Confidence Levels
| Level | Flag | Description |
|---|---|---|
| 0 | -c 0 |
Very high (fewer results, high accuracy) |
| 1 | -c 1 |
High (default) |
| 2 | -c 2 |
Medium |
| 3 | -c 3 |
Low |
| 4 | -c 4 |
Very low (more results, more false positives) |
⚙️ Configuration
Keywords File (keywords.txt)
# Lines starting with # are comments
mycompany
mybrand
myproduct
VirusTotal API Key (vt_key.txt)
To use --vt or --subdomains, add your API key:
# Get your free API key at https://www.virustotal.com
your_api_key_here
🤖 Automation
Run daily via crontab:
# Every day at 8 AM (feeds update ~7:30 AM UTC)
0 8 * * * /path/to/opensquat/opensquat.py -k keywords.txt -o results.json -t json
📋 CLI Reference
| Argument | Default | Description |
|---|---|---|
-k, --keywords |
keywords.txt |
Keywords file to search |
-o, --output |
results.txt |
Output filename |
-t, --type |
txt |
Output format: txt, json, csv |
-c, --confidence |
1 |
Confidence level (0-4) |
-d, --domains |
— | Use local domain file instead of downloading |
-u, --url |
opensquat feed | URL to download domain feed |
--dns |
— | Enable Quad9 DNS validation |
--doppelganger |
— | Doppelganger-only mode (keyword in domain + reachability check) |
--ct |
— | Search Certificate Transparency logs |
--phishing |
— | Cross-reference phishing database |
--subdomains |
— | Fetch subdomains via VirusTotal |
--portcheck |
— | Check for open ports 80/443 |
--vt |
— | Validate against VirusTotal |
🤝 Contributing
We welcome contributions! See our Contributing Guide for details.
- 🐛 Report bugs via GitHub Issues
- 💡 Request features by opening an issue
- 🔧 Submit PRs for bug fixes or enhancements
👤 Author
Andre Tenreiro — LinkedIn · PGP Key
📜 License
This project is licensed under the GNU GPL v3.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file opensquat-2.2.1.tar.gz.
File metadata
- Download URL: opensquat-2.2.1.tar.gz
- Upload date:
- Size: 32.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3014afc41edeb2b47da9e35227ad30642c237f6960d5c3b78f713f1dc7404f52
|
|
| MD5 |
1b6d9741429cf50fa55904b069f349a1
|
|
| BLAKE2b-256 |
9ac7ab40f3b036b790d8a8dd5c73390b228b9e4338921557234609aa0d425cc2
|
File details
Details for the file opensquat-2.2.1-py3-none-any.whl.
File metadata
- Download URL: opensquat-2.2.1-py3-none-any.whl
- Upload date:
- Size: 35.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
056896557316f0a301be2187139224a99f45c48024ec69fca7b0154c10d94cbe
|
|
| MD5 |
d3522225c495d2bc671f0c0abe9bb2fd
|
|
| BLAKE2b-256 |
c48034960b07f20827f8e16dd79df76e4cb67fda3f07b0d9bbc3534e48f35967
|
