Utility to manage sets of phishing links making it easier to track their removal progress over time.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ndejong from gravatar.com ndejong

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: BSD License (BSD 2-Clause)
  • Author: Nicholas de Jong
  • Tags phish, phishing, url, cyber-crime
Classifiers

Project description

Phishing Tracker

PyPi Python Versions Build Status License

Utility to manage sets of phishing links making it easier to track their removal progress over time.

Project started out of frustration in dealing over-and-over again with phishing threat-actors and wanting an easy tool to handle the tracking of these links over time without needing to roll out a full-fledged CERT stack (eg The Hive)

Captures everything per-run in a single JSON file making it easy to compare and track change over time - and integrate with other tooling if desired.

See examples to get a clear idea on usage and possibilities.

Features

  • Batch mode with .yml configuration file
  • Single shot mode by passing link/hostname/domain in at cli
  • Collects useful reference-information and artifacts per phish link stored in an easy reference json file
  • Create rules to define expected (or desired) analyzers output responses
  • Easy to re-run and hence re-compare the latest status of phish-links over time
  • Debug mode output to STDERR

Analyzers

dig

  • dig-domain - determine domain relative to TLD and collect A, CNAME, NS, MX, TXT records
  • dig-hostname - collect hostname A, AAAA, CNAME, NS, MX, TXT records

http

  • http-get - perform http (clear-text) GET request capturing request/response headers and response content

https

  • https-get - as per http-get using HTTPS

https_certificate

  • https-certificate - obtain the https SSL certificate and parse certificate attributes

smtp

  • smtp-headers - connect to hostname/domain MX records and capture the server header

safe_browsing

whois

  • whois - perform a whois and parse associated attributes

Analyzers - Todo

Install

via PyPi

pip3 install phishing-tracker

via Source

git clone https://github.com/ndejong/phishing-tracker
cd phishing-tracker
python3 -m venv venv
source venv/bin/activate
pip3 install -r requirements.txt
python3 setup.py clean
python3 setup.py test
python3 setup.py install

Project

Analyzer Response Reports

dns_domainname_a_record
dns_domainname_cname_record
dns_domainname_mx_record
dns_domainname_ns_record
dns_domainname_txt_record
dns_domainname_unknown_tld
dns_hostname_aaaa_record
dns_hostname_a_record
dns_hostname_cname_record
dns_hostname_eq_dns_domainname
dns_hostname_mx_record
dns_hostname_ns_record
dns_hostname_txt_record
http_exception
http_hostname_<statuscode>_response
https_certificate_exception
https_certificate_hostname_mismatch
https_exception
https_hostname_<statuscode>_response
safe_browsing_exception
safe_browsing_record
smtp_domainname_active
smtp_exception
smtp_hostname_active
whois_domainname_record
whois_exception

Google Safe Browsing API key

In order to make use of the Google Safe Browsing API lookup, the environment variable GCP_API_KEY needs to be set with an appropriate GCP key that has access to the safe-browsing API - read more here.

Examples

Authors

Nicholas de Jong

License

BSD-2-Clause - see LICENSE file for full details.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ndejong from gravatar.com ndejong

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: BSD License (BSD 2-Clause)
  • Author: Nicholas de Jong
  • Tags phish, phishing, url, cyber-crime
Classifiers

Release history Release notifications | RSS feed

This version

0.0.7

0.0.6

0.0.4

0.0.3

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

phishing-tracker-0.0.7.tar.gz (14.9 kB view details)

Uploaded Source

Built Distribution

phishing_tracker-0.0.7-py3-none-any.whl (19.2 kB view details)

Uploaded Python 3

File details

Details for the file phishing-tracker-0.0.7.tar.gz.

File metadata

  • Download URL: phishing-tracker-0.0.7.tar.gz
  • Upload date:
  • Size: 14.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.4.2 requests/2.22.0 setuptools/49.2.0 requests-toolbelt/0.8.0 tqdm/4.30.0 CPython/3.8.2

File hashes

Hashes for phishing-tracker-0.0.7.tar.gz
Algorithm Hash digest
SHA256 51e88f4a40d8a4d34662bdced79b66d8519e3470afb432cdeeb8d1b41879cf75
MD5 91893f1a4f16e64f09d8e244fd2ae92e
BLAKE2b-256 98c4f8ddd81203030fee581770dbe77839657b436ca85cce1e9d00207f86031d

See more details on using hashes here.

File details

Details for the file phishing_tracker-0.0.7-py3-none-any.whl.

File metadata

  • Download URL: phishing_tracker-0.0.7-py3-none-any.whl
  • Upload date:
  • Size: 19.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.4.2 requests/2.22.0 setuptools/49.2.0 requests-toolbelt/0.8.0 tqdm/4.30.0 CPython/3.8.2

File hashes

Hashes for phishing_tracker-0.0.7-py3-none-any.whl
Algorithm Hash digest
SHA256 bc4d771e0f85ed1a0c3adefee2e3f7b37b009b0fae9e87e826277b16018c48c8
MD5 79fe3051953f11b93257b0d8b0556476
BLAKE2b-256 53e866fd1d405511f871d449b27e691578e502df020fef926a3cc621c39ac182

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page