Utility to manage sets of phishing links making it easier to track their removal progress over time.
Project description
Phishing Tracker
Utility to manage sets of phishing links making it easier to track their removal progress over time.
Project started out of frustration in dealing over-and-over again with phishing threat-actors and wanting an easy tool to handle the tracking of these links over time without needing to roll out a full-fledged CERT stack (eg The Hive)
Captures everything per-run in a single JSON file making it easy to compare and track change over time - and integrate with other tooling if desired.
See examples to get a clear idea on usage and possibilities.
Features
- Batch mode with
.ymlconfiguration file - Single shot mode by passing link/hostname/domain in at cli
- Collects useful reference-information and artifacts per phish link stored in an easy reference json file
- Create rules to define expected (or desired) analyzers output responses
- Easy to re-run and hence re-compare the latest status of phish-links over time
- Debug mode output to STDERR
Analyzers
dig
- dig-domain - determine domain relative to TLD and collect A, CNAME, NS, MX, TXT records
- dig-hostname - collect hostname A, AAAA, CNAME, NS, MX, TXT records
http
- http-get - perform http (clear-text) GET request capturing request/response headers and response content
https
- https-get - as per http-get using HTTPS
https_certificate
- https-certificate - obtain the https SSL certificate and parse certificate attributes
smtp
- smtp-headers - connect to hostname/domain MX records and capture the server header
safe_browsing
- safe-browsing - query the Google safe-browsing API - https://developers.google.com/safe-browsing/v4
whois
- whois - perform a whois and parse associated attributes
Analyzers - Todo
- Virustotal lookup - https://developers.virustotal.com/reference#url-scan
Install
via PyPi
pip3 install phishing-tracker
via Source
git clone https://github.com/ndejong/phishing-tracker cd phishing-tracker python3 -m venv venv source venv/bin/activate pip3 install -r requirements.txt python3 setup.py clean python3 setup.py test python3 setup.py install
Project
Analyzer Response Reports
dns_domainname_a_record dns_domainname_cname_record dns_domainname_mx_record dns_domainname_ns_record dns_domainname_txt_record dns_domainname_unknown_tld dns_hostname_aaaa_record dns_hostname_a_record dns_hostname_cname_record dns_hostname_eq_dns_domainname dns_hostname_mx_record dns_hostname_ns_record dns_hostname_txt_record http_exception http_hostname_<statuscode>_response https_certificate_exception https_certificate_hostname_mismatch https_exception https_hostname_<statuscode>_response safe_browsing_exception safe_browsing_record smtp_domainname_active smtp_exception smtp_hostname_active whois_domainname_record whois_exception
Google Safe Browsing API key
In order to make use of the Google Safe Browsing API lookup, the environment variable GCP_API_KEY needs to be
set with an appropriate GCP key that has access to the safe-browsing API - read more here.
Examples
Authors
License
BSD-2-Clause - see LICENSE file for full details.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for phishing_tracker-0.0.7-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | bc4d771e0f85ed1a0c3adefee2e3f7b37b009b0fae9e87e826277b16018c48c8 |
|
| MD5 | 79fe3051953f11b93257b0d8b0556476 |
|
| BLAKE2-256 | 53e866fd1d405511f871d449b27e691578e502df020fef926a3cc621c39ac182 |