Phishing domain detection from Certificate Transparency logs.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for narek_babajanyan from gravatar.com narek_babajanyan

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache 2.0)
  • Author: Narek Babajanyan
  • Requires: Python >=3.13
Classifiers
Report project as malware

Project description

🎣 PhishRadar

Detect phishing/scam domains from Certificate Transparency logs. Can be useful for internal security teams for monitoring company-specific domains, as well as for sectorial/national CERTs for monitoring the domains of their constituents.

Logs are retrieved via Certstream. Keywords are set in a YAML configuration file and detected via two methods:

  • for common subwords, results from WordSegment are scanned
  • for rarer words (e.g. brand names), we simply check if the domain contains the keyword - this is because WordSegment may not correctly separate unknown subwords.

For better customization, a minimal threshold of matching keywords can be set.

The idea was born after encountering phishing attacks and malware Command-and-Control communication involving domains impersonating Armenian government bodies (1, 2).

Installation and usage

pip install phishradar
phishradar --config ./config.yaml

Sample configuration

certstream_url: wss://certstream.calidog.io/
keywords:
  - test
  - keyword
  - yourbrand
whitelist:
  - exclude
  - these
threshold: 1
output:
  console: True
  file: output.log

Further work

  • Implement webhook sinks
  • Try out alternative threshold mechanism (e.g. weighted keywords)
  • Experiment with word segmentation via a Small Language Model

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for narek_babajanyan from gravatar.com narek_babajanyan

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache 2.0)
  • Author: Narek Babajanyan
  • Requires: Python >=3.13
Classifiers

Release history Release notifications | RSS feed

0.3

0.2

0.1.post2

This version

0.1.post1

0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

phishradar-0.1.post1.tar.gz (7.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

phishradar-0.1.post1-py3-none-any.whl (8.4 kB view details)

Uploaded Python 3

File details

Details for the file phishradar-0.1.post1.tar.gz.

File metadata

  • Download URL: phishradar-0.1.post1.tar.gz
  • Upload date:
  • Size: 7.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.0

File hashes

Hashes for phishradar-0.1.post1.tar.gz
Algorithm Hash digest
SHA256 2f1d6f2ffdbefa748632d727edc7eb7766e4f64a334cec3ab0286e6041b7e1eb
MD5 14f516819f67f7f481f949468d8dc4b2
BLAKE2b-256 055221d5ec1517ed57a2ef9f3588020f11a4a9e660d55a8ba4f1afbcaaf99077

See more details on using hashes here.

File details

Details for the file phishradar-0.1.post1-py3-none-any.whl.

File metadata

  • Download URL: phishradar-0.1.post1-py3-none-any.whl
  • Upload date:
  • Size: 8.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.0

File hashes

Hashes for phishradar-0.1.post1-py3-none-any.whl
Algorithm Hash digest
SHA256 ee445686d1ac81843fef4db435bb78661d0a68b65b4268eb9fb651976242bcdc
MD5 c35438dd5bc2ab3ddb554e7079f01d3c
BLAKE2b-256 aab71614b40f3fbbfff2bde27eeb1b52471aec09feba8b1aba446d3daafebf7d

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page