Phishing domain detection from Certificate Transparency logs.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for narek_babajanyan from gravatar.com narek_babajanyan

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache 2.0)
  • Author: Narek Babajanyan
  • Requires: Python >=3.13
Classifiers
Report project as malware

Project description

PhishRadar

Detect phishing/scam domains from Certificate Transparency logs. Can be useful for internal security teams for monitoring company-specific domains, as well as for sectorial/national CERTs for monitoring the domains of their constituents.

Logs are retrieved via Certstream. Keywords are set in a YAML configuration file and detected via two methods:

  • for common subwords, results from WordSegment are scanned
  • for rarer words (e.g. brand names), we simply check if the domain contains the keyword - this is because WordSegment may not correctly separate unknown subwords.

For better customization, a minimal threshold of matching keywords can be set.

The idea was born after encountering phishing attacks and malware Command-and-Control communication involving domains impersonating Armenian government bodies (1, 2).

Installation and usage

pip install phishradar
phishradar --config ./config.yaml

Sample configuration

certstream_url: wss://certstream.calidog.io/
keywords:
  - test
  - keyword
  - yourbrand
whitelist:
  - exclude
  - these
threshold: 1
output:
  console: True
  file: output.log

Further work

  • Implement webhook sinks
  • Try out alternative threshold mechanism (e.g. weighted keywords)
  • Experiment with word segmentation via a Small Language Model

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for narek_babajanyan from gravatar.com narek_babajanyan

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache 2.0)
  • Author: Narek Babajanyan
  • Requires: Python >=3.13
Classifiers

Release history Release notifications | RSS feed

0.3

0.2

This version

0.1.post2

0.1.post1

0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

phishradar-0.1.post2.tar.gz (7.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

phishradar-0.1.post2-py3-none-any.whl (8.4 kB view details)

Uploaded Python 3

File details

Details for the file phishradar-0.1.post2.tar.gz.

File metadata

  • Download URL: phishradar-0.1.post2.tar.gz
  • Upload date:
  • Size: 7.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.0

File hashes

Hashes for phishradar-0.1.post2.tar.gz
Algorithm Hash digest
SHA256 cf3d643d30a6f494484b1f192569fa8cdd774ce82f9d553a06a14e62329908b3
MD5 6329c7318eeda4cebbe6c91edf62d6f3
BLAKE2b-256 fa34c326b62a27b1f3335bd05468a1c2785e7ba12ab8ac4328cea33b8171b67b

See more details on using hashes here.

File details

Details for the file phishradar-0.1.post2-py3-none-any.whl.

File metadata

  • Download URL: phishradar-0.1.post2-py3-none-any.whl
  • Upload date:
  • Size: 8.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.0

File hashes

Hashes for phishradar-0.1.post2-py3-none-any.whl
Algorithm Hash digest
SHA256 9aa3aacca4529e934fdaf462f2582b63b5c1d0d6b927c592050527d736fffa60
MD5 d084df25eadd676d1caaaa319b256726
BLAKE2b-256 4c2b9a0a6579b2df8375662b2045cfbeae68b4c39206a91c21a57e38683b6f96

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page