Phishing domain detection from Certificate Transparency logs.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for narek_babajanyan from gravatar.com narek_babajanyan

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache 2.0)
  • Author: Narek Babajanyan
  • Requires: Python >=3.13
Classifiers
Report project as malware

Project description

PhishRadar

Detect phishing/scam domains from Certificate Transparency logs. Can be useful for internal security teams for monitoring company-specific domains, as well as for sectorial/national CERTs for monitoring the domains of their constituents.

Logs are retrieved via Certstream. Keywords are set in a YAML configuration file and detected via two methods:

  • for common subwords, results from WordSegment are scanned
  • for rarer words (e.g. brand names), we simply check if the domain contains the keyword - this is because WordSegment may not correctly separate unknown subwords.

For better customization, a minimal threshold of matching keywords can be set.

The idea was born after encountering phishing attacks and malware Command-and-Control communication involving domains impersonating Armenian government bodies (1, 2).

Installation and usage

The package is not yet distributed on PyPI, so installation can be done via:

pip install -r requirements.txt

The utility can be executed (from outside the phishradar directory) via:

python -m phishradar --config ./config.yaml

Sample configuration

certstream_url: wss://certstream.calidog.io/
keywords:
  - bank
  - gov
  - police
  - ministry
whitelist:
  - exclude
  - these
threshold: 1
output:
  console: True
  file: output.log

Further work

  • Implement file and webhook sinks
  • Try out alternative threshold mechanism (e.g. weighted keywords)
  • Experiment with word segmentation via a Small Language Model

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for narek_babajanyan from gravatar.com narek_babajanyan

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache 2.0)
  • Author: Narek Babajanyan
  • Requires: Python >=3.13
Classifiers

Release history Release notifications | RSS feed

0.3

0.2

0.1.post2

0.1.post1

This version

0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

phishradar-0.1.tar.gz (7.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

phishradar-0.1-py3-none-any.whl (8.4 kB view details)

Uploaded Python 3

File details

Details for the file phishradar-0.1.tar.gz.

File metadata

  • Download URL: phishradar-0.1.tar.gz
  • Upload date:
  • Size: 7.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.0

File hashes

Hashes for phishradar-0.1.tar.gz
Algorithm Hash digest
SHA256 c61549d6072f22d929fa3ce83b112d26adf63932edac5b20938eec2776c5974b
MD5 79f1eb4b4745f96222de59345966c2e3
BLAKE2b-256 ce2c2af6b574f857de355da34b050c14c15f5a6094e9c4261d585b1b4e3e488e

See more details on using hashes here.

File details

Details for the file phishradar-0.1-py3-none-any.whl.

File metadata

  • Download URL: phishradar-0.1-py3-none-any.whl
  • Upload date:
  • Size: 8.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.0

File hashes

Hashes for phishradar-0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 8df244518c78fb7364760330a4518f8c3b9ad095e0379c993d7b7836cbb3daa7
MD5 16c7b9c35e8f0a385626cac8164790c9
BLAKE2b-256 6ef04a3a9fb14180fc85cc773539bc934d55429e0062eae3757abece8584c7c3

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page