Metadata-Version: 2.1
Name: opensquat
Version: 2.2
Summary: The openSquat is a tool for detecting phishing domains and domain squatting.
Home-page: http://github.com/atenreiro/opensquat
Author: Andre Tenreiro
Author-email: andre@opensquat.com
License: GPLv3
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: strsimpy
Requires-Dist: confusable-homoglyphs
Requires-Dist: homoglyphs
Requires-Dist: colorama
Requires-Dist: requests
Requires-Dist: numpy
Requires-Dist: pytest
Requires-Dist: pytest-cov
Requires-Dist: codecov
Requires-Dist: coverage
Requires-Dist: black
Requires-Dist: flake8
Requires-Dist: beautifulsoup4
Requires-Dist: dnspython
Requires-Dist: packaging

openSquat
====
![alt text](https://raw.githubusercontent.com/atenreiro/opensquat/master/screenshots/openSquat_logo.png)

What is openSquat
-------------

openSquat is an opensource Intelligence (OSINT) security tool to identify **cyber squatting** threats to specific companies or domains, such as:

*   Phishing campaigns
*   Domain squatting
*   Typo squatting
*   Bitsquatting
*   IDN homograph attacks
*   Doppenganger domains
*   Other brand/domain related scams

It does support some key features such as:

*   Automatic newly registered domain updating (once a day)
*   Levenshtein distance to calculate word similarity
*   Fetches active and known phishing domains (Phishing Database project)
*   IDN homograph attack detection
*   Integration with VirusTotal
*   Integration with Quad9 DNS service
*   Use different levels of confidence threshold to fine tune
*   Save output into different formats (txt, JSON and CSV)
*   Can be integrated with other threat intelligence tools and DNS sinkholes

As an opensource project, everyone's welcome to contribute.

Screenshot / Video Demo
-------------
![alt text](https://raw.githubusercontent.com/atenreiro/opensquat/master/screenshots/openSquat.PNG)

Check the 40 seconds [Demo Video](https://asciinema.org/a/361931) (v1.95)


Demo / Forks
------------
*   [Phishy Domains](https://phishydomains.com) for a simple web version of the openSquat.
*   [openSquat Bot](https://telegram.me/opensquat_bot) for a simple Telegram bot.
*   [RapidAPI](https://rapidapi.com/atenreiro/api/opensquat1) to integrate your application with openSquat using REST API.

**Note**: The forks do not contain all the openSquat features.


How to Install
------------

```bash
    git clone https://github.com/atenreiro/opensquat
    pip install -r requirements.txt
```
Make sure you have **Python 3.6+** and **pip3** in your environment

How to Update
------------
> :warning: **when updating**: especially for a major release, re-run the pip install to check for new dependencies.

To update your current version, just type the following commands inside the openSquat directory:
```bash
    git pull
    pip install -r requirements.txt
```
The "pip install" is just to make sure no new libs were added with the new upgrade. 


Usage Examples
------------
Edit the "keywords.txt" with your customised keywords to hunt.

```bash
    # Lazy run with default options
    python opensquat.py

    # for all the options
    python opensquat.py -h
    
    # Search for generic terms used in phishing campaigns (can lead to false-positives)
    python opensquat.py -k generic.txt

    # With DNS validation (quad9)
    python opensquat.py --dns
    
    # Subdomain search
    python opensquat.py --subdomains
    
    # Check for domains with open ports 80/443
    python opensquat.py --portcheck

    # With Phishing validation (Phishing Database)
    python opensquat.py --phishing phish_results.txt

    # Save output as JSON
    python opensquat.py -o example.json -t json

    # Save output as CSV
    python opensquat.py -o example.csv -t csv

    # Conduct a certificate transparency (ct) hunt
    python opensquat.py --ct

    # Period search - registrations from the last month (default: day)
    python opensquat.py -p month

    # Tweak confidence level. The lower values bring more false positives
    # (0: very high, 1: high (default), 2: medium, 3: low, 4: very low
    python opensquat.py -c 2

    # All validations options
    python opensquat.py --phishing phishing_domains.txt --dns --ct --subdomains --portcheck 
```

Automations & Integrations
-------------
You can set up openSquat to run automatically using a task scheduler (such as crontab for Linux) to generate a new list of results daily.

We update our feeds with a fresh new list of domains every day around 7.30 am (UTC+0 / GMT+0)

```bash
# Crontab example - run openSquat every day at 8 am
# In this example, the results are saved to a JSON file format
0 8 * * * /home/john/opensquat/opensquat.py -k keywords.txt -o results.json -t json
```
You can use this output file to feed your SIEM, SOAR, or other tools that support importing from TXT/JSON/CSV formats.

Alternatively, currently in a **Beta preview** you can integrate using REST APIs, your application with [RapidAPI](https://rapidapi.com/atenreiro/api/opensquat1)

Do you have an integration idea or would like to share an integration you developed with our community? Open a GitHub issue or send me an email.

To Do / Roadmap
-------------
*   ~~Integration with VirusTotal (VT) for subdomains validation~~
*   Integratration with VirusTotal (VT) for malware detection
*   ~~Use certificate transparency~~
*   ~~Homograph detection~~ done
*   ~~Improve code quality from B to A grade (codacy)~~
*   ~~PEP8 compliance~~
*   AND logical condition for keywords search (e.g: google+login) - Thanks to Steff T.
*   Enhanced documentation

Feature Request
-------------
To request a new feature, create a "new issue" and describe the feature and potential use cases. You can upvote the "issue" and contribute to the discussions if something similar already exists.

Changelog
-------------
*   Check the [CHANGELOG](https://github.com/atenreiro/opensquat/blob/master/CHANGELOG) file.

Authors
-------------
Project founder
*   Andre Tenreiro [(LinkedIn)](https://www.linkedin.com/in/andretenreiro/)
*   andre+nospam@opensquat.com - remove the "nospam" - [PGP Key](https://mail-api.proton.me/pks/lookup?op=get&search=andre@opensquat.com)

Contributors
*   Please check the contributors page on GitHub

How to help
-------------
You can help this project in many ways:
*   Providing your time and coding skills to enhance the project
*   Build a decent but simple [project webpage](https://opensquat.com)
*   Provide access to OSINT feeds
*   Open new issues with new suggestions, ideas, bug report or feature requests
*   Spread this project within your network
*   Share your story how have you been using the openSquat and what impact it brought to you
