Kali Linux

OpenSquat : Detection Of Phishing Domains And Domain Squatting.

OpenSquat is an opensource Intelligence (OSINT) security tool to identify cyber squatting threats to specific companies or domains, such as:

  • Phishing campaigns
  • Domain squatting
  • Typo squatting
  • Bit squatting
  • IDN homograph attacks
  • Doppen ganger domains
  • Other brand/domain related scams

It does support some key features such as:

  • Automatic newly registered domain updating (once a day)
  • Levenshtein distance to calculate word similarity
  • Fetches active and known phishing domains (Phishing Database project)
  • IDN homograph attack detection
  • Integration with VirusTotal
  • Integration with Quad9 DNS service
  • Use different levels of confidence threshold to fine tune
  • Save output into different formats (txt, JSON and CSV)
  • Can be integrated with other threat intelligence tools and DNS sinkholes

How to Install

git clone https://github.com/atenreiro/opensquat
pip install -r requirements.txt

The “pip install” is just to make sure no new libs were added with the new upgrade.

Usage Examples

Edit the “keywords.txt” with your customised keywords to hunt.

#Lazy run with default options
python opensquat.py
#for all the options
python opensquat.py -h
#Search for generic terms used in phishing campaigns (can lead to false positives)
python opensquat.py -k generic.txt
#With DNS validation (quad9)
python opensquat.py –dns
#Subdomain search
python opensquat.py –subdomains
#Check for domains with open ports 80/443
python opensquat.py –portcheck
#With Phishing validation (Phishing Database)
python opensquat.py –phishing phish_results.txt
#Save output as JSON
python opensquat.py -o example.json -t json
#Save output as CSV
python opensquat.py -o example.csv -t csv
#Conduct a certificate transparency (ct) hunt
python opensquat.py –ct
#Period search – registrations from the last month (default: day)
python opensquat.py -p month
#Tweak confidence level. The lower values bring more false positives
#(0: very high, 1: high (default), 2: medium, 3: low, 4: very low
python opensquat.py -c 2
#All validations options
python opensquat.py –phishing phishing_domains.txt –dns –ct –subdomains –portcheck

Download
R K

Leave a Comment
Share
Published by
R K
Tags: Domain Squatting.OpenSquatPhishing Domains
4 years ago

Recent Posts

Best OSINT Tools for Journalists 2026: Verify Sources, Images and Claims

Journalists use OSINT to verify public information before publishing. In 2026, misinformation, AI-generated images, fake…

4 hours ago

Install Docker on Ubuntu 20.04: Complete Step-by-Step Guide

Docker is an open-source platform that lets you package and run applications inside containers. Each container…

15 hours ago

Install PostgreSQL on Ubuntu: Database Setup and Admin Guide

PostgreSQL (often called Postgres) is an open-source relational database system. It supports advanced features like JSON…

15 hours ago

Install Xrdp Remote Desktop on Ubuntu: Setup and Connect

Xrdp is an open-source server that lets you connect to your Ubuntu machine from another computer…

16 hours ago

Tomcat 9 on Ubuntu 20.04: Install, Configure, and Start

Apache Tomcat is an open-source web server and Java servlet container. It is one of the…

16 hours ago

Automatic Updates on Ubuntu: Set Up unattended-upgrades

Keeping your Ubuntu system updated is one of the best ways to protect it. Security…

17 hours ago