openSquat is an opensource Intelligence (OSINT) security tool to identify cyber squatting threats to specific companies or domains, such as:
It does support some key features such as:
As an opensource project, everyone's welcome to contribute.
Check the 40 seconds Demo Video (v1.95)
Note: The forks do not contain all the openSquat features.
git clone https://github.com/atenreiro/opensquat
pip install -r requirements.txt
Make sure you have Python 3.6+ and pip3 in your environment
:warning: when updating: especially for a major release, re-run the pip install to check for new dependencies.
To update your current version, just type the following commands inside the openSquat directory:
git pull
pip install -r requirements.txt
The "pip install" is just to make sure no new libs were added with the new upgrade.
Edit the "keywords.txt" with your customised keywords to hunt.
# Lazy run with default options
python opensquat.py
# for all the options
python opensquat.py -h
# Search for generic terms used in phishing campaigns (can lead to false-positives)
python opensquat.py -k generic.txt
# With DNS validation (quad9)
python opensquat.py --dns
# Subdomain search
python opensquat.py --subdomains
# Check for domains with open ports 80/443
python opensquat.py --portcheck
# With Phishing validation (Phishing Database)
python opensquat.py --phishing phish_results.txt
# Save output as JSON
python opensquat.py -o example.json -t json
# Save output as CSV
python opensquat.py -o example.csv -t csv
# Conduct a certificate transparency (ct) hunt
python opensquat.py --ct
# Period search - registrations from the last month (default: day)
python opensquat.py -p month
# Tweak confidence level. The lower values bring more false positives
# (0: very high, 1: high (default), 2: medium, 3: low, 4: very low
python opensquat.py -c 2
# All validations options
python opensquat.py --phishing phishing_domains.txt --dns --ct --subdomains --portcheck
You can set up openSquat to run automatically using a task scheduler (such as crontab for Linux) to generate a new list of results daily.
We update our feeds with a fresh new list of domains every day around 7.30 am (UTC+0 / GMT+0)
# Crontab example - run openSquat every day at 8 am
# In this example, the results are saved to a JSON file format
0 8 * * * /home/john/opensquat/opensquat.py -k keywords.txt -o results.json -t json
You can use this output file to feed your SIEM, SOAR, or other tools that support importing from TXT/JSON/CSV formats.
Alternatively, currently in a Beta preview you can integrate using REST APIs, your application with RapidAPI
Do you have an integration idea or would like to share an integration you developed with our community? Open a GitHub issue or send me an email.
We welcome and encourage contributions from the community! If you're interested in helping improve openSquat, here are a variety of ways you can contribute:
Thank you for your interest in contributing to openSquat!
Project founder
Contributors
You can help this project in many ways: