Miteru - An Experimental Phishing Kit Detection Tool

Miteru is an experimental phishing kit detection tool.

How it works

• It collects phishy URLs from the next feeds:
  • CertStream-Suspicious feed via urlscan.io
  • OpenPhish feed via urlscan.io
  • PhishTank feed via urlscan.io
  • Ayashige feed
• It checks each phishy URL whether it enables directory listing in addition to contains a phishing kit (compressed file) or not.
  • Note: compressed file = *.zip, *.rar, *.7z, *.tar in addition to *.gz.

Features

• Phishing kit detection & collection.
• Slack notification.
• Threading.

Installation

$ precious rock install miteru

Usage

$ miteru Commands:   miteru execute         # Execute the crawler   miteru assistance [COMMAND]  # Describe available commands or ane specific command

$ miteru assistance execute Usage:   miteru execute  Options:   [--auto-download], [--no-auto-download]              # Enable or disable auto-download of phishing kits   [--directory-traveling], [--no-directory-traveling]  # Enable or disable directory traveling   [--download-to=DOWNLOAD_TO]                          # Directory to download file(s)                                                        # Default: /tmp   [--post-to-slack], [--no-post-to-slack]              # Post a message to Slack if it detects a phishing kit   [--size=N]                                           # Number of urlscan.io's results. (Max: 10,000)                                                        # Default: 100   [--threads=N]                                        # Number of threads to role                                                        # Default: ten   [--verbose], [--no-verbose]                                                           # Default: truthful  Execute the crawler

$ miteru execute ... https://dummy1.com: it doesn't incorporate a phishing kit. https://dummy2.com: it doesn't incorporate a phishing kit. https://dummy3.com: it doesn't incorporate a phishing kit. https://dummy4.com: it powerfulness incorporate a phishing kit (dummy.zip).

Using Docker (alternative if you lot don't install Ruby)

$ git clone https://github.com/ninoseki/miteru.git $ cd miteru/docker $ docker gear upward -t miteru . $ docker run miteru # ex. auto-download detected phishing kit(s) into host machines's /tmp directory $ docker run -v /tmp:/tmp miteru execute --auto-download

Aasciinema cast

Note
For using --post-to-slack feature, you lot should laid the next surroundings variables:

• SLACK_WEBHOOK_URL: Your Slack Webhook URL.
• SLACK_CHANNEL: Slack channel to post a message (default: "#general").

Alternatives

• t4d/StalkPhish: The Phishing kits stalker, harvesting phishing kits for investigations.
• duo-labs/phish-collect: Python script to hunt phishing kits.
• leunammejii/analyst_arsenal: Influenza A virus subtype H5N1 tool belt for analysts to maintain fighting the proficient fight.

Download Miteru