{"id":13845362,"url":"https://github.com/atenreiro/opensquat","last_synced_at":"2026-01-14T08:19:46.761Z","repository":{"id":38010253,"uuid":"261263035","full_name":"atenreiro/opensquat","owner":"atenreiro","description":"The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains and brands.","archived":false,"fork":false,"pushed_at":"2025-06-23T04:25:01.000Z","size":6909,"stargazers_count":911,"open_issues_count":14,"forks_count":159,"subscribers_count":23,"default_branch":"master","last_synced_at":"2025-11-01T17:16:33.132Z","etag":null,"topics":["blue-team","cybersecurity","cybersquatting","domain-name","domain-squatting","homograph-attack","infosec","malware","osint","phishing","phishing-detection","phishing-domains","python","scanner","security-tools","threat-hunting","threat-intelligence","typosquatting"],"latest_commit_sha":null,"homepage":"https://opensquat.com","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/atenreiro.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["atenreiro"]}},"created_at":"2020-05-04T18:22:30.000Z","updated_at":"2025-10-30T22:43:07.000Z","dependencies_parsed_at":"2024-04-09T22:50:41.893Z","dependency_job_id":"5f983ddf-b0ff-463b-8e40-1167c85d4313","html_url":"https://github.com/atenreiro/opensquat","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/atenreiro/opensquat","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atenreiro%2Fopensquat","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atenreiro%2Fopensquat/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atenreiro%2Fopensquat/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atenreiro%2Fopensquat/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/atenreiro","download_url":"https://codeload.github.com/atenreiro/opensquat/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atenreiro%2Fopensquat/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28413773,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T08:16:59.381Z","status":"ssl_error","status_checked_at":"2026-01-14T08:13:45.490Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blue-team","cybersecurity","cybersquatting","domain-name","domain-squatting","homograph-attack","infosec","malware","osint","phishing","phishing-detection","phishing-domains","python","scanner","security-tools","threat-hunting","threat-intelligence","typosquatting"],"created_at":"2024-08-04T17:03:21.704Z","updated_at":"2026-01-14T08:19:46.756Z","avatar_url":"https://github.com/atenreiro.png","language":"Python","funding_links":["https://github.com/sponsors/atenreiro"],"categories":["[](#table-of-contents) Table of contents","Python","Pentesting"],"sub_categories":["[](#domainip-investigation)Domain/IP investigation","OSINT - Open Source INTelligence"],"readme":"\u003cp align=\"center\"\u003e\n \u003cimg src=\"https://raw.githubusercontent.com/atenreiro/opensquat/master/screenshots/openSquat_logo.png\" alt=\"openSquat Logo\" width=\"400\"/\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003eopenSquat\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"#\"\u003e\u003cimg src=\"https://img.shields.io/badge/python-3.6+-blue.svg\" alt=\"Python 3.6+\"\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/atenreiro/opensquat/blob/master/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-GPLv3-blue.svg\" alt=\"License: GPL v3\"\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/atenreiro/opensquat/issues\"\u003e\u003cimg src=\"https://img.shields.io/github/issues/atenreiro/opensquat\" alt=\"GitHub issues\"\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/atenreiro/opensquat/stargazers\"\u003e\u003cimg src=\"https://img.shields.io/github/stars/atenreiro/opensquat\" alt=\"GitHub stars\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n## πŸ“‘ Table of Contents\n\n- [What is openSquat?](#-what-is-opensquat)\n- [Key Features](#-key-features)\n- [Quick Start](#-quick-start)\n- [Requirements](#-requirements)\n- [Usage](#-usage)\n- [Configuration](#%EF%B8%8F-configuration)\n- [Automation](#-automation)\n- [Integrations](#-integrations)\n- [CLI Reference](#-cli-reference)\n- [Contributing](#-contributing)\n- [Author](#-author)\n- [License](#-license)\n\n---\n\n## 🎯 What is openSquat?\n\nopenSquat is an **Open Source Intelligence (OSINT)** security tool that identifies cyber squatting threats targeting your brand or domains:\n\n| Threat Type | Description |\n|-------------|-------------|\n| 🎣 **Phishing** | Fraudulent domains mimicking your brand |\n| πŸ”€ **Typosquatting** | Domains with common typos (e.g., `gooogle.com`) |\n| 🌐 **IDN Homograph** | Look-alike characters from other alphabets |\n| πŸ‘₯ **DoppelgΓ€nger** | Domains containing your brand name |\n| πŸ”€ **Bitsquatting** | Single-bit errors in domain names |\n\n## ✨ Key Features\n\n- πŸ“… **Daily NRD feeds** β€” Automatic newly registered domain updates\n- πŸ” **Similarity detection** β€” Levenshtein \u0026 Jaro-Winkler algorithms\n- πŸ›‘οΈ **VirusTotal integration** β€” Check domain reputation\n- 🌐 **Quad9 DNS validation** β€” Identify malicious domains\n- πŸ“œ **Certificate Transparency** β€” Monitor SSL/TLS certificates\n- πŸ“Š **Multiple output formats** β€” TXT, JSON, CSV\n\n---\n\n## πŸš€ Quick Start\n\n```bash\n# 1. Clone the repository\ngit clone https://github.com/atenreiro/opensquat\ncd opensquat\n\n# 2. Install dependencies\npip install -r requirements.txt\n\n# 3. Run with your keywords\npython opensquat.py -k keywords.txt\n```\n\n---\n\n## πŸ“¦ Requirements\n\n- **Python 3.6+**\n- Dependencies: `colorama`, `dnspython`, `requests`, `beautifulsoup4`\n\n---\n\n## πŸ“– Usage\n\n### Basic Commands\n\n```bash\n# Default run\npython opensquat.py\n\n# Show all options\npython opensquat.py -h\n\n# Use custom keywords file\npython opensquat.py -k my_keywords.txt\n```\n\n### Validation Options\n\n```bash\n# DNS validation via Quad9\npython opensquat.py --dns\n\n# Check Certificate Transparency logs\npython opensquat.py --ct\n\n# Scan for open ports (80/443)\npython opensquat.py --portcheck\n\n# Cross-reference phishing databases\npython opensquat.py --phishing results.txt\n```\n\n### Output Formats\n\n```bash\n# Save as JSON\npython opensquat.py -o results.json -t json\n\n# Save as CSV\npython opensquat.py -o results.csv -t csv\n```\n\n### Confidence Levels\n\n| Level | Flag | Description |\n|-------|------|-------------|\n| 0 | `-c 0` | Very high (fewer results, high accuracy) |\n| 1 | `-c 1` | High (default) |\n| 2 | `-c 2` | Medium |\n| 3 | `-c 3` | Low |\n| 4 | `-c 4` | Very low (more results, more false positives) |\n\n---\n\n## βš™οΈ Configuration\n\n### Keywords File (`keywords.txt`)\n\n```text\n# Lines starting with # are comments\nmycompany\nmybrand\nmyproduct\n```\n\n### VirusTotal API Key (`vt_key.txt`)\n\nTo use `--vt` or `--subdomains`, add your API key:\n```text\n# Get your free API key at https://www.virustotal.com\nyour_api_key_here\n```\n\n---\n\n## πŸ€– Automation\n\nRun daily via crontab:\n\n```bash\n# Every day at 8 AM (feeds update ~7:30 AM UTC)\n0 8 * * * /path/to/opensquat/opensquat.py -k keywords.txt -o results.json -t json\n```\n\n---\n\n## πŸ”— Integrations\n\n| Platform | Link |\n|----------|------|\n| πŸ€– Telegram Bot | [@opensquat_bot](https://telegram.me/opensquat_bot) |\n| πŸ”Œ REST API | [RapidAPI](https://rapidapi.com/atenreiro/api/opensquat1) |\n\n---\n\n## πŸ“‹ CLI Reference\n\n| Argument | Default | Description |\n|----------|---------|-------------|\n| `-k, --keywords` | `keywords.txt` | Keywords file to search |\n| `-o, --output` | `results.txt` | Output filename |\n| `-t, --type` | `txt` | Output format: `txt`, `json`, `csv` |\n| `-c, --confidence` | `1` | Confidence level (0-4) |\n| `-d, --domains` | β€” | Use local domain file instead of downloading |\n| `-m, --method` | `Levenshtein` | Algorithm: `Levenshtein` or `JaroWinkler` |\n| `--dns` | β€” | Enable Quad9 DNS validation |\n| `--ct` | β€” | Search Certificate Transparency logs |\n| `--phishing` | β€” | Cross-reference phishing database |\n| `--subdomains` | β€” | Fetch subdomains via VirusTotal |\n| `--portcheck` | β€” | Check for open ports 80/443 |\n| `--vt` | β€” | Validate against VirusTotal |\n\n---\n\n## 🀝 Contributing\n\nWe welcome contributions! See our [Contributing Guide](CONTRIBUTING.md) for details.\n\n- πŸ› **Report bugs** via [GitHub Issues](https://github.com/atenreiro/opensquat/issues)\n- πŸ’‘ **Request features** by opening an issue\n- πŸ”§ **Submit PRs** for bug fixes or enhancements\n\n---\n\n## πŸ‘€ Author\n\n**Andre Tenreiro** β€” [LinkedIn](https://www.linkedin.com/in/andretenreiro/) Β· [PGP Key](https://mail-api.proton.me/pks/lookup?op=get\u0026search=andre@opensquat.com)\n\n---\n\n## πŸ“œ License\n\nThis project is licensed under the [GNU GPL v3](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fatenreiro%2Fopensquat","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fatenreiro%2Fopensquat","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fatenreiro%2Fopensquat/lists"}