{"id":25839278,"url":"https://github.com/wisespace-io/nettfiske","last_synced_at":"2025-03-01T04:26:19.207Z","repository":{"id":57644676,"uuid":"129636404","full_name":"wisespace-io/nettfiske","owner":"wisespace-io","description":"Detect Phishing fetching Certificate Transparency Logs","archived":false,"fork":false,"pushed_at":"2021-01-13T14:31:33.000Z","size":91,"stargazers_count":20,"open_issues_count":1,"forks_count":8,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-19T13:47:23.067Z","etag":null,"topics":["certificate-transparency","certstream","homoglyphs","homograph-attack","phishing","punycode","rust"],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wisespace-io.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-04-15T17:58:22.000Z","updated_at":"2024-03-20T13:20:27.000Z","dependencies_parsed_at":"2022-08-30T05:52:35.916Z","dependency_job_id":null,"html_url":"https://github.com/wisespace-io/nettfiske","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wisespace-io%2Fnettfiske","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wisespace-io%2Fnettfiske/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wisespace-io%2Fnettfiske/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wisespace-io%2Fnettfiske/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wisespace-io","download_url":"https://codeload.github.com/wisespace-io/nettfiske/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241090720,"owners_count":19908005,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate-transparency","certstream","homoglyphs","homograph-attack","phishing","punycode","rust"],"created_at":"2025-03-01T04:26:18.522Z","updated_at":"2025-03-01T04:26:19.196Z","avatar_url":"https://github.com/wisespace-io.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Crates.io](https://img.shields.io/crates/v/nettfiske.svg)](https://crates.io/crates/nettfiske)\n[![Build Status](https://travis-ci.org/wisespace-io/nettfiske.png?branch=master)](https://travis-ci.org/wisespace-io/nettfiske)\n[![MIT licensed](https://img.shields.io/badge/License-MIT-blue.svg)](./LICENSE-MIT)\n[![Apache-2.0 licensed](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](./LICENSE-APACHE)\n\n# Nettfiske\n\nUses [certstream](https://certstream.calidog.io/) SSL certificates live stream to identify possible phishing domain names. It is inspired by [Phishing Catcher](https://github.com/x0rz/phishing_catcher).\n\n## Usage\n\n```rust\ncargo run --release sample.json\n```\n\n### Example\n\n```Console\n[Nettfiske]  Fetching Certificates ...\nHomoglyph detected youtuḅe.com (Punycode: xn--youtue-tg7b.com)\nHomoglyph detected youtuḅe.com (Punycode: xn--youtue-tg7b.com)\nHomoglyph detected whatsapp.com (Punycode: xn--hatsapp-h41c.com)\nHomoglyph detected whatsapp.com (Punycode: xn--hatsapp-h41c.com)\nHomoglyph detected twiṫter.com (Punycode: xn--twiter-507b.com)\nHomoglyph detected twiṫter.com (Punycode: xn--twiter-507b.com)\nSuspicious paypal.com-secure.warn-allmail.com (score 72)\nSuspicious applêid.àpplê.com.iosets.com (score 65) (Punycode: xn--applid-lva.xn--ppl-8ka7c.com.iosets.com)\nSuspicious facebook.com-verified-id939819835.com (score 69)\nSuspicious appleid.apple.com.invoice-qwery.gq (score 75)\nSuspicious instagramaccountverifica.altervista.org (score 69)\n```\n\n### Use Cases\n\nAttempt to detect the use of Punycode and Homoglyph Attacks to obfuscate Domains. The homograph protection mechanism in Chrome, Firefox, and Opera may fail when some characters are replaced with a similar character from a foreign language.\n\nExample:\n\n* microsoft.com⁄index.html.irongeek.com\n* microsoft.xn--comindex-g03d.html.irongeek.com\n\nThe slash symbol in the first url is not really a slash symbol at all. Also adding a SSL certificate can take few minutes and the user can feel safer with the locker next to domain.\n\nExample, try to open the domain https://www.xn--80ak6aa92e.com/ on Firefox.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwisespace-io%2Fnettfiske","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwisespace-io%2Fnettfiske","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwisespace-io%2Fnettfiske/lists"}