Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/atenreiro/opensquat

The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains and brands.
https://github.com/atenreiro/opensquat

blue-team cybersecurity cybersquatting domain-name domain-squatting homograph-attack infosec malware osint phishing phishing-detection phishing-domains python scanner security-tools threat-hunting threat-intelligence typosquatting

Last synced: 27 days ago
JSON representation

The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains and brands.

Awesome Lists containing this project

README 

          


  openSquat Logo




openSquat





  Python 3.6+

  License: GPL v3

  GitHub issues

  GitHub stars




---



## πŸ“‘ Table of Contents



- [What is openSquat?](#-what-is-opensquat)

- [Key Features](#-key-features)

- [Quick Start](#-quick-start)

- [Requirements](#-requirements)

- [Usage](#-usage)

- [Configuration](#%EF%B8%8F-configuration)

- [Automation](#-automation)

- [Integrations](#-integrations)

- [CLI Reference](#-cli-reference)

- [Contributing](#-contributing)

- [Author](#-author)

- [License](#-license)



---



## 🎯 What is openSquat?



openSquat is an **Open Source Intelligence (OSINT)** security tool that identifies cyber squatting threats targeting your brand or domains:



| Threat Type | Description |

|-------------|-------------|

| 🎣 **Phishing** | Fraudulent domains mimicking your brand |

| πŸ”€ **Typosquatting** | Domains with common typos (e.g., `gooogle.com`) |

| 🌐 **IDN Homograph** | Look-alike characters from other alphabets |

| πŸ‘₯ **DoppelgΓ€nger** | Domains containing your brand name |

| πŸ”€ **Bitsquatting** | Single-bit errors in domain names |



## ✨ Key Features



- πŸ“… **Daily NRD feeds** β€” Automatic newly registered domain updates

- πŸ” **Similarity detection** β€” Levenshtein & Jaro-Winkler algorithms

- πŸ›‘οΈ **VirusTotal integration** β€” Check domain reputation

- 🌐 **Quad9 DNS validation** β€” Identify malicious domains

- πŸ“œ **Certificate Transparency** β€” Monitor SSL/TLS certificates

- πŸ“Š **Multiple output formats** β€” TXT, JSON, CSV



---



## πŸš€ Quick Start



```bash

# 1. Clone the repository

git clone https://github.com/atenreiro/opensquat

cd opensquat



# 2. Install dependencies

pip install -r requirements.txt



# 3. Run with your keywords

python opensquat.py -k keywords.txt

```



---



## πŸ“¦ Requirements



- **Python 3.6+**

- Dependencies: `colorama`, `dnspython`, `requests`, `beautifulsoup4`



---



## πŸ“– Usage



### Basic Commands



```bash

# Default run

python opensquat.py



# Show all options

python opensquat.py -h



# Use custom keywords file

python opensquat.py -k my_keywords.txt

```



### Validation Options



```bash

# DNS validation via Quad9

python opensquat.py --dns



# Check Certificate Transparency logs

python opensquat.py --ct



# Scan for open ports (80/443)

python opensquat.py --portcheck



# Cross-reference phishing databases

python opensquat.py --phishing results.txt

```



### Output Formats



```bash

# Save as JSON

python opensquat.py -o results.json -t json



# Save as CSV

python opensquat.py -o results.csv -t csv

```



### Confidence Levels



| Level | Flag | Description |

|-------|------|-------------|

| 0 | `-c 0` | Very high (fewer results, high accuracy) |

| 1 | `-c 1` | High (default) |

| 2 | `-c 2` | Medium |

| 3 | `-c 3` | Low |

| 4 | `-c 4` | Very low (more results, more false positives) |



---



## βš™οΈ Configuration



### Keywords File (`keywords.txt`)



```text

# Lines starting with # are comments

mycompany

mybrand

myproduct

```



### VirusTotal API Key (`vt_key.txt`)



To use `--vt` or `--subdomains`, add your API key:

```text

# Get your free API key at https://www.virustotal.com

your_api_key_here

```



---



## πŸ€– Automation



Run daily via crontab:



```bash

# Every day at 8 AM (feeds update ~7:30 AM UTC)

0 8 * * * /path/to/opensquat/opensquat.py -k keywords.txt -o results.json -t json

```



---



## πŸ”— Integrations



| Platform | Link |

|----------|------|

| πŸ€– Telegram Bot | [@opensquat_bot](https://telegram.me/opensquat_bot) |

| πŸ”Œ REST API | [RapidAPI](https://rapidapi.com/atenreiro/api/opensquat1) |



---



## πŸ“‹ CLI Reference



| Argument | Default | Description |

|----------|---------|-------------|

| `-k, --keywords` | `keywords.txt` | Keywords file to search |

| `-o, --output` | `results.txt` | Output filename |

| `-t, --type` | `txt` | Output format: `txt`, `json`, `csv` |

| `-c, --confidence` | `1` | Confidence level (0-4) |

| `-d, --domains` | β€” | Use local domain file instead of downloading |

| `-m, --method` | `Levenshtein` | Algorithm: `Levenshtein` or `JaroWinkler` |

| `--dns` | β€” | Enable Quad9 DNS validation |

| `--ct` | β€” | Search Certificate Transparency logs |

| `--phishing` | β€” | Cross-reference phishing database |

| `--subdomains` | β€” | Fetch subdomains via VirusTotal |

| `--portcheck` | β€” | Check for open ports 80/443 |

| `--vt` | β€” | Validate against VirusTotal |



---



## 🀝 Contributing



We welcome contributions! See our [Contributing Guide](CONTRIBUTING.md) for details.



- πŸ› **Report bugs** via [GitHub Issues](https://github.com/atenreiro/opensquat/issues)

- πŸ’‘ **Request features** by opening an issue

- πŸ”§ **Submit PRs** for bug fixes or enhancements



---



## πŸ‘€ Author



**Andre Tenreiro** β€” [LinkedIn](https://www.linkedin.com/in/andretenreiro/) Β· [PGP Key](https://mail-api.proton.me/pks/lookup?op=get&search=andre@opensquat.com)



---



## πŸ“œ License



This project is licensed under the [GNU GPL v3](LICENSE).