https://github.com/redhuntlabs/antisquat

https://github.com/redhuntlabs/antisquat

research

Last synced: 10 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/redhuntlabs/antisquat
• Owner: redhuntlabs
• License: gpl-3.0
• Created: 2023-08-07T03:03:03.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2025-01-22T10:48:26.000Z (about 1 year ago)
• Last Synced: 2025-04-03T17:12:30.495Z (11 months ago)
• Topics: research
• Language: Python
• Size: 349 KB
• Stars: 52
• Watchers: 1
• Forks: 13
• Open Issues: 1
• Metadata Files:
  • Readme: readme.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-starts - redhuntlabs/antisquat - (others)

README

          
# AntiSquat



AntiSquat leverages AI techniques such as natural language processing (NLP), large language models (ChatGPT) and more to empower detection of typosquatting and phishing domains.

## How to use

- Clone the project via `git clone https://github.com/redhuntlabs/antisquat`. 

- Install all dependencies by typing `pip install -r requirements.txt`.

- Get a ChatGPT API key at https://platform.openai.com/account/api-keys

- Create a file named `.openai-key` and paste your chatgpt api key in there.

- (Optional) Visit https://developer.godaddy.com/keys and grab a GoDaddy API key. Create a file named `.godaddy-key` and paste your godaddy api key in there.

- Create a file named ‘domains.txt’. Type in a line-separated list of domains you’d like to scan.

- (Optional) Create a file named `blacklist.txt`. Type in a line-separated list of domains you’d like to ignore. Regular expressions are supported.

- Run antisquat using `python3.8 antisquat.py domains.txt`

## Examples:

Let’s say you’d like to run antisquat on "flipkart.com".

Create a file named "domains.txt", then type in `flipkart.com`. Then run `python3.8 antisquat.py domains.txt`.

AntiSquat generates several permutations of the domain, iterates through them one-by-one and tries extracting all contact information from the page.

### Test case:

A test case for amazon.com is attached. To run it without any api keys, simply run `python3.8 test.py`

![AntiSquat running on Amazon.com](demo.png)

Here, the tool appears to have captured a test phishing site for amazon.com. Similar domains that may be available for sale can be captured in this way and any contact information from the site may be extracted.

If you'd like to know more about the tool, make sure to check out our blog.

## Acknowledgements



Black Hat USA 2023 [Arsenal]



*[`To know more about our Attack Surface Management platform, check out NVADR.`](https://redhuntlabs.com/nvadr)*