phishing catcher

We have hosted the application phishing catcher in order to run this application in our online workstations with Wine or directly.

Quick description about phishing catcher:

phishing_catcher is a security monitoring tool designed to detect potential phishing domains in near real time by analyzing TLS certificate issuance events. It listens to Certificate Transparency (CT) logs through the CertStream API and evaluates newly issued certificates as they appear. Each certificate often contains one or more domain names, which the tool analyzes to determine whether they resemble suspicious or phishing-related domains. phishing_catcher applies a configurable scoring mechanism that assigns numeric values to certain keywords, patterns, or top-level domains found within certificate domain names. When a domain’s score exceeds predefined thresholds, it is flagged as potentially malicious and reported accordingly. It operates continuously, processing certificate updates as they arrive and displaying or logging domains that appear suspicious. This approach allows analysts, researchers, and security teams to identify phishing infrastructure early.

Features:

• Real-time certificate monitoring using the CertStream API to track newly issued TLS certificates
• Configurable scoring system that evaluates domains based on suspicious keywords and TLDs
• Phishing detection heuristics that help identify domains likely used for phishing campaigns
• Customizable configuration files allowing users to modify detection rules and scoring weights
• Continuous monitoring workflow that processes certificate events as they occur
• Console and log reporting for flagged domains based on threat-level thresholds

Programming Language: Python.
Categories: