项目作者: joelgun-xyz

项目描述 :
automated, dockerized phishing catcher
高级语言: JavaScript
项目地址: git://github.com/joelgun-xyz/certphisher-dockerized.git
创建时间: 2019-06-19T08:44:05Z
项目社区:https://github.com/joelgun-xyz/certphisher-dockerized

开源协议:GNU General Public License v3.0

下载


certphisher-dockerized

Dockerized version of certphisher

This is a fork of @x0rz’s awesome phishing_catcher.
I’ve updated his scoring engine with a submit functionality to VirusTotal, urlscan.io who fetches the response to a mongodb + flask frontend with slack integration for later review.

Feel free to modify, tweak the code.

Getting Started

Clone git repo to desired directory.

  1. git clone https://github.com/joelgun-xyz/certphisher.git

Prerequisites

Make sure you have Docker installed on your local machine and have a DockerHub account.

Docker

Download Kinematic - Run containers through a simple, yet powerful graphical user interface.
Kitematic

Edit config

Edit the default-config.ini with your API keys and rename it to config.ini.

  1. ; config.ini
  2. [apikeys]
  3. vt_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
  4. urlscan_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
  5. [mongodb]
  6. my_instance = mongodb://localhost:27017/
  7. my_db = certphisher
  8. my_col = sites
  9. username = foo
  10. password = bar
  11. [slack]
  12. integration = 1
  13. bot_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
  14. channel = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
  15. relevant_score = 140

Slack Notifications

If you don’t want or don’t have yet a slack channel you can create one here:

or disable this feature in the config.ini file with this line:

  1. slack_integration = 0

If you want to be notified about newly registered and high scored domains,
you can adjust the score depending on your rating system when to fire a notification in your slack channel.

  1. relevant_score = 140

If you enable notifications, you get messages like this in your channel:

Slack

Installation

Switch inside the certphisher-dockerized directory and run these commands to download and build the containers.

  1. docker build --rm --no-cache -f "Dockerfile_frontend" -t certphisher/frontend:latest .
  2. docker build --rm --no-cache -f "Dockerfile_backend" -t certphisher/backend:latest .
  3. docker-compose -f "docker-compose.yml" up -d --build

Usage

Start Kinematic and watch your containers start correctly

Kitematic

The webfrontend should be served over: http://localhost:5000/

Change Scoring

Just the add / change the values in the files suspicious.yaml or external.yaml with your own keyword / scores if you want to customize it.

scoring_engine

License

This project is licensed under GNU General Public License v3.0

Authors

Acknowledgments

  • heywoodlh - for the great urlscan.io python wrapper Github