通讯技术>> certphisher-dockerized>> 返回
项目作者: joelgun-xyz

项目描述 :
automated, dockerized phishing catcher
高级语言: JavaScript
项目地址: git://github.com/joelgun-xyz/certphisher-dockerized.git
创建时间: 2019-06-19T08:44:05Z
项目社区:https://github.com/joelgun-xyz/certphisher-dockerized
开源协议:GNU General Public License v3.0
下载


certphisher-dockerized

Dockerized version of certphisher

This is a fork of @x0rz’s awesome phishing_catcher.
I’ve updated his scoring engine with a submit functionality to VirusTotal, urlscan.io who fetches the response to a mongodb + flask frontend with slack integration for later review.

Feel free to modify, tweak the code.

Getting Started

Clone git repo to desired directory. 

  1. git clone https://github.com/joelgun-xyz/certphisher.git

Prerequisites

Make sure you have Docker installed on your local machine and have a DockerHub account.

Docker

Download Kinematic - Run containers through a simple, yet powerful graphical user interface.
Kitematic

Edit config

Edit the default-config.ini with your API keys and rename it to config.ini.

  1. ; config.ini
  2. [apikeys]
  3. vt_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
  4. urlscan_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
  7. [mongodb]
  8. my_instance = mongodb://localhost:27017/
  9. my_db = certphisher
  10. my_col = sites
  11. username = foo
  12. password = bar
  14. [slack]
  15. integration = 1
  16. bot_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
  17. channel = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
  18. relevant_score = 140

Slack Notifications

If you don’t want or don’t have yet a slack channel you can create one here:

or disable this feature in the config.ini file with this line: 

  1. slack_integration = 0

If you want to be notified about newly registered and high scored domains,
you can adjust the score depending on your rating system when to fire a notification in your slack channel. 

  1. relevant_score = 140

If you enable notifications, you get messages like this in your channel:

Slack

Installation

Switch inside the certphisher-dockerized directory and run these commands to download and build the containers. 

  1. docker build --rm --no-cache -f "Dockerfile_frontend" -t certphisher/frontend:latest .
  3. docker build --rm --no-cache -f "Dockerfile_backend" -t certphisher/backend:latest .
  5. docker-compose -f "docker-compose.yml" up -d --build

Usage

Start Kinematic and watch your containers start correctly

Kitematic

The webfrontend should be served over: http://localhost:5000/

Change Scoring

Just the add / change the values in the files suspicious.yaml or external.yaml with your own keyword / scores if you want to customize it.

scoring_engine

License

This project is licensed under GNU General Public License v3.0

Authors

Acknowledgments

  • heywoodlh - for the great urlscan.io python wrapper Github