Skip to content
/ suritwist Public

Suritwist - generating potential phishing domains lists for suricata

License

AGPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Xiobe/suritwist

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
suritwist.py
suritwist.py
 
 

Repository files navigation

suritwist

Suritwist - Generating potential phishing domains lists for suricata alerting.

Basic idea

The basic idea is that you generate your dnstwist domain variations for your domain of interest either offline or online and export it into a JSON format. You feed this JSON file into suritwist.py and it will generate you a base64 encoded list for these domains which can then be used in a rule for generating alerts for potential phishing.

Usage

usage: suritwist [-h] [-e [EXCLUDE ...]] [-r] [--sid SID] [--rev REV] [-v] inputfile outputfile

Generate your dataset for dnstwist

positional arguments:
  inputfile             input file in json format
  outputfile            suricata dataset file

options:
  -h, --help            show this help message and exit
  -e [EXCLUDE ...], --exclude [EXCLUDE ...]
                        domains you want to exclude from the dataset
  -r, --rule            show rule
  --sid SID             specify your suricata rule id, default is 100001
  --rev REV             specify your revision, default is 1
  -v, --verbose         output verbose

Dockerized dnstwist

You can find a dockerized version of dnstwist in our github repo docker-dnstwist.

About

Suritwist - generating potential phishing domains lists for suricata

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages