nettfiske

Release 0.3.0

Detect Phishing fetching Certificate Transparency Logs

Repository Cargo Rust Documentation Download

Keywords
security, phishing, idna, punycode, certificate-transparency, certstream, homoglyphs, homograph-attack, rust
Licenses
MIT/Apache-2.0

Documentation

Crates.io Build Status MIT licensed Apache-2.0 licensed

Nettfiske

Uses certstream SSL certificates live stream to identify possible phishing domain names. It is inspired by Phishing Catcher.

Usage

cargo run --release sample.json

Example

[Nettfiske]  Fetching Certificates ...
Homoglyph detected youtubÌŁe.com (Punycode: xn--youtue-tg7b.com)
Homoglyph detected youtubÌŁe.com (Punycode: xn--youtue-tg7b.com)
Homoglyph detected whatsapp.com (Punycode: xn--hatsapp-h41c.com)
Homoglyph detected whatsapp.com (Punycode: xn--hatsapp-h41c.com)
Homoglyph detected twiṫter.com (Punycode: xn--twiter-507b.com)
Homoglyph detected twiṫter.com (Punycode: xn--twiter-507b.com)
Suspicious paypal.com-secure.warn-allmail.com (score 72)
Suspicious applĂȘid.Ă pplĂȘ.com.iosets.com (score 65) (Punycode: xn--applid-lva.xn--ppl-8ka7c.com.iosets.com)
Suspicious facebook.com-verified-id939819835.com (score 69)
Suspicious appleid.apple.com.invoice-qwery.gq (score 75)
Suspicious instagramaccountverifica.altervista.org (score 69)

Use Cases

Attempt to detect the use of Punycode and Homoglyph Attacks to obfuscate Domains. The homograph protection mechanism in Chrome, Firefox, and Opera may fail when some characters are replaced with a similar character from a foreign language.

Example:

  • microsoft.com⁄index.html.irongeek.com
  • microsoft.xn--comindex-g03d.html.irongeek.com

The slash symbol in the first url is not really a slash symbol at all. Also adding a SSL certificate can take few minutes and the user can feel safer with the locker next to domain.

Example, try to open the domain https://www.xn--80ak6aa92e.com/ on Firefox.

Stats

Dependencies
14
Dependent packages
0
Dependent repositories
0
Total releases
9
Latest release
First release
Stars
11
Forks
6
Watchers
2
Contributors
2
Repository size
88.9 KB
SourceRank
8

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.3.0
0.2.4
0.2.2
0.2.1
0.2.0
0.1.3
0.1.2
0.1.1
0.1.0

Maintainers

FlĂĄvio Oliveira

Contributors

Flavio Oliveira Harald Eilertsen


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-01-13 14:28:38 UTC

Login to resync this project