Miteru - An Experimental Phishing Kit Detection Tool
How it works
- It collects phishy URLs from the following feeds:
- It checks each phishy URL whether it enables directory listing and contains a phishing kit (compressed file) or not.
- Note: compressed file =
*.zip
,*.rar
,*.7z
,*.tar
and*.gz
.
- Note: compressed file =
Features
- Phishing kit detection & collection.
- Slack notification.
- Threading.
Installation
$ gem install miteru
Usage
$ miteru
Commands:
miteru execute # Execute the crawler
miteru help [COMMAND] # Describe available commands or one specific command
$ miteru help execute
Usage:
miteru execute
Options:
[--auto-download], [--no-auto-download] # Enable or disable auto-download of phishing kits
[--directory-traveling], [--no-directory-traveling] # Enable or disable directory traveling
[--download-to=DOWNLOAD_TO] # Directory to download file(s)
# Default: /tmp
[--post-to-slack], [--no-post-to-slack] # Post a message to Slack if it detects a phishing kit
[--size=N] # Number of urlscan.io's results. (Max: 10,000)
# Default: 100
[--threads=N] # Number of threads to use
# Default: 10
[--verbose], [--no-verbose]
# Default: true
Execute the crawler
$ miteru execute
...
https://dummy1.com: it doesn't contain a phishing kit.
https://dummy2.com: it doesn't contain a phishing kit.
https://dummy3.com: it doesn't contain a phishing kit.
https://dummy4.com: it might contain a phishing kit (dummy.zip).
Using Docker (alternative if you don't install Ruby)
$ git clone https://github.com/ninoseki/miteru.git
$ cd miteru/docker
$ docker build -t miteru .
$ docker run miteru
# ex. auto-download detected phishing kit(s) into host machines's /tmp directory
$ docker run -v /tmp:/tmp miteru execute --auto-download
Aasciinema cast
Note
For using
--post-to-slack
feature, you should set the following environment variables:SLACK_WEBHOOK_URL
: Your Slack Webhook URL.SLACK_CHANNEL
: Slack channel to post a message (default: "#general").
Alternatives
- t4d/StalkPhish: The Phishing kits stalker, harvesting phishing kits for investigations.
- duo-labs/phish-collect: Python script to hunt phishing kits.
- leunammejii/analyst_arsenal: A tool belt for analysts to continue fighting the good fight.
Miteru - An Experimental Phishing Kit Detection Tool
Reviewed by Zion3R
on
6:11 PM
Rating: