antisquat: An AI-Powered Phishing Domain Finder

by do son · October 31, 2023

AntiSquat

AntiSquat leverages AI techniques such as natural language processing (NLP), large language models (ChatGPT) and more to empower detection of typosquatting and phishing domains.

What sets AntiSquat apart

Large Language Model / ChatGPT integration
AntiSquat takes a fresh perspective on tackling the challenge of typosquatting. It serves as a complementary and enhancing approach to existing methods by harnessing the power of AI techniques like natural language processing (NLP) and large language models (LLMs), ChatGPT in this case. By leveraging these advanced technologies, AntiSquat aims to strengthen the detection process. It utilizes NLP to understand how words are used in language, and LLMs like ChatGPT to generate various domain name variations efficiently. This combined approach boosts the ability to identify and counter the deceptive tactics employed by cybercriminals.
Image processing and optical character recognition
Using Selenium, AntiSquat renders a webpage as a user would see it, then tries extracting all available text in the final version of the page. Some phishers use image assets to prevent phishing detection, so ChatGPT also uses OpenCV and Tesseract OCR to extract words from within images. Words collected from phishing sites are compared to the words collected from the original site, using algorithms such as Levenshtein distancing, which helps the tool generate a similarity index for sites.
Contact information provisioning
AntiSquat integrates with GoDaddy and Whois to try and determine if domains are available for sale. It also tries extracting intelligence such as contact information (emails and phone numbers) from site pages so that organizations can contact domain owners. This is helpful if the domain is available for sale privately. Organizations can use this data to buy out these domains in bulk to protect their users.