squatm3: enumerate available domains


Squatm3 is a python tool designed to enumerate available domains generated modifying the original domain name through different techniques:

  • Substitution attacks
  • Flipping attack
  • Homoglyph attack

Squatm3 will help penetration testers to identify domains to be used in phishing attack simulations and security analysts to prevent effective phishing attacks.

It comes in two flavours:

  • command line tool
  • web solution (squatm3gator) that you can find


git clone https://github.com/david3107/squatm3.git
sudo pip install -r requirements.txt


usage: squatme.py [-h] [--url URL] [--tld [TLD]] [-A [ALL]] [-hg [HOMOGLYPH]]
                  [-F [FLIPPER]] [-R [REMOVE]] [--available [AVAILABLE]]

optional arguments:
  -h, --help            show this help message and exit
  --url URL             url to be squatted
  --tld [TLD]           read the tld list form file db/top_domains and
                        generate the domains. If not specified uses only .com
  -A [ALL]              execute all the squatting attacks
  -hg [HOMOGLYPH]       execute homoglyph attack
  -F [FLIPPER]          execute flipping attack
  -R [REMOVE]           remove one letter a time
  --available [AVAILABLE]
                        lists only the available domains


Copyright (C) 2018 david3107

Source: https://github.com/david3107/