squatm3: enumerate available domains

by do son · Published December 15, 2018 · Updated December 15, 2018

Squatm3

Squatm3 is a python tool designed to enumerate available domains generated modifying the original domain name through different techniques:

Substitution attacks
Flipping attack
Homoglyph attack

Squatm3 will help penetration testers to identify domains to be used in phishing attack simulations and security analysts to prevent effective phishing attacks.

It comes in two flavours:

command line tool
web solution (squatm3gator) that you can find

Install

git clone https://github.com/david3107/squatm3.git
sudo pip install -r requirements.txt

Use

usage: squatme.py [-h] [--url URL] [--tld [TLD]] [-A [ALL]] [-hg [HOMOGLYPH]]

                  [-F [FLIPPER]] [-R [REMOVE]] [--available [AVAILABLE]]





optional arguments:

  -h, --help            show this help message and exit

  --url URL             url to be squatted

  --tld [TLD]           read the tld list form file db/top_domains and

                        generate the domains. If not specified uses only .com

  -A [ALL]              execute all the squatting attacks

  -hg [HOMOGLYPH]       execute homoglyph attack

  -F [FLIPPER]          execute flipping attack

  -R [REMOVE]           remove one letter a time

  --available [AVAILABLE]

                        lists only the available domains

Source: https://github.com/david3107/

Search

Brilliantly

Content & Links