Skip to content

joelgun-xyz/certphisher-dockerized

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
app
app
 
 
certphisher
certphisher
 
 
.gitignore
.gitignore
 
 
Dockerfile_backend
Dockerfile_backend
 
 
Dockerfile_frontend
Dockerfile_frontend
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
kitematic_certphisher.png
kitematic_certphisher.png
 
 
run.sh
run.sh
 
 
scoring_engine.png
scoring_engine.png
 
 
slack_notifcation.png
slack_notifcation.png
 
 

Repository files navigation

certphisher-dockerized

Dockerized version of certphisher

This is a fork of @x0rz's awesome phishing_catcher. I've updated his scoring engine with a submit functionality to VirusTotal, urlscan.io who fetches the response to a mongodb + flask frontend with slack integration for later review.

Feel free to modify, tweak the code.

Getting Started

Clone git repo to desired directory.

git clone https://github.com/joelgun-xyz/certphisher.git

Prerequisites

Make sure you have Docker installed on your local machine and have a DockerHub account.

Docker

Download Kinematic - Run containers through a simple, yet powerful graphical user interface. Kitematic

Edit config

Edit the default-config.ini with your API keys and rename it to config.ini.

; config.ini
[apikeys]
vt_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
urlscan_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx


[mongodb]
my_instance = mongodb://localhost:27017/
my_db = certphisher
my_col = sites
username = foo
password = bar

[slack]
integration = 1
bot_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
channel = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
relevant_score = 140

Slack Notifications

If you don't want or don't have yet a slack channel you can create one here:

or disable this feature in the config.ini file with this line:

slack_integration = 0

If you want to be notified about newly registered and high scored domains, you can adjust the score depending on your rating system when to fire a notification in your slack channel.

relevant_score = 140

If you enable notifications, you get messages like this in your channel:

Slack

Installation

Switch inside the certphisher-dockerized directory and run these commands to download and build the containers.

docker build --rm --no-cache -f "Dockerfile_frontend" -t certphisher/frontend:latest .

docker build --rm --no-cache -f "Dockerfile_backend" -t certphisher/backend:latest .

docker-compose -f "docker-compose.yml" up -d --build

Usage

Start Kinematic and watch your containers start correctly

Kitematic

The webfrontend should be served over: http://localhost:5000/

Change Scoring

Just the add / change the values in the files suspicious.yaml or external.yaml with your own keyword / scores if you want to customize it.

scoring_engine

License

This project is licensed under GNU General Public License v3.0

Authors

Acknowledgments

  • heywoodlh - for the great urlscan.io python wrapper Github

About

automated, dockerized phishing catcher

Topics

docker ctm certstream phishing-detection

Resources

Readme

License

GPL-3.0 license
Activity

Stars

4 stars

Watchers

0 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages