Phishing Catcher

Phishing Catcher by x0rz is a tool designed to detect and catch possible phishing domains in near real-time. According to the vendor, this solution caters to the needs of cybersecurity professionals, IT administrators, threat intelligence analysts, security operations centers, and financial institutions. With its advanced features and customizable configuration file, Phishing Catcher aims to provide a comprehensive solution to combat phishing attacks and safeguard sensitive information.

Key Features

Catch Phishing Domains: According to the vendor, Phishing Catcher monitors TLS certificate issuances reported to the Certificate Transparency Log (CTL) via the CertStream API to detect and catch possible phishing domains in near real-time. Domain names are scored based on a configuration file to determine their level of suspicion.

Configuration File: The tool utilizes a simple YAML configuration file that allows users to assign scores to strings found in TLS certificate domain names. This customization enables adjustments or additions to strings and their corresponding scores. The configuration file includes two dictionaries: keywords and tlds, and assigns scores to strings found in the common name or SAN field of a TLS certificate.

Scoring Algorithm: Phishing Catcher employs a scoring algorithm to determine the level of suspicion for a domain name. According to the vendor, suspicious domains must meet or exceed specific thresholds: 65 for potential, 80 for likely, and 90 for suspicious. This scoring system aims to ensure accurate identification and reporting of phishing attempts.

Support for Custom Config: The tool supports the use of a custom configuration file as an override for the default configuration file. According to the vendor, this flexibility enables users to tailor the scoring system to their specific needs by adjusting or adding strings and scores.

Simple Usage: According to the vendor, Phishing Catcher is designed to be easy to use, requiring only a simple command to run the script. Once configured, usage is as simple as running the script, providing a user-friendly experience.

Docker Container: For users facing installation difficulties on macOS or other operating systems, Phishing Catcher offers the option to run the tool in a Docker container. According to the vendor, this alternative installation method aims to ensure seamless accessibility and usability.