openSquat: Open-Source Phishing Domain Detector

When a Fake Domain Costs Millions
Imagine: an attacker registers a domain g00gle-login.com that's nearly indistinguishable from the real one. A week later, thousands of users land on a phishing site and enter their credentials... Familiar scenario? This is exactly the kind of threat openSquat helps detect — a tool for finding impersonator domains.
What This "Cyber Sentinel" Can Do
openSquat is a Python utility for OSINT analysis that:
- Automatically finds newly registered suspicious domains
- Detects dozens of attack types, including:
- Typosquatting (misspellings in domains)
- IDN attacks (Cyrillic characters instead of Latin)
- Bitsquatting (errors in bit representation)
- Lookalike domains
The main advantage is prevention. The system finds threats before they start being used.
Top 5 Features for Defenders
- Daily database updates — automatic checking of new domains
- Flexible sensitivity settings — from "strict" to "all suspicious"
- Integration with VirusTotal and Quad9 — domain reputation checking
- Multiple output formats — JSON, CSV, TXT for SIEM integration
- IDN attack detection — when "арррle.com" (with Cyrillic "р") looks like the original
# Пример запуска с максимальной проверкой
python opensquat.py --phishing phish.txt --dns --ct --subdomains --portcheck
How It Works Technically
Under the hood:
- Levenshtein algorithm for domain similarity comparison
- Certificate Transparency Log parsing
- API integration with external services
- Modular architecture on Python 3.6+

Who Can Benefit in Practice
- Corporate security specialists — monitoring brand impersonation
- Online store owners — protecting customers from phishing
- Hosting providers — identifying malicious accounts
- Government agencies — controlling impersonator domains
Verdict: Worth Trying
openSquat is a rare case where an open-source solution rivals commercial alternatives. The project is actively developed (800+ stars on GitHub), has a Telegram bot, and even a REST API.
Try it if:
- You work in cybersecurity
- You manage an important domain
- You want to automate threat hunting
Installation is just a couple of commands:
git clone https://github.com/atenreiro/opensquat
pip install -r requirements.txt
P.S. Project author Andre Tenreiro is open to collaboration — you can suggest improvements or new features directly in Issues on GitHub.
Related projects