Catching phishing by observing certificate transparency logs. This tool is based on regex with effective standards for detecting phishing sites in real time using certstream and can also detect punycode (IDNA) attacks such as https://www.ṁyetḣerwallet.com.
This is a go port of the nodejs version originally by @6IX7ine.
$ go get github.com/sourcekris/goCertStreamCatcher
$ cd $GOPATH/src/github.com/sourcekris/goCertStreamCatcher
$ go build
Right now it builds a standalone binary goCertStreamCatcher so simply go build it and run ./goCertStreamCatcher
- Verify the punycode logic is as expected.
- Probably influence the logic more if the subdomain has a lot of dashes/periods
- Add additional analysis logic to detect other suspicious domain
- Headless browse the suspicious sites and grab screenshots?