Catching malicious phishing domain names using certstream SSL certificates live stream.
This script is alerting through slack, if any phishing domains found related to your organization. if you want to track all suspicious domains in splunk, please monitor phishing_enterprise_domains.log file.
The script should work fine using Python2 or Python3.
You will need the following python packages installed: certstream, tqdm, entropy, termcolor, tld, python_Levenshtein,slackclient
pip install -r requirements.txt$ Open ./domains.py script and modify based on your organization. Ex: google
$ Open ./catch_phish.py script and put Your Slack Oauth Token and Channel ID.
$ Open ./catch_phish.py script go to l=[] #Put same keywords which is put it in domains.py
$ ./catch_phish.py