Skip to content
A tool designed to traverse phishing URL paths to search for phishing kit source code.
Python
Branch: master
Clone or download
Latest commit 3f976c3 Jun 8, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Create LICENSE Feb 13, 2019
README.md
phishfinder.py altered output directory and logging May 13, 2019
requirements.txt update to packages May 13, 2019

README.md

phishfinder

Overview

The tool will traverse a URL path to find open directories. If found, it will then look for any zip/txt/exe files and download them. The likelihood is these files will contain the phishing source code, victim logs and possibly malware. You can supply a list of urls in a text file, or by default the code will connect to phishtank and parse the latest known phishing urls.

Additionally, the tool will also attempt to guess the name of the .zip, as commonly this is the same as the current URI folder, e.g.

https://example.com/foo/bar.zip
https://example.com/foo.zip

Usage

Run the script without any arguments to use the latest URLs from http://data.phishtank.com/data/online-valid.json

python phishfinder.py

Else, you can pass a list of URLs and specify the folder where you'd like to save results

python phishfinder.py --input urls.txt --output /phishing/kit/folder

Example

phishfinder example

Install

$ pip install -r requirements.txt

TODO

Updates planned include:

  • Brute-forcing for files using the directory as the filename
  • Brute-forcing of victim log files from common txt file naming conventions
  • Speed up the requests and use threading
  • Resolve issue where a successful guess downloads a file, followed by an Open Directory download
You can’t perform that action at this time.