Skip to content
master
Switch branches/tags
Go to file
Code

README.md

Miteru

Gem Version Build Status Docker Cloud Build Status CodeFactor Coverage Status

Miteru is an experimental phishing kit detection tool.

How it works

Features

  • Phishing kit detection & collection.
  • Slack notification.
  • Threading.

Installation

gem install miteru

Usage

$ miteru
Commands:
  miteru execute         # Execute the crawler
  miteru help [COMMAND]  # Describe available commands or one specific command
$ miteru help execute
Usage:
  miteru execute

Options:
  [--auto-download], [--no-auto-download]              # Enable or disable auto-download of phishing kits
  [--ayashige], [--no-ayashige]                        # Enable or disable ayashige(ninoseki/ayashige) feed
  [--directory-traveling], [--no-directory-traveling]  # Enable or disable directory traveling
  [--download-to=DOWNLOAD_TO]                          # Directory to download file(s)
                                                       # Default: /tmp
  [--post-to-slack], [--no-post-to-slack]              # Post a message to Slack if it detects a phishing kit
  [--size=N]                                           # Number of urlscan.io's results. (Max: 10,000)
                                                       # Default: 100
  [--threads=N]                                        # Number of threads to use
  [--verbose], [--no-verbose]
                                                       # Default: true

Execute the crawler
$ miteru execute
...
https://dummy1.com: it doesn't contain a phishing kit.
https://dummy2.com: it doesn't contain a phishing kit.
https://dummy3.com: it doesn't contain a phishing kit.
https://dummy4.com: it might contain a phishing kit (dummy.zip).

Using Docker (alternative if you don't install Ruby)

$ docker pull ninoseki/miteru
# ex. auto-download detected phishing kit(s) into host machines's /tmp directory
$ docker run --rm -v /tmp:/tmp ninoseki/miteru execute --auto-download

Configuration

For using --post-to-slack feature, you should set the following environment variables:

  • SLACK_WEBHOOK_URL: Your Slack Webhook URL.
  • SLACK_CHANNEL: Slack channel to post a message (default: "#general").

If you are a urlscan.io Pro user, set your API key as an environment variable URLSCAN_API_KEY.

It enables you to subscribe the urlscan.io phish feed.

Examples

Aasciinema cast

asciicast

Slack notification

img

Alternatives

About

An experimental phishing kit detection tool

Topics

Resources

License

Packages

No packages published

Languages