An experimental phishing kit detection tool
Clone or download
Latest commit a15905f Dec 7, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin v0.1.0 Sep 17, 2018
docker feat: add Dockerfile Nov 19, 2018
exe v0.1.0 Sep 17, 2018
lib v0.11.0 Dec 8, 2018
spec fix: parenthesize the method argument Dec 8, 2018
.gitignore v0.1.0 Sep 17, 2018
.rspec v0.1.0 Sep 17, 2018
.travis.yml chore: update travis.yml Oct 27, 2018
Gemfile v0.1.0 Sep 17, 2018
LICENSE Initial commit Sep 17, 2018
README.md feat: add Ayashige as an input Dec 8, 2018
Rakefile v0.1.0 Sep 17, 2018
miteru.gemspec v0.10.2 (hotfix) Nov 18, 2018

README.md

Miteru

Gem Version Build Status Maintainability Coverage Status

Miteru is an experimental phishing kit detection tool.

How it works

Features

  • Phishing kit detection & collection.
  • Slack integration. (Posting a message to Slack if the tool detects a phishing kit.)
  • Threading.

Installation

$ gem install miteru

Usage

$ miteru
Commands:
  miteru execute         # Execute the crawler
  miteru help [COMMAND]  # Describe available commands or one specific command
$ miteru help execute
Usage:
  miteru execute

Options:
  [--auto-download], [--no-auto-download]              # Enable or disable auto-download of compressed file(s)
  [--directory-traveling], [--no-directory-traveling]  # Enable or disable directory traveling
  [--download-to=DOWNLOAD_TO]                          # Directory to download file(s)
                                                       # Default: /tmp
  [--post-to-slack], [--no-post-to-slack]              # Post a message to Slack if it detects a phishing kit
  [--size=N]                                           # Number of urlscan.io's results. (Max: 10,000)
                                                       # Default: 100
  [--threads=N]                                        # Number of threads to use
                                                       # Default: 10
  [--verbose], [--no-verbose]
                                                       # Default: true

Execute the crawler
$ miteru execute
...
https://dummy1.com: it doesn't contain a phishing kit.
https://dummy2.com: it doesn't contain a phishing kit.
https://dummy3.com: it doesn't contain a phishing kit.
https://dummy4.com: it might contain a phishing kit (dummy.zip).

Using Docker (alternative if you don't install Ruby)

$ git clone https://github.com/ninoseki/miteru.git
$ cd miteru/docker
$ docker build -t miteru .
$ docker run miteru
# ex. auto-download detected phishing kit(s) into host machines's /tmp directory
$ docker run -v /tmp:/tmp miteru execute --auto-download

Aasciinema cast

asciicast

Note: Stoped the process during the execution because it takes minutes to finish.

Note

For using --post-to-slack feature, you should set the following environment variables:

  • SLACK_WEBHOOK_URL: Your Slack Webhook URL.
  • SLACK_CHANNEL: Slack channel to post a message (default: "#general").

Alternatives