opensquat
β View on GitHubAI Summary: openSquat is an open-source intelligence (OSINT) tool designed to identify cyber squatting threats against brands or domains. It leverages advanced detection techniques, such as similarity detection using the Levenshtein distance algorithm, and integrates with services like VirusTotal for domain reputation checks. Key features include daily updates on newly registered domains, DNS validation, and multiple output formats, enhancing its utility for security professionals monitoring potential domain-related threats.
README
openSquat Core
π Table of Contents
- What is openSquat?
- Open-Core Model
- Key Features
- Quick Start
- Requirements
- Usage
- Configuration
- Automation
- CLI Reference
- Contributing
- Author
- License
π― What is openSquat?
openSquat is an Open Source Intelligence (OSINT) security tool that identifies cyber squatting threats targeting your brand or domains:
| Threat Type | Description |
|---|---|
| π£ Phishing | Fraudulent domains mimicking your brand |
| π€ Typosquatting | Domains with common typos (e.g., gooogle.com) |
| π IDN Homograph | Look-alike characters from other alphabets |
| π₯ DoppelgΓ€nger | Domains containing your brand name |
| π Bitsquatting | Single-bit errors in domain names |
π Open-Core Model
openSquat follows an open-core model:
- Core detection engine β Open source and community-driven
- Advanced capabilities β Delivered through commercial intelligence services
This model enables transparency and community collaboration while supporting the scale, reliability, and operational requirements of enterprise use.
β¨ Key Features
- π Daily NRD feeds β Automatic newly registered domain updates
- π Similarity detection β Levenshtein distance algorithm
- π‘οΈ VirusTotal integration β Check domain reputation
- π Quad9 DNS validation β Identify malicious domains
- π Certificate Transparency β Monitor SSL/TLS certificates
- π Multiple output formats β TXT, JSON, CSV
π Quick Start
Install via pip (recommended)
pip install opensquat
opensquat -k keywords.txt
Or clone the repository
git clone https://github.com/atenreiro/opensquat
cd opensquat
pip install -r requirements.txt
python opensquat.py -k keywords.txt
π¦ Requirements
- Python 3.8+
- Dependencies:
confusable_homoglyphs,homoglyphs,colorama,requests,dnspython,beautifulsoup4
π Usage
Basic Commands
# Default run
opensquat
# Show all options
opensquat -h
# Use custom keywords file
opensquat -k my_keywords.txt
Validation Options
# DNS validation via Quad9
opensquat --dns
# Check Certificate Transparency logs
opensquat --ct
# Scan for open ports (80/443)
opensquat --portcheck
# Cross-reference phishing databases
opensquat --phishing results.txt
Output Formats
# Save as JSON
opensquat -o results.json -t json
# Save as CSV
opensquat -o results.csv -t csv
Confidence Levels
| Level | Flag | Description |
|---|---|---|
| 0 | -c 0 | Very high (fewer results, high accuracy) |
| 1 | -c 1 | High (default) |
| 2 | -c 2 | Medium |
| 3 | -c 3 | Low |
| 4 | -c 4 | Very low (more results, more false positives) |
βοΈ Configuration
Keywords File (keywords.txt)
# Lines starting with # are comments
mycompany
mybrand
myproduct
VirusTotal API Key (vt_key.txt)
To use --vt or --subdomains, add your API key:
# Get your free API key at https://www.virustotal.com
your_api_key_here
π€ Automation
Run daily via crontab:
# Every day at 8 AM (feeds update ~7:30 AM UTC)
0 8 * * * /path/to/opensquat/opensquat.py -k keywords.txt -o results.json -t json
π CLI Reference
| Argument | Default | Description |
|---|---|---|
-k, --keywords | keywords.txt | Keywords file to search |
-o, --output | results.txt | Output filename |
-t, --type | txt | Output format: txt, json, csv |
-c, --confidence | 1 | Confidence level (0-4) |
-d, --domains | β | Use local domain file instead of downloading |
-u, --url | opensquat feed | URL to download domain feed |
--dns | β | Enable Quad9 DNS validation |
--doppelganger | β | Doppelganger-only mode (keyword in domain + reachability check) |
--ct | β | Search Certificate Transparency logs |
--phishing | β | Cross-reference phishing database |
--subdomains | β | Fetch subdomains via VirusTotal |
--portcheck | β | Check for open ports 80/443 |
--vt | β | Validate against VirusTotal |
π€ Contributing
We welcome contributions! See our Contributing Guide for details.
- π Report bugs via GitHub Issues
- π‘ Request features by opening an issue
- π§ Submit PRs for bug fixes or enhancements
π€ Author
Andre Tenreiro β LinkedIn Β· PGP Key
π License
This project is licensed under the GNU GPL v3.