phishstats-api-network

phishstats-api-network copied to clipboard

phishstats-api-network

Visualize networks (pyvis) of phishing by querying the phishstats.info API

Changelog

v0.1 - Initial release

v0.2 - Shodan integration

v0.3 - Technologies used to build the website/phishing

This code was built using python 2.7 and then changed to python 3. The only difference is the way prints are made, everything else works fine on both versions.

Main purpose is to query phishstats.info API and create a graph network where nodes are: URL, website title, hostname, domain, IP, country, ASN (autonomous system number) and ISP. A maximum of the last 100 results are returned and used to create the network.

PS: the output file is a .html to be opened in a browser. If you run this tool on a server you won't be able to see the graph network.

Download git clone https://github.com/eschultze/phishstats-api-network

Into directory cd phishstats-api-network/

Install packages pip3 install -r requirements.txt

Usage:

phishapinetwork.py field operator search

Usage examples:

phishapinetwork.py title eq facebook (for phishing with title facebook)

phishapinetwork.py title like ~facebook~ (for phishing with anything+facebook+anything)

phishapinetwork.py ip eq 148.228.16.3 (for phishing with a specific IP address)

phishapinetwork.py tld eq br (for phishing with .br domains)

phishapinetwork.py countrycode eq br (for phishing hosted in Brazil)

phishapinetwork.py title asn eq as13335 (for phishing using Cloudflare)

phishapinetwork.py title isp like ~cloudflare~ (for phishing using Cloudflare - slower than the above)

phishapinetwork.py title like ~brandyouwanttofind~ (change it for brands you know are being targeted)

phishapinetwork.py url like ~brandyouwanttofind~ (change it for brands you know are being targeted)

How is the output?