Git Product home page Git Product logo

nettfiske's Introduction

Crates.io Build Status MIT licensed Apache-2.0 licensed

Nettfiske

Uses certstream SSL certificates live stream to identify possible phishing domain names. It is inspired by Phishing Catcher.

Usage

cargo run --release sample.json

Example

[Nettfiske]  Fetching Certificates ...
Homoglyph detected youtuḅe.com (Punycode: xn--youtue-tg7b.com)
Homoglyph detected youtuḅe.com (Punycode: xn--youtue-tg7b.com)
Homoglyph detected whatsapp.com (Punycode: xn--hatsapp-h41c.com)
Homoglyph detected whatsapp.com (Punycode: xn--hatsapp-h41c.com)
Homoglyph detected twiṫter.com (Punycode: xn--twiter-507b.com)
Homoglyph detected twiṫter.com (Punycode: xn--twiter-507b.com)
Suspicious paypal.com-secure.warn-allmail.com (score 72)
Suspicious applêid.àpplê.com.iosets.com (score 65) (Punycode: xn--applid-lva.xn--ppl-8ka7c.com.iosets.com)
Suspicious facebook.com-verified-id939819835.com (score 69)
Suspicious appleid.apple.com.invoice-qwery.gq (score 75)
Suspicious instagramaccountverifica.altervista.org (score 69)

Use Cases

Attempt to detect the use of Punycode and Homoglyph Attacks to obfuscate Domains. The homograph protection mechanism in Chrome, Firefox, and Opera may fail when some characters are replaced with a similar character from a foreign language.

Example:

  • microsoft.com⁄index.html.irongeek.com
  • microsoft.xn--comindex-g03d.html.irongeek.com

The slash symbol in the first url is not really a slash symbol at all. Also adding a SSL certificate can take few minutes and the user can feel safer with the locker next to domain.

Example, try to open the domain https://www.xn--80ak6aa92e.com/ on Firefox.

nettfiske's People

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

securycore blue-infosec phihsh wang-zifu masterscott akinnane croat79 acro5piano

nettfiske's Issues

Every request fails: missing field `chain`

certstream seem to have changed their API:

[2020-12-10][16:31:43] Received unknown message: missing field `chain` at line 1 column 1813
[2020-12-10][16:31:43] Received unknown message: missing field `chain` at line 1 column 1919
[2020-12-10][16:31:43] Received unknown message: missing field `chain` at line 1 column 1606
[2020-12-10][16:31:43] Received unknown message: missing field `chain` at line 1 column 1794

index out of bounds

I've encountered an index out of bounds panic with cargo 1.39.0.

[Nettfiske] 🔍   Fetching Certificates ...
thread 'main' panicked at 'index out of bounds: the len is 1 but the index is 1', /private/tmp/rust-20191107-43598-2ji78o/rustc-1.39.0-src/src/libcore/slice/mod.rs:2717:10
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace.

[Nettfiske] 🔍   Fetching Certificates ...
thread 'main' panicked at 'index out of bounds: the len is 1 but the index is 1', /private/tmp/rust-20191107-43598-2ji78o/rustc-1.39.0-src/src/libcore/slice/mod.rs:2717:10
stack backtrace:
   0: <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt
   1: core::fmt::write
   2: std::io::Write::write_fmt
   3: std::panicking::default_hook::{{closure}}
   4: std::panicking::default_hook
   5: std::panicking::rust_panic_with_hook
   6: std::panicking::continue_panic_fmt
   7: rust_begin_unwind
   8: core::panicking::panic_fmt
   9: core::panicking::panic_bounds_check
  10: nettfiske::nettfiske::Nettfiske::analyse_domain
  11: <nettfiske::WebSocketHandler as nettfiske::websockets::EventHandler>::on_data_event
  12: nettfiske::websockets::WebSockets::event_loop
  13: nettfiske::main
  14: std::rt::lang_start::{{closure}}
  15: std::panicking::try::do_call
  16: __rust_maybe_catch_panic
  17: std::rt::lang_start_internal
  18: main
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.

Codebase has many redundant `use` statements

I happened to run clippy on the code, and there's quite a lot of these:

warning: this import is redundant
 --> src/main.rs:7:1
  |
7 | use serde_json;
  | ^^^^^^^^^^^^^^^ help: remove it entirely
  |
  = note: `#[warn(clippy::single_component_path_imports)]` on by default
  = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#single_component_path_imports

warning: this import is redundant
 --> src/errors.rs:1:1
  |
1 | use std;
  | ^^^^^^^^ help: remove it entirely
  |
  = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#single_component_path_imports

warning: this import is redundant
 --> src/errors.rs:2:1
  |
2 | use url;
  | ^^^^^^^^ help: remove it entirely
  |
  = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#single_component_path_imports

warning: this import is redundant
 --> src/errors.rs:3:1
  |
3 | use tungstenite;
  | ^^^^^^^^^^^^^^^^ help: remove it entirely
  |
  = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#single_component_path_imports

warning: this import is redundant
 --> src/nettfiske.rs:1:1
  |
1 | use fern;
  | ^^^^^^^^^ help: remove it entirely
  |
  = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#single_component_path_imports

warning: this import is redundant
 --> src/nettfiske.rs:2:1
  |
2 | use chrono;
  | ^^^^^^^^^^^ help: remove it entirely
  |
  = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#single_component_path_imports

warning: 6 warnings emitted

What do you think about this? I'm new to rust, so perhaps this pattern is OK?

Tag releases?

Would it be an idea to tag releases? Makes it a bit easier for us trying to build packages from the repo.
Thanks!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.