aljaz/squatm3gator
1
0
Fork 0
mirror of https://github.com/aljazceru/squatm3gator.git synced 2025-12-17 06:34:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
c8fec7e437bcd0622d0c3851090484a54b2f5064
squatm3gator/squatm3-api/wrapper/3rdparty/squatm3/README.md
OC12YS c8fec7e437 First release - BlackHat Arsenal tool
2018-12-04 16:01:33 +01:00

2.9 KiB
Raw Blame History

About Squatm3


Squatm3 is a python tool designed to enumerate available domains generated modifying the original domain name through different techniques:

  • Substitution attacks
  • Flipping attack
  • Homoglyph attack fast (execute a fast homoglyph attack, mutating only one letter at the time )
  • Homoglyph attack complete (generates all the possible combinations)

Squatm3 will help penetration testers to identify domains to be used in phishing attack simulations and security analysts to prevent effective phishing attacks

Installation

git clone https://github.com/david3107/squatm3.git

Recommended Python Version:

Squatm3 currently supports only Python 3

Dependencies:

Squatm3 depends on the tld , validators and the decorator>=4.1.2 python modules.

These dependencies can be installed using the requirements file:

  • Installation on Windows:
c:\python33\python.exe -m pip install -r requirements.txt --user
  • Installation on Linux and MacOS
pip install -r requirements.txt --user

Usage


 ___             __    _           ____
/ __> ___  _ _  /. | _| |_ ._ _ _ <__ /
\__ \/ . || | |/_  .| | |  | ' ' | <_ \
<___/\_  |`___|  |_|  |_|  |_|_|_|<___/
       | |


usage: squatme.py [-h] [--url URL] [--tld [TLD]] [-A [ALL]]
                  [-Hf [HOMOGLYPH_FAST]] [-Hc [HOMOGLYPH_COMPLETE]]
                  [-F [FLIPPER]] [-R [REMOVE]] [--godaddy [ENABLE_GODADDY]]
                  [--output [{text,json}]] [--only-available [AVAILABLE]]

SquatMe v1.2 - @davide107

optional arguments:
  -h, --help            show this help message and exit
  --url URL             url to be squatted
  --tld [TLD]           read the tld list form file db/top_domains and
                        generate the domains. If not specified uses only .com
  -A [ALL]              execute all the squatting attacks
  -Hf [HOMOGLYPH_FAST]  execute a fast homoglyph attack, mutating only one
                        letter at the time
  -Hc [HOMOGLYPH_COMPLETE]
                        execute a complete homoglyph attack,generating all the
                        possible combinations (slow)
  -F [FLIPPER]          execute flipping attack
  -R [REMOVE]           remove one letter a time
  --godaddy [ENABLE_GODADDY]
                        checks on godaddy if the domain is available for sale
                        together with the price
  --output [{text,json}]
                        Output of the tool: text (stdout), csv(file) or
                        json(file)
  --only-available [AVAILABLE]
                        lists only the available domains for purchase

License

Squatm3 is licensed under the GNU GPL license.

Troubleshooting

If after the usage of the tool you do not get any results, it is possible that GoDaddy limited your IP. Workaround:

  • use VPN
  • wait till your IP is allowed again

Version

** Current version is 1.1 **