- What is openSquat?
- Key Features
- Quick Start
- Requirements
- Usage
- Configuration
- Automation
- Integrations
- CLI Reference
- Contributing
- Author
- License
openSquat is an Open Source Intelligence (OSINT) security tool that identifies cyber squatting threats targeting your brand or domains:
| Threat Type | Description |
|---|---|
| π£ Phishing | Fraudulent domains mimicking your brand |
| π€ Typosquatting | Domains with common typos (e.g., gooogle.com) |
| π IDN Homograph | Look-alike characters from other alphabets |
| π₯ DoppelgΓ€nger | Domains containing your brand name |
| π Bitsquatting | Single-bit errors in domain names |
- π Daily NRD feeds β Automatic newly registered domain updates
- π Similarity detection β Levenshtein & Jaro-Winkler algorithms
- π‘οΈ VirusTotal integration β Check domain reputation
- π Quad9 DNS validation β Identify malicious domains
- π Certificate Transparency β Monitor SSL/TLS certificates
- π Multiple output formats β TXT, JSON, CSV
# 1. Clone the repository
git clone https://github.com/atenreiro/opensquat
cd opensquat
# 2. Install dependencies
pip install -r requirements.txt
# 3. Run with your keywords
python opensquat.py -k keywords.txt- Python 3.6+
- Dependencies:
colorama,dnspython,requests,beautifulsoup4
# Default run
python opensquat.py
# Show all options
python opensquat.py -h
# Use custom keywords file
python opensquat.py -k my_keywords.txt# DNS validation via Quad9
python opensquat.py --dns
# Check Certificate Transparency logs
python opensquat.py --ct
# Scan for open ports (80/443)
python opensquat.py --portcheck
# Cross-reference phishing databases
python opensquat.py --phishing results.txt# Save as JSON
python opensquat.py -o results.json -t json
# Save as CSV
python opensquat.py -o results.csv -t csv| Level | Flag | Description |
|---|---|---|
| 0 | -c 0 |
Very high (fewer results, high accuracy) |
| 1 | -c 1 |
High (default) |
| 2 | -c 2 |
Medium |
| 3 | -c 3 |
Low |
| 4 | -c 4 |
Very low (more results, more false positives) |
# Lines starting with # are comments
mycompany
mybrand
myproduct
To use --vt or --subdomains, add your API key:
# Get your free API key at https://www.virustotal.com
your_api_key_here
Run daily via crontab:
# Every day at 8 AM (feeds update ~7:30 AM UTC)
0 8 * * * /path/to/opensquat/opensquat.py -k keywords.txt -o results.json -t json| Platform | Link |
|---|---|
| π€ Telegram Bot | @opensquat_bot |
| π REST API | RapidAPI |
| Argument | Default | Description |
|---|---|---|
-k, --keywords |
keywords.txt |
Keywords file to search |
-o, --output |
results.txt |
Output filename |
-t, --type |
txt |
Output format: txt, json, csv |
-c, --confidence |
1 |
Confidence level (0-4) |
-d, --domains |
β | Use local domain file instead of downloading |
-m, --method |
Levenshtein |
Algorithm: Levenshtein or JaroWinkler |
--dns |
β | Enable Quad9 DNS validation |
--ct |
β | Search Certificate Transparency logs |
--phishing |
β | Cross-reference phishing database |
--subdomains |
β | Fetch subdomains via VirusTotal |
--portcheck |
β | Check for open ports 80/443 |
--vt |
β | Validate against VirusTotal |
We welcome contributions! See our Contributing Guide for details.
- π Report bugs via GitHub Issues
- π‘ Request features by opening an issue
- π§ Submit PRs for bug fixes or enhancements
Andre Tenreiro β LinkedIn Β· PGP Key
This project is licensed under the GNU GPL v3.
