Question 1

How to send Phishing Catcher alerts to Slack or email?

Accepted Answer

Phishing Catcher outputs to STDOUT by default, so you need to pipe the output to a custom script that uses APIs like Slack webhooks or SMTP. For example, modify the script to call external services when score thresholds are met, as there's no built-in integration.

Question 2

Phishing Catcher vs. other tools like CertStream Monitor for phishing detection?

Accepted Answer

Phishing Catcher is open-source and highly configurable via YAML files, focusing on keyword scoring, while tools like CertStream Monitor might offer more features or different APIs. For custom, low-cost real-time monitoring, Phishing Catcher is a good choice, but it lacks some commercial tool integrations.

Question 3

Can Phishing Catcher detect typosquatting or homoglyph domains?

Accepted Answer

No, it only scores based on keywords and TLDs in the domain name string, without analyzing character substitutions or visual similarities. To detect such domains, you'd need to enhance the scoring logic with additional libraries or custom code.

Question 4

How to change the alert thresholds in Phishing Catcher?

Accepted Answer

The thresholds (65, 80, 90) are hardcoded in the script's logic. You must edit the source code, such as the score_domain function or alerting sections, to adjust these values, as there's no configuration file for thresholds.

Question 5

Is Phishing Catcher scalable for high-volume certificate monitoring?

Accepted Answer

As a single-threaded Python script, it may struggle with thousands of issuances per second from CertStream. For scalability, consider optimizing the code, using multi-threading, or deploying multiple instances, but this requires technical expertise.

Question 6

What happens if the CertStream API is down while using Phishing Catcher?

Accepted Answer

The tool relies on CertStream for data; if the API is unavailable, it will stop receiving new certificate issuances. There's no built-in retry mechanism or fallback, so you might miss data during outages, requiring manual monitoring.

phishing_catcher

What is phishing_catcher?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions