Miteru:实验性网络钓鱼工具包检测工具
2019-07-14 16:00:31 Author: www.freebuf.com(查看原文) 阅读量:103 收藏

1.jpg

Miteru

Miteru是一款实验性网络钓鱼检测工具,广大研究人员可以使用这款工具来进行网络钓鱼工具的感染检测。

工具运行机制

该工具可以从下列来源收集钓鱼URL地址:

1、 CertStream-Suspicious feed

2、 OpenPhish feed

3、 PhishTank feed

4、 Ayashige feed

功能介绍

1、 钓鱼工具检测与收集;

2、 Slack通知;

3、 线程检测

工具安装

gem install miteru

工具使用

$miteru

Commands:

  miteru execute         # Execute the crawler

  miteru help [COMMAND]  # Describe available commands or one specific command

$miteru help execute

Usage:

  miteru execute

Options:

  [--auto-download], [--no-auto-download]              # Enable or disable auto-downloadof phishing kits

  [--ayashige], [--no-ayashige]                        # Enable or disableayashige(ninoseki/ayashige) feed

  [--directory-traveling],[--no-directory-traveling]  # Enable ordisable directory traveling

  [--download-to=DOWNLOAD_TO]                          # Directory todownload file(s)

                                                      # Default: /tmp

  [--post-to-slack], [--no-post-to-slack]              # Post a message to Slack if itdetects a phishing kit

  [--size=N]                                           #Number of urlscan.io's results. (Max: 10,000)

                                                      # Default: 100

  [--threads=N]                                        #Number of threads to use

  [--verbose], [--no-verbose]

                                                      # Default: true

Executethe crawler

结果输出:

$miteru execute

...

https://dummy1.com:it doesn't contain a phishing kit.

https://dummy2.com:it doesn't contain a phishing kit.

https://dummy3.com:it doesn't contain a phishing kit.

https://dummy4.com:it might contain a phishing kit (dummy.zip).

使用Docker(如果你没有安装Ruby的话)

$ git clone https://github.com/ninoseki/miteru.git

$ cd miteru/docker

$docker build -t miteru .

$docker run miteru

# ex.auto-download detected phishing kit(s) into host machines's /tmp directory

$docker run -v /tmp:/tmp miteru execute --auto-download

工具配置

如果你想使用–post-to-slack功能,你需要设置以下环境变量:

SLACK_WEBHOOK_URL:你的SlackWebhook URL;

SLACK_CHANNEL:用于发送消息的Slack信道(默认值: “#general”);

Slack通知

2.png

替换方案

1、 t4d/StalkPhish:网络钓鱼工具跟踪器,可收集钓鱼工具以供研究使用。

2、 duo-labs/phish-collect:用于追踪钓鱼工具的Python脚本;

3、 leunammejii/analyst_arsenal:安全分析师的利器;

项目地址

Miteru:【GitHub传送门

* 参考来源:ninoseki,FB小编Alpha_h4ck编译,转载请注明来自FreeBuf.COM


文章来源: https://www.freebuf.com/sectool/207561.html
如有侵权请联系:admin#unsafe.sh