- What is openSquat?
- Key Features
- Quick Start
- Requirements
- Usage
- Configuration
- Automation
- Integrations
- CLI Reference
- Contributing
- Author
- License
openSquat is an Open Source Intelligence (OSINT) security tool that identifies cyber squatting threats targeting your brand or domains:
| Threat Type | Description |
|---|---|
| 🎣 Phishing | Fraudulent domains mimicking your brand |
| 🔤 Typosquatting | Domains with common typos (e.g., gooogle.com) |
| 🌐 IDN Homograph | Look-alike characters from other alphabets |
| 👥 Doppelgänger | Domains containing your brand name |
| 🔀 Bitsquatting | Single-bit errors in domain names |
- 📅 Daily NRD feeds — Automatic newly registered domain updates
- 🔍 Similarity detection — Levenshtein & Jaro-Winkler algorithms
- 🛡️ VirusTotal integration — Check domain reputation
- 🌐 Quad9 DNS validation — Identify malicious domains
- 📜 Certificate Transparency — Monitor SSL/TLS certificates
- 📊 Multiple output formats — TXT, JSON, CSV
# 1. Clone the repository
git clone https://github.com/atenreiro/opensquat
cd opensquat
# 2. Install dependencies
pip install -r requirements.txt
# 3. Run with your keywords
python opensquat.py -k keywords.txt- Python 3.6+
- Dependencies:
colorama,dnspython,requests,beautifulsoup4
# Default run
python opensquat.py
# Show all options
python opensquat.py -h
# Use custom keywords file
python opensquat.py -k my_keywords.txt# DNS validation via Quad9
python opensquat.py --dns
# Check Certificate Transparency logs
python opensquat.py --ct
# Scan for open ports (80/443)
python opensquat.py --portcheck
# Cross-reference phishing databases
python opensquat.py --phishing results.txt# Save as JSON
python opensquat.py -o results.json -t json
# Save as CSV
python opensquat.py -o results.csv -t csv| Level | Flag | Description |
|---|---|---|
| 0 | -c 0 |
Very high (fewer results, high accuracy) |
| 1 | -c 1 |
High (default) |
| 2 | -c 2 |
Medium |
| 3 | -c 3 |
Low |
| 4 | -c 4 |
Very low (more results, more false positives) |
# Lines starting with # are comments
mycompany
mybrand
myproduct
To use --vt or --subdomains, add your API key:
# Get your free API key at https://www.virustotal.com
your_api_key_here
Run daily via crontab:
# Every day at 8 AM (feeds update ~7:30 AM UTC)
0 8 * * * /path/to/opensquat/opensquat.py -k keywords.txt -o results.json -t json| Platform | Link |
|---|---|
| 🤖 Telegram Bot | @opensquat_bot |
| 🔌 REST API | RapidAPI |
| Argument | Default | Description |
|---|---|---|
-k, --keywords |
keywords.txt |
Keywords file to search |
-o, --output |
results.txt |
Output filename |
-t, --type |
txt |
Output format: txt, json, csv |
-c, --confidence |
1 |
Confidence level (0-4) |
-d, --domains |
— | Use local domain file instead of downloading |
-m, --method |
Levenshtein |
Algorithm: Levenshtein or JaroWinkler |
--dns |
— | Enable Quad9 DNS validation |
--ct |
— | Search Certificate Transparency logs |
--phishing |
— | Cross-reference phishing database |
--subdomains |
— | Fetch subdomains via VirusTotal |
--portcheck |
— | Check for open ports 80/443 |
--vt |
— | Validate against VirusTotal |
We welcome contributions! See our Contributing Guide for details.
- 🐛 Report bugs via GitHub Issues
- 💡 Request features by opening an issue
- 🔧 Submit PRs for bug fixes or enhancements
Andre Tenreiro — LinkedIn · PGP Key
This project is licensed under the GNU GPL v3.