- What is openSquat?
- Open-Core Model
- Key Features
- Quick Start
- Requirements
- Usage
- Configuration
- Automation
- CLI Reference
- Contributing
- Author
- License
openSquat is an Open Source Intelligence (OSINT) security tool that identifies cyber squatting threats targeting your brand or domains:
| Threat Type | Description |
|---|---|
| π£ Phishing | Fraudulent domains mimicking your brand |
| π€ Typosquatting | Domains with common typos (e.g., gooogle.com) |
| π IDN Homograph | Look-alike characters from other alphabets |
| π₯ DoppelgΓ€nger | Domains containing your brand name |
| π Bitsquatting | Single-bit errors in domain names |
openSquat follows an open-core model:
- Core detection engine β Open source and community-driven
- Advanced capabilities β Delivered through commercial intelligence services
This model enables transparency and community collaboration while supporting the scale, reliability, and operational requirements of enterprise use.
- π Daily NRD feeds β Automatic newly registered domain updates
- π Similarity detection β Levenshtein distance algorithm
- π‘οΈ VirusTotal integration β Check domain reputation
- π Quad9 DNS validation β Identify malicious domains
- π Certificate Transparency β Monitor SSL/TLS certificates
- π Multiple output formats β TXT, JSON, CSV
pip install opensquat
opensquat -k keywords.txtgit clone https://github.com/atenreiro/opensquat
cd opensquat
pip install -r requirements.txt
python opensquat.py -k keywords.txt- Python 3.8+
- Dependencies:
confusable_homoglyphs,homoglyphs,colorama,requests,dnspython,beautifulsoup4
# Default run
opensquat
# Show all options
opensquat -h
# Use custom keywords file
opensquat -k my_keywords.txt# DNS validation via Quad9
opensquat --dns
# Check Certificate Transparency logs
opensquat --ct
# Scan for open ports (80/443)
opensquat --portcheck
# Cross-reference phishing databases
opensquat --phishing results.txt# Save as JSON
opensquat -o results.json -t json
# Save as CSV
opensquat -o results.csv -t csv| Level | Flag | Description |
|---|---|---|
| 0 | -c 0 |
Very high (fewer results, high accuracy) |
| 1 | -c 1 |
High (default) |
| 2 | -c 2 |
Medium |
| 3 | -c 3 |
Low |
| 4 | -c 4 |
Very low (more results, more false positives) |
# Lines starting with # are comments
mycompany
mybrand
myproduct
To use --vt or --subdomains, add your API key:
# Get your free API key at https://www.virustotal.com
your_api_key_here
Run daily via crontab:
# Every day at 8 AM (feeds update ~7:30 AM UTC)
0 8 * * * /path/to/opensquat/opensquat.py -k keywords.txt -o results.json -t json| Argument | Default | Description |
|---|---|---|
-k, --keywords |
keywords.txt |
Keywords file to search |
-o, --output |
results.txt |
Output filename |
-t, --type |
txt |
Output format: txt, json, csv |
-c, --confidence |
1 |
Confidence level (0-4) |
-d, --domains |
β | Use local domain file instead of downloading |
-u, --url |
opensquat feed | URL to download domain feed |
--dns |
β | Enable Quad9 DNS validation |
--doppelganger |
β | Doppelganger-only mode (keyword in domain + reachability check) |
--ct |
β | Search Certificate Transparency logs |
--phishing |
β | Cross-reference phishing database |
--subdomains |
β | Fetch subdomains via VirusTotal |
--portcheck |
β | Check for open ports 80/443 |
--vt |
β | Validate against VirusTotal |
We welcome contributions! See our Contributing Guide for details.
- π Report bugs via GitHub Issues
- π‘ Request features by opening an issue
- π§ Submit PRs for bug fixes or enhancements
Andre Tenreiro β LinkedIn Β· PGP Key
This project is licensed under the GNU GPL v3.