StalkPhish – Open Source project

StalkPhish – The Phishing kits stalker

StalkPhish is a tool created for searching into free OSINT databases for specific phishing kits URL. More, StalkPhish is designed to try finding phishing kits sources. Some scammers can’t or don’t remove their phishing kit sources when they deploy it. You can try to find these sources to extract some useful information as: e-mail addresses where is send stolen data, some more information about scammer or phishing kit developer. From there you can extend your knowledge about the threat and organizations, and get much useful information for your investigations.

  • find URL where a phishing kit is deployed (from OSINT databases)
  • find if the phishing kit is still up and running
  • generate hash of page
  • try to download phishing kit sources (trying to find .zip file)
  • use a hash of the phishing kit archive to identify the kit and threat
  • extract e-mails found in phishing kit
  • use timestamps for history
  • can use HTTP or SOCKS5 proxy (for downloads)
  • add just one url at a time into database
  • store AS number in database