0P3N Blog Blog Post

How to Catch Phishing Sites with Certstream Logs

By: Shaquib Izhar
February 1, 2018

 
What is certstream
 
CertStream is an intelligence feed that gives you real-time updates from the Certificate Transparency Log network, allowing you to use it as a building block to make tools that react to new certificates being issued in real time.
And by using this we are going to catch phishing sites using certstream SSL certificate live streaming.
 
Steps to catch phishing sites
  • First open your terminal and clone into this url with following command:
git clone https://github.com/x0rz/phishing_catcher.git

 
  • Go to your downloaded directory with cd phishing_catcher

 
  • Install required dependencies with pip install -r requirements.txt

 
  • Finally run the program with  python catch_phishinh.py and it will start showing list of malicious phishing sites by using live certstream SSL certificate

 
Caught the malicious phishing site
And below you can see we got some fake Apple sites with similar looking interface

 
 So by using following instructions you can be aware of malicious phishing sites and protect yourself to be their victim also remember to always look for the HTTPS in the URL 

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry