CATPHISH – Phishing and Corporate Espionage

CATPHISH is a tool to generate similar-looking domains for phishing attacks. The program will check expired domains and if they are categorized by office gateway and proxy which may allow penetration tester to evade proxy categorization. Normally attacker will register and use whitelisted domains for C2 servers.

CATPHISH - Phishing and Corporate Espionage
CATPHISH – Phishing and Corporate Espionage

Supported algorithms with this tool are:

  • SingularOrPluralise
  • prependOrAppend
  • doubleExtensions
  • mirrorization
  • homoglyphs
  • dashOmission
  • Punycode

This tool will be useful during a redteam engagement to automate online search for expired domains using expireddomains.net and BlueCoat. penetration tester may add more features and sources according to his need and requirements.

This can be one tool in the penetration testing toolkit together with DomainHunter which Perform reputation checks against the Symantec WebPulse Site Review (BlueCoat), IBM x-Force, Cisco Talos, Google SafeBrowsing, and PhishTank services. Running several tools and programs will allow to get different information that will automate detecting gaps and security vulnerabilities.

You can read more and download this tool over here: https://github.com/ring0lab/catphish

Share