PhishingKitHunter – Find Phishing Kits

PhishingKitHunter (or PKHunter) is a tool made for identifying phishing kits URLs used in phishing campains targeting your customers and using some of your own website files (as CSS, JS, …).

This tool – write in Python 3 – is based on the analysis of referer’s URL which GET particular files on the legitimate website (as some style content) or redirect user after the phishing session. Log files (should) contains the referer URL where the user come from and where the phishing kit is deployed.

PhishingKitHunter - Find Phishing Kits
PhishingKitHunter – Find Phishing Kits

PhishingKitHunter parse your logs file to identify particular and non-legitimate referers trying to get legitimate pages based on regular expressions you put into PhishingKitHunter’s config file.

Supported features with this tool are:

  • find URL where a phishing kit is deployed
  • find if the phishing kit is still up and running
  • generate a CSV report useful for external usage
  • use a hash of the phishing kit’s page to identify the kit
  • use a timestamp for history
  • can use HTTP or SOCKS5 proxy
  • WHOIS enrichment to console and CSV report

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments