CATPHISH – Phishing and Corporate Espionage

CATPHISH is a tool to generate similar-looking domains for phishing attacks. The program will check expired domains and if they are categorized by office gateway and proxy which may allow penetration tester to evade proxy categorization. Normally attacker will register and use whitelisted domains for C2 servers.

Supported algorithms with this tool are:

  • SingularOrPluralise
  • prependOrAppend
  • doubleExtensions
  • mirrorization
  • homoglyphs
  • dashOmission
  • Punycode

This tool will be useful during a redteam engagement to automate online search for expired domains using expireddomains.net and BlueCoat. penetration tester may add more features and sources according to his need and requirements.

This can be one tool in the penetration testing toolkit together with DomainHunter which Perform reputation checks against the Symantec WebPulse Site Review (BlueCoat), IBM x-Force, Cisco Talos, Google SafeBrowsing, and PhishTank services. Running several tools and programs will allow to get different information that will automate detecting gaps and security vulnerabilities.

Running the tool:

catphish.rb [global options] COMMAND [command options] 


COMMANDS generate Generate domains expired Find available expired domains (experimental) Additional help catphish.rb COMMAND -h Global Options -l, --logo, --no-logo ASCII art banner (default: true) -c, --column-header, --no-column-header Header for each column of the output (default: true) -D, --Domain=<s> Target domain to analyze -V, --Verbose Show all domains, including non-available ones -h, --help Show this message 

Generate all type:

catphish.rb -D DOMAIN generate -A 

Check available expired domains:

catphish.rb -D DOMAIN expired 

Check against a specific domain for categorization status:

catphish.rb -D DOMAIN expired -c 

Check all available expired domains against a specific vendor

catphish.rb -D DOMAIN expired -p PROXY_TYPE 


You can also run the tool with Docker! This lets you try it out without any of the required dependencies (ruby), except Docker itself. This presumes that you have the docker daemon installed. If not, see Docker’s documentation.

First, build the container

$ cd path/to/repository # Generate a tag so we know how to find the container later to run it. You can use anything (latest is common); # here the git hash is used. $ TAG=$(git rev-parse --short HEAD) # Run the build $ docker build --tag "catphish:${TAG}" . # Eventually docker will print something like: # # Successfully built 8f0b8bfe0c41 # Successfully tagged catphish:f947517 

Perfect! Now, you can execute catphish via Docker:

$ docker run \ --rm=true \ "catphish:${TAG}" \ --Domain ring0labs.com \ --All 
Hidden Eye – Modern Phishing Tool With Advanced Functionality 

alt tag

You can read more and download this tool over here: https://github.com/ring0lab/catphish

Source : Haxf4rall

Previous ArticleNext Article
Send this to a friend