Hunts for Phishing Kit source code by traversing URL folders and searching in open directories for zip files.
The code handles large lists of URLs which may be hosting malicious content. You can supply your own list of URLs or alternatively the code will parse the latest list from PhishTank, PhishStats, OpenPhish and Phishing.Database so you can easily go hunting for badness.
Phishing kit source code is particularly valuable to blue-teamers as often it's easy to find the identity of the bad-guy in addition to log file locations where victim data is stored on the server.
$ cat urls | kitphishr -c 250 -v -d -o output
or
$ kitphishr -c 250 -v -d -o output
or simply
$ kitphishr
-c int
set the concurrency level (default 50)
-d option to download suspected phishing kits
-o string
directory to save output files (default "kits")
-t int
set the connection timeout in seconds (useful to ensure the download of large files)
-v get more info on URL attempts
You need to have Go installed and configured (i.e. with $GOPATH/bin in your $PATH):
go get -u github.com/cybercdh/kitphishr
or
go install github.com/cybercdh/kitphishr@latest
Kitphishr will work just fine right out of the box, but if you're going to be running this tool a lot and you have access to a Phishtank account, then I suggest getting a free API key from Phishtank (registration is currently disabled, so an existing account is required).
Then, you can save this as an environment variable which Kitphishr will find and use:
$ export PT_API_KEY=<your_key>
or, to make this persist, add the following to your ~/.bashrc file:
export PT_API_KEY=<your_key>
A lot of Go concepts were taken from @tomnomnom's excellent repos, particularly meg
Additionally, I took inspiration from ffuf
Finally, the initial idea for writing this tool came from great research from Duo Labs
Thanks to each of these developers for their awesome open-source tools.