
Show HN: Squatmon, a domain squatting monitoring system, with new things - ech
https://www.squatmon.com/
======
ech
Hi HN

a lot has changed since our last Show HN, and i guess it was time to share
these change with you.

for those who weren't here the first time, we try to catch domain squatting
using a bunch of techniques we already used when doing it manually, but in a
purely automated fashion. your root domain (think 'facebook', 'twitter',
'ycombinator', etc...) gets through blenders that generate variants, that
we'll gather info on.

we now have all the basics in place so i can confidently call it production
ready. free accounts are still the same deal, one domain, five TLDs, all
present and future generators, whois and dns resolver, plus a few more still
in the oven, and one run per week, which should be enough if your needs are
not massive and/or specific. you also now have paying options for people with
more intensive needs, either timing wise (down to one run per day, and one run
per 4 hours will be a possibility once i'm confident 1: we can handle it, 2:
it can actually provide value in the real world) or number-of-tlds-wise.

notifications! yeap i know it's basic, but we now send you a mail when a run
is complete, so you don't have to bother reloading waiting for that progress
bar to reach 100%. a few client asked us about sms notification, but i'm not
sure about multiple notification channels yet.

so what's next :

we have a bunch of stuff that stayed on the backburner while i was working on
making the production as autonomous as possible (complete CI/CD stack, built
with chef, openstack heat, jenkins, the whole shebang) and the other dev was
working on ironing the kinks existing when interacting with horrible protocols
like whois (for the sake of everyone's sanity, i really hope rdap
([http://about.rdap.org/](http://about.rdap.org/)) gets traction) or
misbehaving dns, or just plain old bugs. we're now bringing them back on the
front of the workbench.

parking detection.

this one is simple, and everybody will get it, but i noticed a large number of
parked domains in resolution runs, so they'll be marked as such.

automated phishing detection.

this has been a major demand so i'm prototyping a CV system (ab)using ghost.py
and opencv to see if i can get something that has a reasonable false positive
rate.

malware detection.

a smaller demand because it's already well covered by other products. for the
moment paying accounts get access to google safebrowsing, and i have a bunch
of threat exchange APIs access ready to enter the quorum. there's a lot of
datasharing between those, so i don't want to generate false positives because
of data sharing. i have also been working slowly on PR for cuckoo sandbox
that'll help me launch fleets of sandboxes in various configuration (hopefully
i'll have enough variants that the client is able to more or less choose the
one that correspond to its production environment to try and catch targeted
attacks)

keyword prediction based on the root domain.

we have a keyword generator that can generate domain variants, think 'cheap-
brand' for 'brand', but if you're like me you probably can't think of a lot of
those (i had good success asking marketing guys for ideas). once again AI to
the rescue, i'm tracking which keywords had the most 'success' in finding
resolving variants, which means once i'm able to establish lexical domains
i'll be able to offer everyone a 'most likely keyword for this domain' help to
feed the generator.

an API!

at the very beginning, when dinosaurs roamed the earth and the iphone 5s the
cool product of the year, squatmon was just a very large and very ugly python
script i used in various recon engagements. as we decided to slap a shiny web
interface on it and share it with others, we didn't take the time to make an
API the first class citizen and the web interface just the reference client
implementation. this is a mistake we intend to correct, so any person with an
account, free or otherwise can integrate any of the functionality they have
access as a part of something bigger. (i have written an example postfix
milter that's too terribly slow to be used in production, but can participate
in the spam score of an email for example)

if you have any question, want to report bugs, or anything really, don't
hesitate to contact me, my email address is in my profile.

edit: i'm terrible and i said one run per month on the free account. it's of
course one run per week

