This is a program that filters through domains gathered by Certstream to match pre-defined conditions. Matches domains are then sent to a slack channel for manual classification.
The following environment variables are required to be set in order to run the program:
SLACK_APP_TOKEN
: The token for the slack app (starts withxapp-
)SLACK_BOT_TOKEN
: The token for the slack bot (starts withxoxb-
) — socket mode must be enabledSLACK_CHANNEL_ID
: The slack channel ID to send messages toPHISH_OBSERVER_API_KEY
: The API key for the Phish Observer API
See .env.example
for a template.
In your filters directory, create yaml files following the format seen in filters/example.yaml
. The name
and enabled
fields are required, all others are optional.
To run the program, simply run ./phish-stream
in the root directory of the project.
There are a few optional flags that can be passed to the program:
--filters
: The directory containing the filter files. Defaults tofilters/
--loglevel
: Minimum log level to output. Defaults toinfo
. Options aredebug
,info
,warn
, anderror
.