This is a program that filters through domains gathered by Certstream to match pre-defined conditions. Matches domains are then sent to a slack channel for manual classification.
The following environment variables are required to be set in order to run the program:
SLACK_APP_TOKEN: The token for the slack app (starts withxapp-)SLACK_BOT_TOKEN: The token for the slack bot (starts withxoxb-) — socket mode must be enabledSLACK_CHANNEL_ID: The slack channel ID to send messages toPHISH_OBSERVER_API_KEY: The API key for the Phish Observer API
See .env.example for a template.
In your filters directory, create yaml files following the format seen in filters/example.yaml. The name and enabled fields are required, all others are optional.
To run the program, simply run ./phish-stream in the root directory of the project.
There are a few optional flags that can be passed to the program:
--filters: The directory containing the filter files. Defaults tofilters/--loglevel: Minimum log level to output. Defaults toinfo. Options aredebug,info,warn, anderror.