Giter Site home page Giter Site logo

pierrecrb / eth-phishing-detect Goto Github PK

View Code? Open in Web Editor NEW

This project forked from metamask/eth-phishing-detect

0.0 0.0 0.0 2.6 GB

Utility for detecting phishing domains targeting Web3 users

License: Other

Shell 0.06% JavaScript 99.91% HTML 0.03%

eth-phishing-detect's Introduction

eth-phishing-detect

Greenkeeper badge

Utility for detecting phishing domains targeting Web3 users.

For checking why a given domain was blocked, there is a third-party search tool maintained by ChainPatrol.

Blocking Policy

We are constantly evolving the ideal policy that guides this list, but a few clearly defined rules have emerged. We will be quick and decisive to block websites that:

  • Impersonate other known and established sites.
  • Use their interfaces to collect user signing keys (especially cryptocurrency keys) and send them back to home servers.

There are other grounds for blocking, and we will ultimately do our best to keep our users safe.

Basic usage

const checkForPhishing = require('eth-phishing-detect')

const value = checkForPhishing('etherclassicwallet.com')
console.log(value) // true

Advanced usage

const PhishingDetector = require('eth-phishing-detect/src/detector')

const config = [
      { blocklist: [/* blacklist */], name: 'blocklist', version: 2 },
      { allowlist: [/* whitelist */], name: 'allowlist', version: 2 },
      { fuzzylist: [/* fuzzylist */], name: 'fuzzylist', version: 2, tolerance: 2 },
  ];
const detector = new PhishingDetector(config)
const value = detector.check('etherclassicwallet.com')
console.log(value)
/*
{
  type: "blacklist",
  result: true,
}
*/

Contributions

For understanding the lists, see doc/lists-ref.md. Contributors are encouraged to read CONTRIBUTING.md for tips, pointers, and guidelines before reporting or collaborating.

To keep a tidy file, use the following CLI to make changes to the list:

Adding hosts to blocklist

yarn add:blocklist crypto-phishing-site.tld

Adding hosts to allowlist

yarn add:allowlist crypto-phishing-site.tld

Databases

We have added sqlite databases in test/db directory. These will be committed to the working tree periodically to try reduce the amount of false positives being blocklisted. We will pull in domains from various third party sources - right now: CoinMarketCap and Tranco.

Update the database files:

yarn update:db

yarn update:db:tranco
yarn update:db:coinmarketcap
yarn update:db:snapsregistry

These sqlite databases will be checked against in yarn run test to ensure nothing is on the blocklist that is also in these databases.

eth-phishing-detect's People

Contributors

security-alliance-bot avatar 409h avatar nikitavr avatar dubstard avatar alexherman1 avatar deshvin avatar ktian94 avatar kumavis avatar sime avatar dpazdan avatar kellyfends avatar tehnlulz avatar danfinlay avatar blocksecscamreport avatar nick-son avatar rpolysec avatar tarballqc avatar vile avatar rxpwnz avatar trn1ty avatar imtipi avatar vincianechen avatar jackofusu80 avatar blowfishbot avatar legobeat avatar segasecbot avatar randymetamask avatar chainpatrol-bot avatar tayvano avatar shenwe0x avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.