This tool was written to inspect a list of URLs and check if they are hosting phishing pages by looking at the title tag in the retrieved page and at URL/admin/ (where usually are located the panels of known phishing kits, eg. 16shop). letsgophishing makes use of the goroutines and channels to parallelize the requests.

Build the executable with go build lgphish.go. Then:

$ cat urls | lgphish -o output -r 100 -c config.json

-o: path to output file containing only suspicious URLs
-r: number of goroutines to create
-c: path to config file (json format)

An example of config file is provided in config.json; you can create your own config and specify the path with -c.

The config file allows to specify:

• SuspiciousTitles: if the title attribute of the HTML page at the specified URL contains one of the string in this array, the URL will be considered as suspicious.
• KitsTitles: if the title attribute of the HTML page at <specified_URL>/admin/ contains one of the string in this array, the URL could host a phishing kit.