// the find
t4d/StalkPhish
StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
StalkPhish scrapes phishing URLs from threat feeds (PhishTank, OpenPhish, URLScan, etc.), downloads the phishing kit zip files dropped on compromised servers, and stores them locally for analysis. It's a tool for threat intel analysts and incident responders who want to collect phishing kit artifacts at scale rather than investigating individual sites manually. The actual project has since moved to StalkPhish-OSS, so this repo is effectively abandoned.
Pulls from multiple phishing feed sources in a modular way — adding a new feed means writing one small module file. SQLite-backed local storage means no external dependencies to stand up for a basic run. Docker support is present and functional for isolated execution. The mobile user-agent list suggests the author actually tested against real phishing kits that fingerprint visitor UA strings.
This repo is a redirect stub — the real code lives at StalkPhish-OSS and this hasn't been touched since March 2024, so you're reading a dead end. The SQLite backend will become a bottleneck fast if you're running this continuously against high-volume feeds; there's no obvious path to Postgres or any durable store. No tests anywhere in the tree. The downstream SaaS pitch in the README suggests the open-source version may be feature-limited compared to what the maintainers actually run.