Hi HN<p>a lot has changed since our last Show HN, and i guess it was time to share these change with you.<p>for those who weren't here the first time, we try to catch domain squatting using a bunch of techniques we already used when doing it manually, but in a purely automated fashion. your root domain (think 'facebook', 'twitter', 'ycombinator', etc...) gets through blenders that generate variants, that we'll gather info on.<p>we now have all the basics in place so i can confidently call it production ready. free accounts are still the same deal, one domain, five TLDs, all present and future generators, whois and dns resolver, plus a few more still in the oven, and one run per week, which should be enough if your needs are not massive and/or specific.
you also now have paying options for people with more intensive needs, either timing wise (down to one run per day, and one run per 4 hours will be a possibility once i'm confident 1: we can handle it, 2: it can actually provide value in the real world) or number-of-tlds-wise.<p>notifications! yeap i know it's basic, but we now send you a mail when a run is complete, so you don't have to bother reloading waiting for that progress bar to reach 100%. a few client asked us about sms notification, but i'm not sure about multiple notification channels yet.<p>so what's next :<p>we have a bunch of stuff that stayed on the backburner while i was working on making the production as autonomous as possible (complete CI/CD stack, built with chef, openstack heat, jenkins, the whole shebang) and the other dev was working on ironing the kinks
existing when interacting with horrible protocols like whois (for the sake of everyone's sanity, i really hope rdap (<a href="http://about.rdap.org/" rel="nofollow">http://about.rdap.org/</a>) gets traction) or misbehaving dns, or just plain old bugs. we're now bringing them back on the front of the workbench.<p>parking detection.<p>this one is simple, and everybody will get it, but i noticed a large number of parked domains in resolution runs, so they'll be marked as such.<p>automated phishing detection.<p>this has been a major demand so i'm prototyping a CV system (ab)using ghost.py and opencv to see if i can get something that has a reasonable false positive rate.<p>malware detection.<p>a smaller demand because it's already well covered by other products. for the moment paying accounts get access to google safebrowsing, and i have a bunch of threat exchange APIs access ready to enter the quorum. there's a lot of datasharing between those, so i don't want to generate false positives because of data sharing. i have also been working slowly on PR for cuckoo sandbox that'll help me launch fleets of sandboxes in various configuration (hopefully i'll have enough variants that the client is able to more or less choose the one that correspond to its production environment to try and catch targeted attacks)<p>keyword prediction based on the root domain.<p>we have a keyword generator that can generate domain variants, think 'cheap-brand' for 'brand', but if you're like me you probably can't think of a lot of those (i had good success asking marketing guys for ideas). once again AI to the rescue, i'm tracking which keywords had the most 'success' in finding resolving variants, which means once i'm able to establish lexical domains i'll be able to offer everyone a 'most likely keyword for this domain' help to feed the generator.<p>an API!<p>at the very beginning, when dinosaurs roamed the earth and the iphone 5s the cool product of the year, squatmon was just a very large and very ugly python script i used in various recon engagements. as we decided to slap a shiny web interface on it and share it with others, we didn't take the time to make an API the first class citizen and the web interface just the reference client implementation.
this is a mistake we intend to correct, so any person with an account, free or otherwise can integrate any of the functionality they have access as a part of something bigger. (i have written an example postfix milter that's too terribly slow to be used in production, but can participate in the spam score of an email for example)<p>if you have any question, want to report bugs, or anything really, don't hesitate to contact me, my email address is in my profile.<p>edit: i'm terrible and i said one run per month on the free account. it's of course one run per week