opensquat
openSquat is an open-source Python tool that detects domain look-alikes and cyber squatting threats by monitoring newly registered domains for typosquats, phishing domains, homograph attacks, and similar brand impersonation tactics. It operates in three modes: free community (local detection on public feeds), premium feed (larger paid feed with local detection), and premium API (server-side detection via hosted service).
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | atenreiro/opensquat |
| Owner | atenreiro |
| Primary language | Python |
| License | GPL-3.0 — OSI-approved |
| Stars | 975 |
| Forks | 161 |
| Open issues | 0 |
| Latest release | Unknown |
| Last updated | 2026-04-27 |
| Source | https://github.com/atenreiro/opensquat |
What opensquat is
Written in Python 3.10+, openSquat uses Levenshtein distance algorithms for similarity detection and can integrate with VirusTotal, Quad9 DNS, and Certificate Transparency logs for validation. The tool supports multiple output formats (JSON, CSV, TXT) and confidence level tuning. Premium modes require API authentication and consume quota on per-keyword API calls.
Get the opensquat source
Clone the repository and explore it locally.
git clone https://github.com/atenreiro/opensquat.gitcd opensquat# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Decide upfront: Community feed (~100k domains/day, free) vs. Premium Feed (larger, paid) vs. Premium API (server-side, quota-based). Same API key works for both Premium modes.
- Python 3.10+ and dependency management (confusable_homoglyphs, homoglyphs, requests, dnspython, beautifulsoup4) required; use pip or clone + requirements.txt.
- Tune confidence levels (0–4) to balance result volume and false-positive rate; higher levels return more candidates but with lower precision.
- For DNS, VirusTotal, or Certificate Transparency validation, configure external API keys or quotas separately (not included with openSquat).
- Automation via cron or orchestration tools; schedule daily scans on free feed or continuous polling on Premium API within quota limits.
When to avoid it — and what to weigh
- Real-time Detection at Scale — Community mode downloads ~100k domains daily; real-time per-domain detection is not the design intent. Premium API exists for larger scale but incurs quota costs.
- No Budget for Commercial Features — Core detection is free, but Premium Feed and Premium API modes require paid subscription. Larger monitoring requirements will exhaust community feed volume quickly.
- Proprietary/Closed Source Requirement — GPL-3.0 requires any derivative work to remain open source and compatible with the license. Commercial closed-source derivatives are not permitted.
- Integrated Enterprise SIEM/SOC Platform — openSquat is a standalone tool without native integrations into commercial SIEM or SOAR platforms. Expect custom scripting for ingestion and alerting.
License & commercial use
GPL-3.0 (GNU General Public License v3.0). Any derivative work, modification, or distribution must remain open source and compatible with GPL-3.0. Closed-source proprietary use is not permitted.
openSquat itself is free and may be used commercially for internal threat detection and brand monitoring. However, GPL-3.0 requires that any modifications or derivative tools remain open source. The Premium Feed and Premium API features are commercial services requiring a paid subscription; integration into your product requires careful review of whether your modifications trigger GPL obligations. Consult legal counsel before embedding in proprietary software.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
openSquat queries external services (VirusTotal, Quad9, Certificate Transparency, and newly registered domain feeds). Ensure API keys are not exposed in CLI flags; prefer environment variables or key files. Community and Premium Feed modes download and process untrusted domain data locally; validate filtering logic before production. Premium API mode sends keywords to remote service; review data residency and privacy policies. No explicit security audit or vulnerability disclosure process documented.
Alternatives to consider
Phishtank / PhishLabs APIs
Commercial phishing domain databases with real-time reporting and commercial SLA; less flexibility for custom keyword matching and algorithm tuning.
Snusbase / SecurityTrails
Managed threat intelligence platforms with passive DNS, domain monitoring, and enterprise integrations; higher cost but consolidated OSINT interface.
DomainTools / Whois Lookup
Established domain intelligence APIs with historical data and bulk scanning; requires separate integration work to replicate typosquat detection logic.
Build on opensquat with DEV.co software developers
openSquat automates detection of domain look-alikes and typosquats targeting your brand. Start with the free community feed or scale with Premium Feed/API to monitor at enterprise volume. Contact Devco to embed openSquat into your threat detection pipeline.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
opensquat FAQ
Is openSquat truly free to use?
Can I use openSquat in a commercial product or SaaS?
What is the difference between Premium Feed and Premium API?
How often is the community feed updated?
Software development & web development with DEV.co
Adopting opensquat is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source security software in production.
Integrate Brand Monitoring Into Your Security Workflow
openSquat automates detection of domain look-alikes and typosquats targeting your brand. Start with the free community feed or scale with Premium Feed/API to monitor at enterprise volume. Contact Devco to embed openSquat into your threat detection pipeline.