Awesome Open Source
Awesome Open Source

About Squatm3

Squatm3 is a python tool designed to enumerate available domains generated modifying the original domain name through different techniques:

  • Substitution attacks
  • Flipping attack
  • Homoglyph attack fast (execute a fast homoglyph attack, mutating only one letter at the time )
  • Homoglyph attack complete (generates all the possible combinations)

Squatm3 will help penetration testers to identify domains to be used in phishing attack simulations and security analysts to prevent effective phishing attacks

Squatm3 comes in two flavors:

  • command line tool
  • web solution (squatm3gator) that you can find (here)[]


git clone

Recommended Python Version:

Squatm3 currently supports only Python 3


Squatm3 heavily depends on


python modules.

These dependencies can be installed using the requirements file:

  • Installation on Windows:
c:\python33\python.exe -m pip install -r requirements.txt --user
  • Installation on Linux and MacOS
pip install -r requirements.txt --user


 ___             __    _           ____
/ __> ___  _ _  /. | _| |_ ._ _ _ <__ /
\__ \/ . || | |/_  .| | |  | ' ' | <_ \
<___/\_  |`___|  |_|  |_|  |_|_|_|<___/
       | |

usage: [-h] [--url URL] [--tld [TLD]] [-A [ALL]]
                  [-Hf [HOMOGLYPH_FAST]] [-Hc [HOMOGLYPH_COMPLETE]]
                  [-F [FLIPPER]] [-R [REMOVE]] [--godaddy [ENABLE_GODADDY]]
                  [--output [{text,json}]] [--only-available [AVAILABLE]]

SquatMe v1.5 - @davide107

optional arguments:
  -h, --help            show this help message and exit
  --url URL             url to be squatted
  --tld [TLD]           read the tld list form file db/top_domains and
                        generate the domains. If not specified uses only .com
  -A [ALL]              execute all the squatting attacks
  -Hf [HOMOGLYPH_FAST]  execute a fast homoglyph attack, mutating only one
                        letter at the time
                        execute a complete homoglyph attack,generating all the
                        possible combinations (slow)
  -F [FLIPPER]          execute flipping attack
  -R [REMOVE]           remove one letter a time
  --godaddy [ENABLE_GODADDY]
                        checks on godaddy if the domain is available for sale
                        together with the price
  --output [{text,json}]
                        Output of the tool: text (stdout), csv(file) or
  --only-available [AVAILABLE]
                        lists only the available domains for purchase


Squatm3 is licensed under the GNU GPL license.


Current version is 1.5

Related Awesome Lists
Top Programming Languages
Top Projects

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Python (806,114
Attack (7,212
Penetration Testing (3,120
Security Tools (1,891
Cybersecurity (1,866
Osint (1,135
Phishing (1,056
Reconnaissance (588
Homoglyphs (16
Red Team Engagement (16
Typosquatting (16