Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

[Open Source] My antiphishing Suricata ruleset is now officially in suricata-update! Looking for contributors

0
Medium
Published: 07/12/2026 (07/12/2026, 20:52:51 UTC)
Source: Reddit Cybersecurity

Description

An open-source antiphishing ruleset for Suricata has been officially added to the suricata-update source index. This project provides frequently updated, dynamic signatures targeting phishing attack vectors by ingesting indicators from trusted community sources. It includes automated TLS, DNS, and HTTP rules designed to mitigate phishing threats. The project also offers a companion web dashboard for real-time threat analysis and deployment guides for various platforms.

Reddit Discussion

r/cybersecurity·posted by u/Limp_Durian_6850
00

Hi Blue Teamers,

I'm excited to share that my open-source project, julioliraup/Antiphishing, has been accepted and added to the official suricata-update source index! I built this project from scratch to provide high-frequency, dynamic signatures specifically designed to mitigate phishing attack vectors. The pipeline ingests indicators from trusted community sources (like PhishStats and OpenPhish) to build automated TLS, DNS, and HTTP rules (SIDs 6000000 - 6100000).

Project Ecosystem:

  • The Ruleset: Automated updates targeting active phishing domains.
  • Threat Intelligence Lookup Portal: We also maintain a web companion dashboard at https://julioliraup.github.io/AT for real-time vector analysis.

Deployment Guides:

Since firewall platforms handle rule storage uniquely, please follow the dedicated instructions to prevent system configuration overrides: * For GNU/Linux systems, check the GNU/Linux Installation Wiki. * For pfSense instances, read the pfSense Configuration Guide.

Repo: https://github.com/julioliraup/Antiphishing

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/13/2026, 03:02:43 UTC

Technical Analysis

The julioliraup/Antiphishing project is an open-source initiative that delivers high-frequency, automated Suricata rules targeting active phishing domains. These rules are dynamically generated from trusted phishing indicator sources such as PhishStats and OpenPhish, covering TLS, DNS, and HTTP protocols with signature IDs in the range 6000000 to 6100000. The ruleset is integrated into the official suricata-update source index, facilitating automated updates. Additionally, the project provides a web-based threat intelligence lookup portal and platform-specific deployment instructions to ensure proper integration without configuration conflicts.

Potential Impact

This project enhances detection and mitigation capabilities against phishing attacks by providing timely and automated Suricata rules. It does not represent a vulnerability or threat itself but rather a defensive resource to improve network security posture against phishing threats.

Mitigation Recommendations

No remediation or patch is required as this is not a vulnerability but a security enhancement. Users of Suricata are encouraged to integrate this ruleset via suricata-update to improve phishing detection. Follow the provided deployment guides to ensure correct installation and avoid configuration issues.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Source Type
reddit
Subreddit
cybersecurity
Reddit Score
0
Discussion Level
minimal
Content Source
reddit_link_post
Post Type
link
Domain
null
Newsworthiness Assessment
{"score":33,"reasons":["external_link","newsworthy_keywords:rce","non_newsworthy_keywords:rules","established_author","recent_news"],"isNewsworthy":true,"foundNewsworthy":["rce"],"foundNonNewsworthy":["rules"]}
Has External Source
true
Trusted Domain
false

Threat ID: 6a54554268715ace43051d27

Added to database: 07/13/2026, 03:02:26 UTC

Last enriched: 07/13/2026, 03:02:43 UTC

Last updated: 07/13/2026, 05:17:26 UTC

Views: 4

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses