README
ΒΆ
fogger
fogger is a cybersecurity tool designed to identify and analyze illicit online gambling ("judol") operations that hide behind CDNs like Cloudflare. It provides intelligence on gambling sites without attempting to bypass CDN protections, focusing on ecosystem-level abuse patterns rather than infrastructure-level suppression.
π Features
- CDN-Aware Detection: Identifies sites protected by Cloudflare and other CDNs
- Multi-Vector Analysis: Behavioral, semantic, and infrastructure correlation
- Judol Likelihood Index (JLI): Composite risk scoring system with explainable factors
- Payment Method Detection: Identifies local payment methods (Qris, OVO, DANA, Gopay, etc.)
- Clustering Engine: Groups related domains into operator clusters
- Export Functionality: JSON/CSV export for integration systems
- CLI-First Design: Optimized for automation and scripting
- Courtroom-Safe: Explainable scoring with evidence breakdown
π Table of Contents
- Installation
- Usage
- Commands
- Configuration
- Judol Likelihood Index
- Examples
- Legal & Ethical Usage
- Contributing
- License
Installation
Prerequisites
- Go 1.21 or higher
- Git
Quick Install
go install github.com/genesis410/fogger@latest
From Source
# Clone the repository
git clone https://github.com/genesis410/fogger.git
cd fogger
# Build the binary
go build -o fogger main.go
# Install dependencies
go mod tidy
# Move to PATH (optional)
sudo mv fogger /usr/local/bin/
Usage
Basic Scanning
fogger scan example.com
Advanced Scanning
fogger scan example.com --profile intensive --timeout 30 --json
Other Commands
# View cluster information
fogger cluster <cluster-id>
# Quick domain lookup
fogger lookup example.com
# Monitor domain continuously
fogger monitor example.com --interval 5m --duration 2h
# Export data
fogger export --format json --since 30d --output results.json
# View configuration
fogger config show
fogger config validate
Commands
scan - Domain Analysis
Analyzes a domain and produces a Judol Likelihood Index (JLI) with evidence.
fogger scan <domain> [flags]
Flags:
--json: Output JSON only--csv: Output CSV--no-color: Disable ANSI coloring--timeout <sec>: Network timeout (default: 10)--profile <name>: Scoring profile (default: standard)--save: Persist result to local DB
cluster - Campaign Analysis
View all domains and evidence connected to an operator/campaign.
fogger cluster <cluster-id> [flags]
Flags:
--graph: ASCII graph visualization--json: Output JSON--since <days>: Time filter
lookup - Quick Check
Quick confidence check (cached-first, no deep analysis).
fogger lookup <domain>
monitor - Continuous Monitoring
Continuously monitor a domain for changes.
fogger monitor <domain> [flags]
Flags:
--interval <duration>: Monitoring interval (default: 5m)--duration <duration>: Total monitoring time (default: 1h)
export - Data Export
Export data for integration with other systems.
fogger export [flags]
Flags:
--format <json|csv>: Export format (default: json)--since <period>: Time period (default: 30d)--domain <domain>: Specific domain to export--cluster <cluster-id>: Specific cluster to export--output <file>: Output file path
config - Configuration Management
Manage configuration settings.
fogger config show
fogger config validate
Configuration
fogger uses a YAML configuration file located at ~/.fogger.yaml or ./.fogger.yaml.
Default Configuration
scoring:
gambling_ui: 0.30
payment_signal: 0.25
infra_correlation: 0.20
domain_churn: 0.15
cdn_pattern: 0.10
thresholds:
high: 0.75
medium: 0.50
Configuration Parameters
scoring: Weight distribution for different signal categories (must sum to 1.0)thresholds: Classification thresholds for risk levels
Available Profiles
standard: Balanced weights for general useintensive: Higher weight on gambling and payment signalsconservative: Higher thresholds, fewer false positivesaggressive: Lower thresholds, more sensitive detection
Judol Likelihood Index
The JLI is a composite confidence score derived from weighted signals:
- Gambling UX & semantic patterns: 30%
- Payment and monetization indicators: 25%
- Infrastructure reuse and churn: 20%
- DNS patterns: 15%
- CDN usage patterns: 10%
Scores are classified as:
- HIGH: β₯ 0.75
- MEDIUM: β₯ 0.50
- LOW: < 0.50
Examples
Basic Analysis
$ fogger scan gambling-site.com
βββββββββββββββββββ¬βββββββββββ¬βββββββββββ¬βββββββββββββββ
β Domain β JLI Scoreβ JLI Levelβ CDN Provider β
βββββββββββββββββββΌβββββββββββΌβββββββββββΌβββββββββββββββ€
β gambling-site.comβ 0.842 β HIGH β cloudflare β
βββββββββββββββββββ΄βββββββββββ΄βββββββββββ΄βββββββββββββββ
ββββββββββββ¬ββββββββ¬βββββββββ¬ββββββββββββββ
β Category β Score β Weight β Contributionβ
ββββββββββββΌββββββββΌβββββββββΌββββββββββββββ€
β UX β 0.800 β 0.300 β 0.240 β
β PAYMENT β 0.900 β 0.250 β 0.225 β
β INFRA β 0.700 β 0.200 β 0.140 β
β DNS β 0.500 β 0.150 β 0.075 β
β CDN β 0.600 β 0.100 β 0.060 β
ββββββββββββΌββββββββΌβββββββββΌββββββββββββββ€
β TOTAL β β β 0.740 β
ββββββββββββ΄ββββββββ΄βββββββββ΄ββββββββββββββ
Judol Likelihood Level: HIGH
Export Data
$ fogger export --format csv --since 7d --output weekly_results.csv
Exported 156 domains to weekly_results.csv
Monitor Domain
$ fogger monitor suspicious-site.com --interval 2m --duration 1h
Monitoring suspicious-site.com every 2m0s for 1h0m0s
Scanning suspicious-site.com at 2023-12-24T10:30:00Z...
JLI Score: 0.78, Level: HIGH
Scanning suspicious-site.com at 2023-12-24T10:32:00Z...
JLI Score: 0.82, Level: HIGH
Monitoring completed
Legal & Ethical Usage
Permitted Use Cases
- Government cybercrime and digital enforcement units
- ISP and DNS operator abuse departments
- Payment processor compliance teams
- Academic research (with appropriate ethics approval)
Prohibited Use Cases
- Circumvention of access controls
- Traffic interception or manipulation
- Active exploitation or scanning
- Any activity violating local laws
Data Handling
- All data collection is passive and OSINT-only
- No private or non-consensual data collection
- Data minimization principles applied
- Audit logging for analyst actions
Contributing
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes
- Add tests if applicable
- Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Development Setup
# Clone the repository
git clone https://github.com/genesis410/fogger.git
cd fogger
# Install dependencies
go mod tidy
# Run tests
go test ./...
# Build the binary
go build -o fogger main.go
Architecture
Tech Stack
- Core Language: Go (Golang)
- CLI Framework: Cobra
- Configuration: Viper
- Output Formatting: go-pretty/table
- HTTP Client: Built-in net/http with resty
Design Philosophy
- CLI-First: Designed for analysts, researchers, and engineers
- Scriptable: Automatable and pipeline-friendly
- Deterministic: Idempotent and reproducible results
- Explainable: Transparent scoring with evidence breakdown
Data Model
- Domain Entity: Core domain information with JLI score
- Signal Entity: Atomic, explainable indicators
- Evidence Entity: Human-auditable evidence
- Cluster Entity: Grouped domains by operator/campaign
Testing
Run the test suite:
go test ./...
Run specific tests:
go test -v ./internal/analyzer
License
This project is licensed under the MIT License - see the LICENSE file for details.
Acknowledgments
- Built for government cybercrime and digital enforcement units
- Focused on ecosystem-level disruption rather than infrastructure suppression
- Designed to enable targeted, scalable enforcement without disrupting legitimate internet infrastructure
This tool is designed to assist legitimate law enforcement and regulatory agencies in identifying and analyzing illegal gambling operations while respecting the legitimate use of CDN services.
Documentation
ΒΆ
There is no documentation for this package.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.