About five years ago I made and then largely forgot about a project called Phossil.

I forget who had mentioned to me, but phishers accidentally leave kits exposed in open directories on whatever compromised or bought host they're operating from.

I wrote a couple scripts which would quickly crawl through phishing sites reported on Phishtank, hunt for open directories, then snarf up any related data.

In five years, it's found 12,118 files (88.7 GB). I'm going to start digging though it today!