{"id":27133096,"url":"https://github.com/franckferman/punypwn","last_synced_at":"2026-03-02T11:01:37.341Z","repository":{"id":281909971,"uuid":"689498175","full_name":"franckferman/PunyPwn","owner":"franckferman","description":"Exposing IDN vulnerabilities, one domain at a time. Generate homograph domain names with Cyrillic lookalikes and PunyCode for security research and phishing analysis.","archived":false,"fork":false,"pushed_at":"2025-03-12T13:48:36.000Z","size":837,"stargazers_count":4,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"stable","last_synced_at":"2025-07-20T22:37:01.402Z","etag":null,"topics":["idn","idn-homograph-attack","idna","idna-converter","phishing","phishing-attack-tools","phishing-attacks","phishing-awareness","phishing-script","phishing-tool","punycode","punycode-attack","punycode-phishing","python","python-3","python-security","python-security-tool","python-security-tools","python3","python3-security"],"latest_commit_sha":null,"homepage":"https://github.com/franckferman/PunyPwn","language":"Python","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/franckferman.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-09-10T01:59:58.000Z","updated_at":"2025-04-19T15:46:11.000Z","dependencies_parsed_at":"2025-03-11T20:20:25.587Z","dependency_job_id":"f98a7c29-6879-45d0-a82a-918cb9ec2416","html_url":"https://github.com/franckferman/PunyPwn","commit_stats":null,"previous_names":["franckferman/punypwn"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/franckferman/PunyPwn","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/franckferman%2FPunyPwn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/franckferman%2FPunyPwn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/franckferman%2FPunyPwn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/franckferman%2FPunyPwn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/franckferman","download_url":"https://codeload.github.com/franckferman/PunyPwn/tar.gz/refs/heads/stable","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/franckferman%2FPunyPwn/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29999217,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-02T09:59:02.300Z","status":"ssl_error","status_checked_at":"2026-03-02T09:59:02.001Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["idn","idn-homograph-attack","idna","idna-converter","phishing","phishing-attack-tools","phishing-attacks","phishing-awareness","phishing-script","phishing-tool","punycode","punycode-attack","punycode-phishing","python","python-3","python-security","python-security-tool","python-security-tools","python3","python3-security"],"created_at":"2025-04-07T22:38:13.591Z","updated_at":"2026-03-02T11:01:37.121Z","avatar_url":"https://github.com/franckferman.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv id=\"top\" align=\"center\"\u003e\n\n\u003c!-- Shields Header --\u003e\n[![Contributors][contributors-shield]](https://github.com/franckferman/PunyPwn/graphs/contributors)\n[![Forks][forks-shield]](https://github.com/franckferman/PunyPwn/network/members)\n[![Stargazers][stars-shield]](https://github.com/franckferman/PunyPwn/stargazers)\n[![License][license-shield]](https://github.com/franckferman/PunyPwn/blob/stable/LICENSE)\n\n\u003c!-- Logo --\u003e\n\u003ca href=\"https://github.com/franckferman/PunyPwn\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/franckferman/PunyPwn/refs/heads/stable/docs/github/graphical_resources/Logo-PunyPwn.png\" alt=\"PunyPwn Logo\" width=\"auto\" height=\"auto\"\u003e\n\u003c/a\u003e\n\n\u003c!-- Title \u0026 Tagline --\u003e\n\u003ch3 align=\"center\"\u003ePunyPwn\u003c/h3\u003e\n\u003cp align=\"center\"\u003e\n    \u003cem\u003eExposing IDN vulnerabilities, one domain at a time.\u003c/em\u003e\n    \u003cbr\u003e\n    Generate homograph domain names with Cyrillic lookalikes and PunyCode for security research and phishing analysis.\n\u003c/p\u003e\n\n\u003c/div\u003e\n\n## 📜 Table of Contents\n\n\u003cdetails open\u003e\n  \u003csummary\u003e\u003cstrong\u003eClick to collapse/expand\u003c/strong\u003e\u003c/summary\u003e\n  \u003col\u003e\n    \u003cli\u003e\u003ca href=\"#-about\"\u003e📖 About\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#-installation\"\u003e🛠️ Installation\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#-usage\"\u003e🎮 Usage\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#-contributing\"\u003e🤝 Contributing\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#%EF%B8%8F-legal-disclaimer\"\u003e⚖️ Legal Disclaimer\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#-star-evolution\"\u003e🌠 Star Evolution\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#-license\"\u003e📜 License\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#-contact\"\u003e📞 Contact\u003c/a\u003e\u003c/li\u003e\n  \u003c/ol\u003e\n\u003c/details\u003e\n\n## 📖 About\n\n**PunyPwn:** _Exposing IDN Homograph Vulnerabilities, One Domain at a Time._\n\nPunyPwn is a lightweight Python tool designed to generate IDN homograph attacks (Punycode) against domain names.\n\nThis project was originally built for my own needs, both for personal research and professional assessments related to domain name spoofing and phishing risks.\n\nOver time, I decided to share this small piece of code openly, thinking it might save time for others or serve as a starting point for more advanced projects.\n\n\u003e ⚙️ PunyPwn is intentionally minimalistic and makes no claims of being a complete solution — but if it can help or inspire, feel free to use, adapt, or improve it!\n\n### ⚙️ Features of _PunyPwn_\n\n- ✅ Automatic generation of homograph domains using Cyrillic characters visually similar to Latin letters (e.g., 'a', 'e', 'o', 'c', 'p', 'x'...).\n- ✅ Punycode conversion of generated domains, ready for phishing risk analysis or security testing.\n- ✅ Smart substitution system to avoid unrealistic or ugly substitutions — focusing only on credible and visually deceptive homographs.\n- ✅ Full word and combinatorial substitutions: automatically explores all possible combinations based on available Cyrillic equivalents (no guesswork).\n- ✅ Support for multiple TLDs (default: .com, .fr, .net, .org — easily extendable by user).\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003e🔼 Back to top\u003c/a\u003e)\u003c/p\u003e\n\n## 🚀 Installation\n\nBefore getting started, make sure you meet the following prerequisites.\n\n### Prerequisites\n\n1. **Python 3**: Ensure Python 3 is installed on your system.\n\n2. **Dependencies**: PunyPwn requires only one external library: `idna` (used for Punycode conversion). Install required dependencies using `pip install idna` or `pip install -r requirements.txt`.\n\n\u003e ⚠️ Note: PunyPwn has been tested on Python 3.11.10 under Linux. While it might work on other versions or operating systems, compatibility is officially guaranteed only for this specific setup.\n\n### Installation Methods\n\n1. **Clone the repository via Git**:\n```bash\ngit clone https://github.com/franckferman/PunyPwn.git\n```\n\n2. **Direct download of the script (_without Git_)**:\nIf you only need the script without cloning the entire repository:\n```bash\ncurl -O https://raw.githubusercontent.com/franckferman/PunyPwn/stable/src/PunyPwn.py\n```\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003e🔼 Back to top\u003c/a\u003e)\u003c/p\u003e\n\n## 🎮 Usage\n\nMake sure to adjust the commands based on your local installation of `PunyPwn`.\n\n### **Quick Start**\n\nTo display the full help menu and explore available options:\n\n```bash\npython3 PunyPwn.py --help\n```\n\n### **Example Commands**\n\n#### 🔍 Basic domain homograph generation:\n\n| Task | Command |\n| --- | --- |\n| Generate all possible homographs with default settings (TLDs: .com, .fr, .net, .org) | `python3 PunyPwn.py --domain example` |\n| Generate homographs with up to 2 substitutions | `python3 PunyPwn.py --domain example --level 2` |\n| Generate homographs using only highly realistic substitutions | `python3 PunyPwn.py --domain example --style very-realistic` |\n\n#### 🌐 Customize TLDs:\n\n| Task | Command |\n| --- | --- |\n| Generate homographs only for .com and .fr domains | `python3 PunyPwn.py --domain example --tlds .com .fr` |\n| Add additional TLDs such as .io and .xyz | `python3 PunyPwn.py --domain example --tlds .com .io .xyz` |\n\n#### 🎯 Combining options for fine-tuned results:\n\n| Task | Command |\n| --- | --- |\n| Generate realistic homographs with a maximum of 3 substitutions for .com and .net only | `python3 PunyPwn.py --domain example --style realistic --level 3 --tlds .com .net` |\n| Aggressive homograph generation without substitution limit, using all available homoglyphs | `python3 PunyPwn.py --domain example --style any` |\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003e🔼 Back to top\u003c/a\u003e)\u003c/p\u003e\n\n## 🤝 Contributing\n\nWe truly appreciate and welcome community involvement. Your contributions, feedback, and suggestions play a crucial role in improving the project for everyone. If you're interested in contributing or have ideas for enhancements, please feel free to open an issue or submit a pull request on our GitHub repository. Every contribution, no matter how big or small, is highly valued and greatly appreciated!\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003e🔼 Back to top\u003c/a\u003e)\u003c/p\u003e\n\n## ⚖️ Legal Disclaimer\n\n`PunyPwn` is a security research and educational tool, created to demonstrate IDN (Internationalized Domain Name) homograph vulnerabilities and raise awareness about potential phishing risks associated with lookalike domains.\n\n\u003e ⚠️ Warning:\n\u003e This tool is provided for ethical, academic, and research purposes only.\n\u003e Do not use PunyPwn to impersonate, phish, harass, or defraud individuals, organizations, or entities.\n\u003e Misuse of this tool could violate local, national, or international laws. You are solely responsible for how you use this tool.\n\nIf you are unsure about the legality of your intended use of this tool, consult a qualified legal professional or competent authority before proceeding.\n\n🔹 By using PunyPwn, you acknowledge that you have read, understood, and agreed to this disclaimer.\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003e🔼 Back to top\u003c/a\u003e)\u003c/p\u003e\n\n## 🌠 Star Evolution\n\nExplore the star history of this project and see how it has evolved over time:\n\n\u003ca href=\"https://star-history.com/#franckferman/PunyPwn\u0026Timeline\"\u003e\n  \u003cpicture\u003e\n    \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://api.star-history.com/svg?repos=franckferman/PunyPwn\u0026type=Timeline\u0026theme=dark\" /\u003e\n    \u003cimg alt=\"Star History Chart\" src=\"https://api.star-history.com/svg?repos=franckferman/PunyPwn\u0026type=Timeline\" /\u003e\n  \u003c/picture\u003e\n\u003c/a\u003e\n\nYour support is greatly appreciated. We're grateful for every star! Your backing fuels our passion. ✨\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003e🔼 Back to top\u003c/a\u003e)\u003c/p\u003e\n\n## 📚 License\n\nThis project is licensed under the GNU Affero General Public License, Version 3.0. For more details, please refer to the LICENSE file in the repository: [Read the license on GitHub](https://github.com/franckferman/PunyPwn/blob/stable/LICENSE)\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003e🔼 Back to top\u003c/a\u003e)\u003c/p\u003e\n\n## 📞 Contact\n\n[![ProtonMail][protonmail-shield]](mailto:contact@franckferman.fr) \n[![LinkedIn][linkedin-shield]](https://www.linkedin.com/in/franckferman)\n[![Twitter][twitter-shield]](https://www.twitter.com/franckferman)\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003e🔼 Back to top\u003c/a\u003e)\u003c/p\u003e\n\n\u003c!-- MARKDOWN LINKS \u0026 IMAGES --\u003e\n\u003c!-- https://www.markdownguide.org/basic-syntax/#reference-style-links --\u003e\n[contributors-shield]: https://img.shields.io/github/contributors/franckferman/PunyPwn.svg?style=for-the-badge\n[contributors-url]: https://github.com/franckferman/PunyPwn/graphs/contributors\n[forks-shield]: https://img.shields.io/github/forks/franckferman/PunyPwn.svg?style=for-the-badge\n[forks-url]: https://github.com/franckferman/PunyPwn/network/members\n[stars-shield]: https://img.shields.io/github/stars/franckferman/PunyPwn.svg?style=for-the-badge\n[stars-url]: https://github.com/franckferman/PunyPwn/stargazers\n[license-shield]: https://img.shields.io/github/license/franckferman/PunyPwn.svg?style=for-the-badge\n[license-url]: https://github.com/franckferman/PunyPwn/blob/stable/LICENSE\n[protonmail-shield]: https://img.shields.io/badge/ProtonMail-8B89CC?style=for-the-badge\u0026logo=protonmail\u0026logoColor=blueviolet\n[linkedin-shield]: https://img.shields.io/badge/-LinkedIn-black.svg?style=for-the-badge\u0026logo=linkedin\u0026colorB=blue\n[twitter-shield]: https://img.shields.io/badge/-Twitter-black.svg?style=for-the-badge\u0026logo=twitter\u0026colorB=blue\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffranckferman%2Fpunypwn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffranckferman%2Fpunypwn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffranckferman%2Fpunypwn/lists"}