{"id":19820236,"url":"https://github.com/urbanadventurer/urlcrazy","last_synced_at":"2025-04-04T22:02:25.198Z","repository":{"id":37390903,"uuid":"104882659","full_name":"urbanadventurer/urlcrazy","owner":"urbanadventurer","description":"Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.","archived":false,"fork":false,"pushed_at":"2022-12-12T15:53:40.000Z","size":1138,"stargazers_count":594,"open_issues_count":4,"forks_count":102,"subscribers_count":14,"default_branch":"master","last_synced_at":"2025-03-28T21:01:46.889Z","etag":null,"topics":["domainname","hacking","infosec","kali-linux","osint","phishing","ruby","security","typo-domains","typosquatting"],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/urbanadventurer.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-09-26T12:37:46.000Z","updated_at":"2025-03-18T12:49:53.000Z","dependencies_parsed_at":"2023-01-27T21:46:14.377Z","dependency_job_id":null,"html_url":"https://github.com/urbanadventurer/urlcrazy","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/urbanadventurer%2Furlcrazy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/urbanadventurer%2Furlcrazy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/urbanadventurer%2Furlcrazy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/urbanadventurer%2Furlcrazy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/urbanadventurer","download_url":"https://codeload.github.com/urbanadventurer/urlcrazy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247256103,"owners_count":20909240,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["domainname","hacking","infosec","kali-linux","osint","phishing","ruby","security","typo-domains","typosquatting"],"created_at":"2024-11-12T10:22:19.582Z","updated_at":"2025-04-04T22:02:25.167Z","avatar_url":"https://github.com/urbanadventurer.png","language":"Ruby","funding_links":[],"categories":["security-tools"],"sub_categories":[],"readme":"[![License](https://img.shields.io/badge/license-Restricted-blue.svg)](https://raw.githubusercontent.com/urbanadventurer/urlcrazy/master/README.md) ![Stable Release](https://img.shields.io/badge/stable_release-0.7.3-blue.svg) [![Repositories](https://repology.org/badge/tiny-repos/urlcrazy.svg)](https://repology.org/project/urlcrazy/versions)\n\n# 😜⌨ URLCrazy\n\nURLCrazy is an OSINT tool to generate and test domain typos or variations to detect or perform typo squatting, URL hijacking, phishing, and corporate espionage.\n\nHomepage:  https://morningstarsecurity.com/research/urlcrazy\n\n## 🌟 Use Cases\n* Detect typo squatters profiting from typos on your domain name\n* Protect your brand by registering popular typos\n* Identify typo domain names that will receive traffic intended for another domain\n* Conduct phishing attacks during a penetration test\n\n## ⭐ Features\n* Generates 15 types of domain variants\n* Knows over 8000 common misspellings\n* Over 1500 Top Level Domains supported\n* Bit-flipping attacks\n* Multiple keyboard layouts (QWERTY, AZERTY, QWERTY, DVORAK)\n* Checks if a domain variant is valid\n* Test if domain variants are in use\n* Estimate popularity of a domain variant\n\n\n## 🛠 Installation\n\n### Install from a package manager\n\nIf you are using Kali Linux, Ubuntu or Debian use:\n\n`$ sudo apt install urlcrazy`\n\n\n### Install latest release\n\nVisit https://github.com/urbanadventurer/urlcrazy/releases\n\n\n### Install current development version\n\nBe aware the latest development version may not be stable.\n\n`$ git clone https://github.com/urbanadventurer/urlcrazy.git`\n\n\n### Install Ruby\n\nURLCrazy has been tested with Ruby versions 2.4 and 2.6.\n\nIf you are using Ubuntu or Debian use:\n\n`$ sudo apt install ruby`\n\n### Install Bundler\n\nBundler provides dependecy management for Ruby projects\n\n`$ gem install bundler`\n\n### Install Dependencies\n\n`$ bundle install`\n\nAlternatively, if you don't want to install bundler, the following command will install the gem dependencies.\n\n`$ gem install json colorize async async-dns async-http`\n\n\n## 💻 Usage\n\n![urlcrazy-usage](https://user-images.githubusercontent.com/101783/80223861-ecb94e80-8659-11ea-9a28-1fa59a4dfbb9.gif)\n\n### Simple Usage\n\nWith default options, URLCrazy will check over 2000 typo variants for google.com.\n\n`$ urlcrazy google.com`\n\n![urlcrazy-google](https://user-images.githubusercontent.com/101783/80225970-d95bb280-865c-11ea-86e2-cdf418b0be56.gif)\n\n### With popularity estimate\n\n`$ urlcrazy -p domain.com`\n\n### Commandline Usage\n\n```\n\ndb    db d8888b. db       .o88b. d8888b.  .d8b.  d88888D db    db\n88    88 88  `8D 88      d8P  Y8 88  `8D d8' `8b YP  d8' `8b  d8'\n88    88 88oobY' 88      8P      88oobY' 88ooo88    d8'   `8bd8'\n88    88 88`8b   88      8b      88`8b   88~~~88   d8'      88\n88b  d88 88 `88. 88booo. Y8b  d8 88 `88. 88   88  d8' db    88\n~Y8888P' 88   YD Y88888P  `Y88P' 88   YD YP   YP d88888P    YP\n\nURLCrazy version 0.7.3 by Andrew Horton (urbanadventurer)\nVisit https://morningstarsecurity.com/research/urlcrazy\n\nGenerate and test domain typos and variations to detect and perform typo squatting, URL hijacking,\nphishing, and corporate espionage.\n\nSupports the following domain variations:\nCharacter omission, character repeat, adjacent character swap, adjacent character replacement, double\ncharacter replacement, adjacent character insertion, missing dot, strip dashes, insert dash,\nsingular or pluralise, common misspellings, vowel swaps, homophones, bit flipping (cosmic rays),\nhomoglyphs, wrong top level domain, and wrong second level domain.\n\nUsage: ./urlcrazy [options] domain\n\nOptions\n-k, --keyboard=LAYOUT  Options are: qwerty, azerty, qwertz, dvorak (default: qwerty)\n-p, --popularity       Check domain popularity with Google\n-r, --no-resolve       Do not resolve DNS\n-i, --show-invalid     Show invalid domain names\n-f, --format=TYPE      Human readable, JSON, or CSV (default: human readable)\n-o, --output=FILE      Output file\n-n, --nocolor          Disable colour\n-d, --debug            Enable debugging output for development\n-h, --help             This help\n-v, --version          Print version information. This version is 0.7.3\n```\n\n## 🔦 Types of Domain Variations Supported\n\n### Character Omission\nThese typos are created by leaving out a letter of the domain name, one letter at a time. For example, www.goole.com and www.gogle.com\n\n### Character Repeat\nThese typos are created by repeating a letter of the domain name. For example, www.ggoogle.com and www.gooogle.com\n\n### Adjacent Character Swap\nThese typos are created by swapping the order of adjacent letters in the domain name. For example, www.googel.com and www.ogogle.com\n\n### Adjacent Character Replacement\nThese typos are created by replacing each letter of the domain name with letters to the immediate left and right on the keyboard. For example, www.googke.com and www.goohle.com\n\n### Double Character Replacement\nThese typos are created by replacing identical, consecutive letters of the domain name with letters to the immediate left and right on the keyboard. For example, www.gppgle.com and www.giigle.com\n\n### Adjacent Character Insertion\nThese typos are created by inserting letters to the immediate left and right on the keyboard of each letter. For example, www.googhle.com and www.goopgle.com\n\n### Missing Dot\nThese typos are created by omitting a dot from the domainname. For example, wwwgoogle.com and www.googlecom\n\n### Strip Dashes\nThese typos are created by omitting a dash from the domainname. For example, www.domain-name.com becomes www.domainname.com\n\n### Singular or Pluralise\nThese typos are created by making a singular domain plural and vice versa. For example, www.google.com becomes www.googles.com and www.games.co.nz becomes www.game.co.nz\n\n### Common Misspellings\nOver 8000 common misspellings from Wikipedia. For example, www.youtube.com becomes www.youtub.com and www.abseil.com becomes www.absail.com\n\n### Vowel Swapping\nSwap vowels within the domain name except for the first letter. For example, www.google.com becomes www.gaagle.com.\n\n### Homophones\nOver 450 sets of words that sound the same when spoken. For example, www.base.com becomes www.bass.com.\n\n### Bit Flipping\nEach letter in a domain name is an 8bit character. The character is substituted with the set of valid characters that can be made after a single bit flip. For example, facebook.com becomes bacebook.com, dacebook.com, faaebook.com,fabebook.com,facabook.com, etc.\n\n### Homoglyphs\nOne or more characters that look similar to another character but are different are called homogylphs. An example is that the lower case l looks similar to the numeral one, e.g. l vs 1. For example, google.com becomes goog1e.com.\n\n### Wrong Top Level Domain\nFor example, www.trademe.co.nz becomes www.trademe.co.nz and www.google.com becomes www.google.org\nUses the 19 most common top level domains.\n\n### Wrong Second Level Domain\nUses an alternate, valid second level domain for the top level domain.\nFor example, www.trademe.co.nz becomes www.trademe.ac.nz and www.trademe.iwi.nz\n\n\n## ⌨ Supported Keyboard Layouts\n\nKeyboard layouts supported are:\n\n* QWERTY\n* AZERTY\n* QWERTZ\n* DVORAK\n\n## 🕯 Is the domain valid?\n\nURLCrazy has a database of valid top level and second level domains. This information has been compiled from Wikipedia and domain registrars. We know whether a domain is valid by checking if it matches top level and second level domains. For example, www.trademe.co.bz is a valid domain in Belize which allows any second level domain registrations but www.trademe.xo.nz isn't because xo.nz isn't an allowed second level domain in New Zealand.\n\n\n## 💡 Popularity Estimate\n\nURLCrazy pioneered the technique of estimating the relative popularity of a typo from search engine results data. By measuring how many times a typo appears in webpages, we can estimate how popular that typo will be made when users type in a URL.\n\nThe inherent limitation of this technique, is that a typo for one domain, can be a legitimate domain in its own right. For example, googles.com is a typo of google.com but it also a legitimate domain.\n\nFor example, consider the following typos for google.com.\n\n| Count. | Typo         |\n| ------ | ------------ |\n| 25424  | gogle.com    |\n| 24031  | googel.com   |\n| 22490  | gooogle.com  |\n| 19172  | googles.com  |\n| 19148  | goole.com    |\n| 18855  | googl.com    |\n| 17842  | ggoogle.com  |\n\n\n## 🔧 Troubleshooting\n\n### MacOS File Descriptor Limit\nIf DNS resolution fails under Macos it could be due to the small default file descriptor limit.\n\nTo display the current file descriptor limit use:\n\n`$ ulimit -a`\n\nTo increase the file descriptor limit use:\n\n`$ ulimit -n 10000`\n\n### No results for Wrong TLDs\n\nCheck your ulimit and set it to 10000 or a number higher than number of hostnames you are processing.\n\n## 💣  Known Issues\n\n### No WHOIS checking\nThis tool does not check if a domain has been registered. This is due to WHOIS servers enforcing rate-limiting and banning IP addresses.\n\n## 👏 URLCrazy Appearances\n\n### Kali Linux\nURLCrazy was a default tool in BackTrack 5, and later Kali Linux.\nhttps://tools.kali.org/information-gathering/urlcrazy\n\n### The Browser Hacker's Handbook\nAuthored by Wade Alcorn, Christian Frichot, and Michele Orru.\n\nURLCrazy is included in Chapter 2 of this seminal work on the topic.\n\n### PTES Technical Guidelines\nPenetration Testing Execution Standard (PTES) is a standard designed to provide a common language and scope for performing penetration testing (i.e. Security evaluations). URLCrazy is included in the Tools Required section.\n\nhttp://www.pentest-standard.org/index.php/PTES_Technical_Guidelines\n\n### Network Security Toolkit\n\nNetwork Security Toolkit is a bootable Linux distribution designed to provide easy access to best-of-breed Open Source Network Security Applications.\nhttps://www.networksecuritytoolkit.org/\n\n\n## 📚 Other Projects\n\nURLCrazy was first published in 2009, and for many years was the most advanced opensource tool for studying typosquatting. Since then multiple other tools have been developed by the infosec community.\n\n### DNSTwist\n\nDNSTwist is developed by Marcin Ulikowski and first published in 2015. DNSTwist had a significant feature overlap with URLCrazy at the time, and introduced many new features.\n\nLanguage: Python\n\nhttps://github.com/elceef/dnstwist\n\n### URLInsane\n\nURLInsane was developed by Rangertaha in 2018 and claims to match the features of URLCrazy and DNSTwist.\n\nLanguage: Go\n\nhttps://github.com/cybint/urlinsane\n\n### DomainFuzz\n\nDomainFuzz was developed by monkeym4sterin 2017.\nLanguage: Node.JS\n\nhttps://github.com/monkeym4ster/DomainFuzz\n\n\n## 😎 Authors and Acknowledgement\n\nDeveloped by Andrew Horton (@urbanadventurer).\n\n- Thanks to Ruby on Rails for Inflector which allows plural and singular permutations.\n- Thanks to Wikipedia for the set of common misspellings, homophones, and homoglyphs.\n- Thanks to software77.net for their IP to country database\n\n## 🙋 Community\n\nPull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.\n\nPlease make sure to update tests as appropriate.\n\n## 📄 License\n\nCopyright Andrew Horton, 2012-2021. You have permission to use and distribute this software. You do not have permission to distribute modified versions without permission. You do not have permission to use this as part of a commercial service unless it forms part of a penetration testing service. For example a commercial service that provides domain protection for clients must obtain a license first. Email me if you require a license.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Furbanadventurer%2Furlcrazy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Furbanadventurer%2Furlcrazy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Furbanadventurer%2Furlcrazy/lists"}