Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/evilsocket/ditto
A tool for IDN homograph attacks and detection.
https://github.com/evilsocket/ditto
Last synced: 5 days ago
JSON representation
A tool for IDN homograph attacks and detection.
- Host: GitHub
- URL: https://github.com/evilsocket/ditto
- Owner: evilsocket
- License: other
- Created: 2021-01-28T13:46:48.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2021-02-01T18:11:45.000Z (almost 4 years ago)
- Last Synced: 2024-12-03T10:51:57.899Z (9 days ago)
- Language: Go
- Homepage:
- Size: 95.7 KB
- Stars: 731
- Watchers: 20
- Forks: 67
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
- WebHackersWeapons - ditto
- awesome-hacking-lists - evilsocket/ditto - A tool for IDN homograph attacks and detection. (Go)
README
Ditto is a small tool that accepts a domain name as input and generates all its variants for an [homograph attack](https://en.wikipedia.org/wiki/IDN_homograph_attack) as output, checking which ones are available and which are already registered.
PoC domains
* https://tᴡitter.com/
* https://clᴏudflare.com## Using with Docker
The [image on docker hub](https://hub.docker.com/r/evilsocket/ditto) is updated on every push, you can just:
docker run evilsocket/ditto -h
## Compiling from sources
Compiling from sources requires the go compiler, this will install the binary in `$GOPATH/bin`:
# make sure go modules are used
GO111MODULE=on go get github.com/evilsocket/ditto/cmd/ditto## Usage
To only transform a string:
ditto -string google
For a domain:
ditto -domain facebook.com
Use more concurrent workers to increase speed (WARNING: might cause a temporary IP ban from the WHOIS servers):
ditto -workers 4 -domain facebook.com
If instead of mutating the domain name you want to check other TLDs (throttle is set to 1s in order to avoid being
blocked by WHOIS servers due to the many requests in a short timeframe):ditto -domain facebook.com -tld -throttle 1000 -limit 100
Only show available domains:
ditto -domain facebook.com -available
Only show registered domains:
ditto -domain facebook.com -registered
Only show registered domains that resolve to an IP:
ditto -domain facebook.com -liveShow WHOIS information:
ditto -domain facebook.com -live -whois
Save to CSV file with extended WHOIS information:
ditto -domain facebook.com -whois -csv output.csv
Keep running and monitoring for changes every hour:
ditto -domain facebook.com -monitor 1h
The same but also keep and store the changes as JSON files:
ditto -domain facebook.com -monitor 1h -changes /some/path -keep-changes
Execute a command if changes have been detected (see example send-email-report.sh in this repo, automatically added to the docker image):
ditto -domain facebook.com \
-monitor 1h \
-trigger "/usr/bin/send-email-report.sh {{.Domain}} {{.ChangesFile}} [email protected]"For more options:
ditto -help## License
Released under the GPL3 license.