Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/nccgroup/typofinder
A finder of domain typos showing country of IP address
https://github.com/nccgroup/typofinder
Last synced: 25 days ago
JSON representation
A finder of domain typos showing country of IP address
- Host: GitHub
- URL: https://github.com/nccgroup/typofinder
- Owner: nccgroup
- License: agpl-3.0
- Created: 2013-12-15T15:51:43.000Z (almost 11 years ago)
- Default Branch: master
- Last Pushed: 2023-11-15T15:13:55.000Z (about 1 year ago)
- Last Synced: 2024-11-09T13:38:32.171Z (about 1 month ago)
- Language: Python
- Homepage: https://cyberstore.nccgroup.com/our-services/service-details/10/domain-intelligence
- Size: 30.4 MB
- Stars: 166
- Watchers: 17
- Forks: 42
- Open Issues: 14
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-rainmana - nccgroup/typofinder - A finder of domain typos showing country of IP address (Python)
README
Domain typo finder
======================
Typofinder for domain typo discovery
Released as open source by NCC Group Plc - http://www.nccgroup.com/
Developed by:
* Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com
* Stephen Tomkinson, @neonbunny9 on twitter
* Matt Summers, matt dot summers at nccgroup dot com
https://github.com/nccgroup/typofinder
Released under AGPL see LICENSE for more information
Development Wiki
-------------
Some rough notes around the v2 architecture:
* https://github.com/nccgroup/typofinder/wiki
Features
-------------
* Domain to IP
* MX records
* A and AAAA
* www address records
* webmail address records
* m address records
* A keyboard map template system (currently UK supplied)
* Geographic IP to flag
* Google safe browsing integration
* Bit flipping / squatting - http://dinaburg.org/bitsquatting.html
* Homoglyph attack identification
* Whois
Dependencies - server
-------------
* Python (3.3)
* dnspython3 (1.11.1)
* pygeoip (0.3.1)
* publicsuffix (1.0.5)
Dependencies - client
-------------
* Python (3.3)
* simplejson
* requests
* BeautifulSoup (4)
* html5lib
What it does
-------------
* remove characters from the supplied domain
* duplicate characters in the supplied domain
* replace characters with adjacent keyboard characters depending on keyboard map supplied
* swap the global TLD for each of the current valid TLDs list at - http://data.iana.org/TLD/tlds-alpha-by-domain.txt
* flip bits in the legit domain to detect the bitsquatting attacks
* swaps characters with similar looking characters to find homoglyph attacks
* checks web sites against Google's Safe Browsing API1
Usage
-------------
* Launch in TypoMagic directory
* Connect to http://127.0.0.1:801/
* Follow prompts
Updating Data Sources
-------------
The included updatedatasources.py script can be used to ensure that the program is using the latest 3rd party data.
Please be considerate of the data providers and use this script sparingly.
Google Safe Browsing API Key
-------------
To use the Google Safe Browsing API you must register for an API key.
Obtain your API key here: https://developers.google.com/safe-browsing/key_signup
You can find further information on Google Safe Browsing API here:
https://developers.google.com/safe-browsing/
If you have a Google Safe Browsing API you can enter this at the command line e.g.
python TypoMagic.py -k
Alternately you can place you API in the KEY parameter in TypoMagic.py.
1 Google works to provide the most accurate and up-to-date phishing and malware information.
However, it cannot guarantee that its information is comprehensive and error-free: some risky sites may not be
identified, and some safe sites may be identified in error.