Typofinder for domain typo discovery
Released as open source by NCC Group Plc - http://www.nccgroup.com/
Developed by:
- Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com
- Stephen Tomkinson, @neonbunny9 on twitter
https://github.com/nccgroup/typofinder
Released under AGPL see LICENSE for more information
A sample deployment can be found here:
Some rough notes around the v2 architecture:
- Domain to IP
- MX records
- A and AAAA
- www address records
- webmail address records
- m address records
- A keyboard map template system (currently UK supplied)
- Geographic IP to flag
- Google safe browsing integration
- Bit flipping / squatting - http://dinaburg.org/bitsquatting.html
- dnspython (1.11.1)
- pygeoip (0.3.0)
- remove characters from the supplied domain
- duplicate characters in the supplied domain
- replace characters with adjacent keyboard characters depending on keyboard map supplied
- swap the global TLD for each of the current valid TLDs list at - http://data.iana.org/TLD/tlds-alpha-by-domain.txt
- flip bits in the legit domain to detect the bitsquatting attacks
- checks web sites against Google's Safe Browsing API1
- Launch in TypoMagic directory
- Connect to http://127.0.0.1:801/
- for the old UI use http://127.0.0.1:801/index.old.html
- Follow prompts
To use the Google Safe Browsing API you must register for an API key. Obtain your API key here: https://developers.google.com/safe-browsing/key_signup
You can find further information on Google Safe Browsing API here: https://developers.google.com/safe-browsing/
If you have a Google Safe Browsing API you can enter this at the command line e.g. python TypoMagic.py -k
Alternately you can place you API in the KEY parameter in TypoMagic.py.
1 Google works to provide the most accurate and up-to-date phishing and malware information. However, it cannot guarantee that its information is comprehensive and error-free: some risky sites may not be identified, and some safe sites may be identified in error.