Skip to main content

Defangs and refangs malicious URLs

Project description

Defangs and refangs malicious URLs


  • As a script: use the defang command to defang or “refang” content, supporting both stdin/stdout streams as well as to/from files on disk:

    $ echo | defang
  • As a library:

    >>> from defang import defang
    >>> url = ""
    >>> defang(url)
  • We’ve added a few new keyword argument options:

    >>> defang(url, colon=True)
    >>> defang(url, all_dots=True)
    >>> defang(url, zero_width_replace=True)
    # printed as 'h​t​t​p​:​/​/​e​v​i​l​.​e​x​a​m​p​l​e​.​c​o​m​/​m​a​l​i​c​i​o​u​s​.​p​h​p'


  • Merged in optional feature to split characters with the zero-width character.

  • left in a debug print message in my last patch… removed it.

  • refangs boxed in colons [:]

  • added new options to defang

  • all_dots=True will turn all dots into [.] and not just the one before the TLD

  • colon=True will translate http:// into http[:]// as well as other protocols

  • added support for URIs with IPv4

  • added some regex fixes and arbitrary protocol defanging

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

defang-0.5.3.tar.gz (4.7 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page