Skip to main content

Defangs and refangs malicious URLs

Project description

Defangs and refangs malicious URLs


  • As a script: use the defang command to defang or “refang” content, supporting both stdin/stdout streams as well as to/from files on disk:

    $ echo | defang
  • As a library:

    >>> from defang import defang
    >>> url = ""
    >>> defang(url)
  • We’ve added a few new keyword argument options:

    >>> defang(url, colon=True)
    >>> defang(url, all_dots=True)
    >>> defang(url, zero_width_replace=True)
    # printed as 'h​t​t​p​:​/​/​e​v​i​l​.​e​x​a​m​p​l​e​.​c​o​m​/​m​a​l​i​c​i​o​u​s​.​p​h​p'


  • Merged in optional feature to split characters with the zero-width character.
  • left in a debug print message in my last patch… removed it.
  • refangs boxed in colons [:]
  • added new options to defang
  • all_dots=True will turn all dots into [.] and not just the one before the TLD
  • colon=True will translate http:// into http[:]// as well as other protocols
  • added support for URIs with IPv4
  • added some regex fixes and arbitrary protocol defanging

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

defang-0.5.3.tar.gz (4.7 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page