Skip to main content

A tool for analyzing domains for the risk of IDN homograph attacks

Project description

EvilURL Checker

evilurl git:(main)  python evilurl github.com

 ██████████ █████   █████ █████ █████          █████  █████ ███████████   █████
░░███░░░░░█░░███   ░░███ ░░███ ░░███          ░░███  ░░███ ░░███░░░░░███ ░░███
 ░███     ░███    ░███  ░███  ░███           ░███   ░███  ░███    ░███  ░███
 ░██████    ░███    ░███  ░███  ░███           ░███   ░███  ░██████████   ░███
 ░███░░█    ░░███   ███   ░███  ░███           ░███   ░███  ░███░░░░░███  ░███
 ░███      ░░░█████░    ░███  ░███          ░███   ░███  ░███    ░███  ░███       ██████████    ░░███      █████ ███████████    ░░████████   █████   █████ ███████████
░░░░░░░░░░      ░░░      ░░░░░ ░░░░░░░░░░░      ░░░░░░░░   ░░░░░   ░░░░░ ░░░░░░░░░░░

[ by @glaubermagal ]

[*] Domain: github.com
[*] Homograph characters used: ['ɡ', 'ս']

1 -------------------------------
homograph domain: githսb.com
punnycode: xn--githb-bjg.com
DNS:  UNSET

2 -------------------------------
homograph domain: ɡithub.com
punnycode: xn--ithub-qmc.com
DNS:  107.180.21.235

3 -------------------------------
homograph domain: ɡithսb.com
punnycode: xn--ithb-z7b398b.com
DNS:  UNSET

Author: @glaubermagal

Overview

The Homograph URL Checker is a Python tool designed to analyze and identify potential Internationalized Domain Name (IDN) homograph attacks. Homograph attacks involve the use of characters that visually resemble each other but have different Unicode representations. This tool checks for variations of Latin characters that may be exploited for phishing or malicious purposes.

Motivation

The primary motivation behind this project is to raise awareness about the potential security risks associated with IDN homograph attacks. By identifying visually similar characters, the tool aims to help users and security professionals study and understand the vulnerabilities in domain names, promoting better protection against phishing attempts and other cyber threats.

Installation

pip install evilurl

Usage

Single Domain Analysis

To check a single domain, run the tool with the following command:

python evilurl <domain>

Batch Analysis from File

To analyze multiple domains from a file, use the following command:

python evilurl -f <file_path>

Dependencies

  • Python 3
  • idna library

Create a virtualenv

python -m venv venv
source venv/bin/activate

Install the required library using:

pip install -r requirements.txt

Unicode Combinations

The tool considers various Unicode combinations for visually similar characters, including Cyrillic, Greek, and Armenian characters. The combinations are defined in the tool to assist in the identification of potential homograph attacks.

Disclaimer

This tool is intended for educational and research purposes only. The author is not responsible for any misuse of this tool.

How It Works

  1. The tool extracts the domain parts from the provided URL.
  2. It generates combinations of visually similar characters for each Latin character in the domain.
  3. For each combination, it constructs a new domain and checks its registration status and DNS information.
  4. The tool then displays the homograph domains, their punycode representation, and DNS status.

Example Usage

Single Domain Analysis

python evilurl example.com

Batch Analysis from File

python evilurl -f domains.txt

License

This project is licensed under the MIT License - see the LICENSE file for details.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

evilurl-0.0.7.tar.gz (5.3 kB view details)

Uploaded Source

File details

Details for the file evilurl-0.0.7.tar.gz.

File metadata

  • Download URL: evilurl-0.0.7.tar.gz
  • Upload date:
  • Size: 5.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.10.6

File hashes

Hashes for evilurl-0.0.7.tar.gz
Algorithm Hash digest
SHA256 016444f929c69883a669810a8ff680e16e8a61bbf3334d3e6224ae6f33b6041a
MD5 41f2a935599f34f516b2b1cef4ad8f0e
BLAKE2b-256 12543dd77fd2818639019da4b062c8780e501f141a2c17060aae0965a1ef5e1b

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page