A tool for analyzing domains for the risk of IDN homograph attacks
Project description
EvilURL Checker
evilurl git:(main) ✗ evilurl github.com
██████████ █████ █████ █████ █████ █████ █████ ███████████ █████
░░███░░░░░█░░███ ░░███ ░░███ ░░███ ░░███ ░░███ ░░███░░░░░███ ░░███
░███ █ ░ ░███ ░███ ░███ ░███ ░███ ░███ ░███ ░███ ░███
░██████ ░███ ░███ ░███ ░███ ░███ ░███ ░██████████ ░███
░███░░█ ░░███ ███ ░███ ░███ ░███ ░███ ░███░░░░░███ ░███
░███ ░ █ ░░░█████░ ░███ ░███ █ ░███ ░███ ░███ ░███ ░███ █
██████████ ░░███ █████ ███████████ ░░████████ █████ █████ ███████████
░░░░░░░░░░ ░░░ ░░░░░ ░░░░░░░░░░░ ░░░░░░░░ ░░░░░ ░░░░░ ░░░░░░░░░░░
[ by @glaubermagal – https://github.com/glaubermagal/evilurl]
[*] Domain: github.com
[*] Homograph characters used: ['һ', 'ƍ', 'ᴛ', 'ս', 'і', 'ᖯ', 'ɡ']
+--------------------+-------------------+----------------+---------+---------------------------------+
| homograph_domain | punycode | dns | mixed | combinations |
+====================+===================+================+=========+=================================+
| ɡithub.com | xn--ithub-qmc.com | 107.189.22.234 | YES | ɡ → LATIN SMALL LETTER SCRIPT G |
+--------------------+-------------------+----------------+---------+---------------------------------+
Overview
The Homograph URL Checker is a Python tool designed to analyze and identify potential Internationalized Domain Name (IDN) homograph attacks. Homograph attacks involve the use of characters that visually resemble each other but have different Unicode representations. This tool checks for variations of Latin characters that may be exploited for phishing or malicious purposes.
Motivation
The primary motivation behind this project is to raise awareness about the potential security risks associated with IDN homograph attacks. By identifying visually similar characters, the tool aims to help users and security professionals study and understand the vulnerabilities in domain names, promoting better protection against phishing attempts and other cyber threats.
Installation
pip install evilurl
Dependencies for Local Installation
- Python 3
Create a virtualenv
python -m venv venv
source venv/bin/activate
Install the required library using:
pip install -r requirements.txt
Unit Tests
To run the unit tests, use the following command:
python -m unittest tests/tests.py
Usage
Single Domain Analysis
To check a single domain, run the tool with the following command:
evilurl <domain>
Batch Analysis from File
To analyze multiple domains from a file, use the following command:
evilurl -f <file_path>
Unicode Combinations
The tool considers various Unicode combinations for visually similar characters, including Cyrillic, Greek, and Armenian characters. The combinations are defined in the tool to assist in the identification of potential homograph attacks.
In the output, "MIXED NO" indicates that the domain uses a single character family and is typically eligible for registration with most registrars.
Disclaimer
This tool is intended for ethical hacking purposes only.
How It Works
- The tool extracts the domain parts from the provided URL.
- It generates combinations of visually similar characters for each Latin character in the domain.
- For each combination, it constructs a new domain and checks its registration status and DNS information.
- The tool then displays the homograph domains, their punycode representation, and DNS status.
Example Usage
Single Domain Analysis
evilurl example.com
Batch Analysis from File
evilurl -f domains.txt
Return only the domains
evilurl example.com --domains-only
Return all domains, including the unregistered
evilurl example.com --log-full
Return domains in JSON format
evilurl example.com --json
Return only mixed charset domains
evilurl example.com --mixed-only
Blocklist
Feel free to contribute to the blocklist by identifying homograph domains used for malicious purposes or submit the homograph combinations of your own domain to protect it against future IDN homograph attacks. All domains added will be shared with the following repositories to help disseminate knowledge of these domains:
License
This project is licensed under the MIT License - see the LICENSE file for details.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file evilurl-2.0.1.tar.gz
.
File metadata
- Download URL: evilurl-2.0.1.tar.gz
- Upload date:
- Size: 8.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.7
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3d0bb73f7011707fc0e8248d969ba6948eff7fae729ab3346f0920e3b0618029 |
|
MD5 | 211294232584e930d282083e243cd121 |
|
BLAKE2b-256 | 7236ace2fb9b29fac2bcd27402050ca545b2b6897f158e8917e8db4d67dc53ba |