morningstarsecurity.com
Open in
urlscan Pro
104.225.220.14
Public Scan
Submitted URL: http://www.morningstarsecurity.com/research/urlcrazy
Effective URL: http://morningstarsecurity.com/research/urlcrazy
Submission Tags: falconsandbox
Submission: On December 19 via api from US — Scanned from DE
Effective URL: http://morningstarsecurity.com/research/urlcrazy
Submission Tags: falconsandbox
Submission: On December 19 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
GET https://morningstarsecurity.com/
<form role="search" method="get" class="search-form" action="https://morningstarsecurity.com/"> <label> <span class="screen-reader-text">Search for:</span> <input type="search" class="search-field" placeholder="Search …" value="" name="s"> </label>
<input type="submit" class="search-submit" value="Search">
<div class="nv-search-icon-wrap"><span class="nv-icon nv-search"><svg width="15" height="15" viewBox="0 0 1792 1792" xmlns="http://www.w3.org/2000/svg">
<path
d="M1216 832q0-185-131.5-316.5t-316.5-131.5-316.5 131.5-131.5 316.5 131.5 316.5 316.5 131.5 316.5-131.5 131.5-316.5zm512 832q0 52-38 90t-90 38q-54 0-90-38l-343-342q-179 124-399 124-143 0-273.5-55.5t-225-150-150-225-55.5-273.5 55.5-273.5 150-225 225-150 273.5-55.5 273.5 55.5 225 150 150 225 55.5 273.5q0 220-124 399l343 343q37 37 37 90z">
</path>
</svg></span></div>
</form>GET https://morningstarsecurity.com/
<form role="search" method="get" class="search-form" action="https://morningstarsecurity.com/"> <label> <span class="screen-reader-text">Search for:</span> <input type="search" class="search-field" placeholder="Search …" value="" name="s"> </label>
<input type="submit" class="search-submit" value="Search">
<div class="nv-search-icon-wrap"><span class="nv-icon nv-search"><svg width="15" height="15" viewBox="0 0 1792 1792" xmlns="http://www.w3.org/2000/svg">
<path
d="M1216 832q0-185-131.5-316.5t-316.5-131.5-316.5 131.5-131.5 316.5 131.5 316.5 316.5 131.5 316.5-131.5 131.5-316.5zm512 832q0 52-38 90t-90 38q-54 0-90-38l-343-342q-179 124-399 124-143 0-273.5-55.5t-225-150-150-225-55.5-273.5 55.5-273.5 150-225 225-150 273.5-55.5 273.5 55.5 225 150 150 225 55.5 273.5q0 220-124 399l343 343q37 37 37 90z">
</path>
</svg></span></div>
</form>Text Content
Skip to content
* Home
* Security News
* Vulnerability Search
* Research
* WhatWeb
* URLCrazy
* Username Anarchy
* GeoIPgen
* bing-ip2hosts
* gggooglescan
* Clickjacking For Shells
* Presentations
* Vulnerability Advisories
* Blog
* About
* Search for:
Toggle Navigation
Toggle Navigation
* Home
* Security News
* Vulnerability Search
* Research
* WhatWeb
* URLCrazy
* Username Anarchy
* GeoIPgen
* bing-ip2hosts
* gggooglescan
* Clickjacking For Shells
* Presentations
* Vulnerability Advisories
* Blog
* About
* Search for:
URLCRAZY
Download urlcrazy-0.5.tar.gz
Latest Version 0.5, July 2012
License Restrictive. See README file.
Author Andrew Horton (urbanadventurer)
Kali Linux https://tools.kali.org/information-gathering/urlcrazy
INTRODUCTION
URLCrazy allows you to generate and test domain typos and variations to detect
and perform typo squatting, URL hijacking, phishing, and corporate espionage.
USAGE
* Detect typo squatters profiting from typos on your domain name
* Protect your brand by registering popular typos
* Identify typo domain names that will receive traffic intended for another
domain
* Conduct phishing attacks during a penetration test
FEATURES
* Generates 15 types of domain variants
* Knows over 8000 common misspellings
* Supports cosmic ray induced bit flipping
* Multiple keyboard layouts (qwerty, azerty, qwertz, dvorak)
* Checks if a domain variant is valid
* Test if domain variants are in use
* Estimate popularity of a domain variant URLCrazy requires Linux and the Ruby
interpreter.
USAGE
SAMPLE REPORT
TYPES OF DOMAIN VARIATIONS SUPPORTED
Character Omission
These typos are created by leaving out a letter of the domain name, one letter
at a time. For example, www.goole.com and www.gogle.com
Character Repeat
These typos are created by repeating a letter of the domain name. For example,
www.ggoogle.com and www.gooogle.com
Adjacent Character Swap
These typos are created by swapping the order of adjacent letters in the domain
name. For example, www.googel.com and www.ogogle.com
Adjacent Character Replacement
These typos are created by replacing each letter of the domain name with letters
to the immediate left and right on the keyboard. For example, www.googke.com and
www.goohle.com
Double Character Replacement
These typos are created by replacing identical, consecutive letters of the
domain name with letters to the immediate left and right on the keyboard. For
example, www.gppgle.com and www.giigle.com
Adjacent Character Insertion
These typos are created by inserting letters to the immediate left and right on
the keyboard of each letter. For example, www.googhle.com and www.goopgle.com
Missing Dot
These typos are created by omitting a dot from the domainname. For example,
wwwgoogle.com and www.googlecom
Strip Dashes
These typos are created by omitting a dash from the domainname. For example,
www.domain-name.com becomes www.domainname.com
Singular or Pluralise
These typos are created by making a singular domain plural and vice versa. For
example, www.google.com becomes www.googles.com and www.games.co.nz becomes
www.game.co.nz
Common Misspellings
Over 8000 common misspellings from Wikipedia. For example, www.youtube.com
becomes www.youtub.com and www.abseil.com becomes www.absail.com
Vowel Swapping
Swap vowels within the domain name except for the first letter. For example,
www.google.com becomes www.gaagle.com.
Homophones
Over 450 sets of words that sound the same when spoken. For example,
www.base.com becomes www.bass.com.
Homoglyphs
One or more characters that look similar to another character but are different
are called homogylphs. An example is that the lower case l looks similar to the
numeral one, e.g. l vs 1. For example, google.com becomes goog1e.com.
Wrong Top Level Domain
For example, www.trademe.co.nz becomes www.trademe.co.nz and www.google.com
becomes www.google.org Uses the 19 most common top level domains.
Wrong Second Level Domain
Uses an alternate, valid second level domain for the top level domain. For
example, www.trademe.co.nz becomes www.trademe.ac.nz and www.trademe.iwi.nz
Bit Flipping
Each letter in a domain name is an 8bit character. The character is substituted
with the set of valid characters that can be made after a single bit flip. For
example, facebook.com becomes bacebook.com, dacebook.com,
faaebook.com,fabebook.com,facabook.com, etc.
TIPS
The output will often be wider than the width of your terminal. If this bothers
you, output your report to a file or increase the width of your terminal.
KEYBOARD LAYOUTS SUPPORTED ARE
* QWERTY
* AZERTY
* QWERTZ
* DVORAK
IS THE DOMAIN VALID?
UrlCrazy has a database of valid top level and second level domains. This
information has been compiled from Wikipedia and domain registrars. We know
whether a domain is valid by checking if it matches toplevel and second level
domains. For example, www.trademe.co.bz is a valid domain in Belize which allows
any second level domain registrations but www.trademe.xo.nz isn’t because xo.nz
isn’t an allowed second level domain in New Zealand.
POPULARITY ESTIMATE
We can estimate the relative popularity of a typo by measuring how often that
typo appears on webpages. Querying goole.com for the number of search results
for a typo gives us a indication of how popular a typo is. The drawback of this
approach is that you need to manually identify and omit legitimate domains such
as googles.com For example, consider the following typos for google.com.
25424 gogle.com
24031 googel.com
22490 gooogle.com
19172 googles.com
19148 goole.com
18855 googl.com
17842 ggoogle.com
IP ADDRESS
An IP address for a typo domainname indicates it is in use. Tip: An IP repeating
for multiple typos or IPs in a close range shows common ownership. For example,
gogle.com, gogole.com and googel.com all resolve to 64.233.161.104 which is
owned by Google.
COUNTRY CODE DATABASE
http://en.wikipedia.org/wiki/Top-level_domain
http://en.wikipedia.org/wiki/Country_code_top-level_domain
2nd level domains here: http://www.iana.org/domains/root/db/
SEE ALSO
http://en.wikipedia.org/wiki/Wikipedia:AutoWikiBrowser/Typos
http://en.wikipedia.org/wiki/Wikipedia:Typo
http://en.wikipedia.org/wiki/Typosquatting
Strider is tool with similar aims and is produced by Microsoft
http://research.microsoft.com/csm/strider/
APPEARANCES
Steven Wierckx wrote an article about URLCrazy at www.ihackforfun.eu.
Read Article
CREDITS
Authored by Andrew Horton (urbanadventurer). Andrew is a security consultant.
Thanks to Ruby on Rails for Inflector which allows plural and singular
permutations.
Thanks to Wikipedia for the set of common misspellings, homophones, and
homoglyphs.
Thanks to software77.net for their IP to country database
FacebookTwitterLinkedInReddit
10 THOUGHTS ON “URLCRAZY”
1. Pingback: InfoSec Institute Resources – Backtrack 5 R3 Walkthrough part 2
2. Pingback: Mitigating Angry Boss Phishing Attacks From Copycat Domains |
Musings of An Information Security Professional
3. Pingback: ????????? ??????????? ?? ???? Windows. - Cryptoworld
4. Pingback: Generating Domain Name Variations Used in Phishing Attacks | The
Dennis Nadeau Complaint
5. Pingback: 13 лучших инструментов по анализу данных для хакера | Библиотека
программиста
6. Pingback: The Growth of the Business Email Scams Threat – Security Colony
7. Pingback: Top ways to protect your business against phishing attacks
8. Pingback: URLCrazy – Domain Typo Discovery Tool | SecTechno
9. Pingback: Errores tipograficos en dominios y deteccion de posibles phishing
10. Pingback: External threat intelligence for brand & supply chain monitoring
Comments are closed.
* Home
* Security News
* Vulnerability Search
* Research
* Blog
* Links
* About
FacebookTwitterLinkedInReddit
✓
Thanks for sharing!
AddToAny
More…