Skip to content
/ CrazyParser Public

Parse URLCrazy and dnstwist output and compare against previous runs to identify new typosquatted domains.

License

MIT license
51 stars 16 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hardwaterhacker/CrazyParser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
crazyParser.py
crazyParser.py
 
 
knowndomains.csv
knowndomains.csv
 
 
mydomains.csv
mydomains.csv
 
 

Repository files navigation

CrazyParser

CrazyParser is a python utility to automate the generation of potential typosquatted domain names using URLCrazy and/or dnstwist. CrazyParser takes an input file of domain names, a list of domains previously identified by URLCrazy and/or dnstwist, and generates an email notification indicating whether new typosquatted domains have been identified.

This was originally created to notify security analysts of potential new typosquatted domains that may be used in a phishing attack. Security analysts can use this information to enhance monitoring or place blocking in web proxies to prevent access to the phishing domain.

CrazyParser files

  • crazyParser.py - Python utility for automating URLCrazy and dnstwist queries
  • mydomains.csv - contains all domains you wish to query for typosquatting
  • knowndomains.csv - contains domains previously identified valid or typosquatted domains

mydomains.csv format

mydomains.csv contains a list of one or more domains to monitor for, one per line.

knowndomains.csv

knowndomains.csv contains domains previously identified as either typosquatters or valid domains. The format of this file is one entry per line in the form of: domain.tld,reason. knowndomains.csv must have a header row containing the text "Domain,Reason". The reason is not used by crazyParser. This field should be populated with your description of the domain.

To populate knowndomains.csv, clear the example entries from knowndomains.csv and use crazyParser to generate a list of domains to review. Review each domain to determine if it is a valid domain or a typosquatter. Record the domain name and whether the domain is valid or a typosquatter in this file.

Usage

python crazyParser.py.

crazyParser takes each domain listed in mydomains.csv and uses URLCrazy and/or dnstwist to generate a list of typosquatted domains. Each registered domain is compared against knowndomains.csv. If there are no new domains discovered, crazyParser will generate an email containing an all clear message. If any new domains are discovered, the output will be placed in a csv file and attached to an email stating a review is necessary. This output should be reviewed and the knowndomains.csv file should be updated with the new entry.

To Do

  • sendMail() will break if too many recipients are specified

About

Parse URLCrazy and dnstwist output and compare against previous runs to identify new typosquatted domains.

Resources

Readme

License

MIT license
Activity

Stars

51 stars

Watchers

8 watching

Forks

16 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages