URLCrazy: Domain Variant Detector

CyberPunk Information Gathering
Last Release: 04/14/2021    
URLCrazy: Domain Variant Detector

URLCrazy is an OSINT tool which allows you to search for common text mistakes of your domain. This allows you to detect typo squatters which may be profiting from the popularity of your domain or any phishers who may be stealing the personal information of your clients. URLCrazy also shows which domain variants are more likely to receive traffic.

URLCrazy: OSINT Tool Which Detects Typo Squatting, URL Hijacking & Phishing

This OSINT tool has numerous functions, which include allowing you to detect typo squatters who taking advantage of the popularity of your domain, protecting your brand by allowing you to register popular domain names and allowing you to conduct phishing attacks during penetration tests to secure the identity and information of your clients.

Features:

  • Generates 15 types of domain variants.
  • Knows over 8000 common misspellings.
  • Checks if a domain variant is valid.
  • Test if domain variants are in use.
  • Estimate popularity of a domain variant.

Domain Variations Supported

Character Omission

– These typos are created by leaving out a letter of the domain name, one letter at a time. For example, www.goole.com and www.gogle.com

Character Repeat

– These typos are created by repeating a letter of the domain name. For example, www.ggoogle.com and www.gooogle.com

Adjacent Character Swap

– These typos are created by swapping the order of adjacent letters in the domain name. For example, www.googel.com and www.ogogle.com

Adjacent Character Replacement

– These typos are created by replacing each letter of the domain name with letters to the immediate left and right on the keyboard. For example, www.googke.com and www.goohle.com

Double Character Replacement

– These typos are created by replacing identical, consecutive letters of the domain name with letters to the immediate left and right on the keyboard. For example, www.gppgle.com and www.giigle.com

Adjacent Character Insertion

– These typos are created by inserting letters to the immediate left and right on the keyboard of each letter. For example, www.googhle.com and www.goopgle.com

Missing Dot

– These typos are created by omitting a dot from the domainname. For example, wwwgoogle.com and www.googlecom

Strip Dashes

– These typos are created by omitting a dash from the domainname. For example, www.domain-name.com becomes www.domainname.com

Singular or Pluralise

– These typos are created by making a singular domain plural and vice versa. For example, www.google.com becomes www.googles.com and www.games.co.nz becomes www.game.co.nz

Common Misspellings

– Over 8000 common misspellings from Wikipedia. For example, www.youtube.com becomes www.youtub.com and www.abseil.com becomes www.absail.com

Vowel Swapping

– Swap vowels within the domain name except for the first letter. For example, www.google.com becomes www.gaagle.com.

Homophones

– Over 450 sets of words that sound the same when spoken. For example, www.base.com becomes www.bass.com.

Homoglyphs

– One or more characters that look similar to another character but are different are called homogylphs. An example is that the lower case l looks similar to the numeral one, e.g. l vs 1. For example, google.com becomes goog1e.com.

Wrong Top Level Domain

-For example, www.trademe.co.nz becomes www.trademe.co.nz and www.google.com becomes www.google.org Uses the 19 most common top level domains.

Wrong Second Level Domain

– Uses an alternate, valid second level domain for the top level domain. For example, www.trademe.co.nz becomes www.trademe.ac.nz and www.trademe.iwi.nz

Bit Flipping

– Each letter in a domain name is an 8bit character. The character is substituted with the set of valid characters that can be made after a single bit flip. For example, facebook.com becomes bacebook.com, dacebook.com, faaebook.com,fabebook.com,facabook.com, etc.

Supported Platforms:

  • Linux

Requirements:

  • Ruby

Install URLCrazy

Kali Linux, Ubuntu, Debian Users:

$ sudo apt install urlcrazy

Install Ruby:

$ sudo apt-get install ruby

Clone the Gitlab repo:

$ git clone https://gitlab.com/kalilinux/packages/urlcrazy.git

To install dependencies, you can go with bundler:

$ gem install bundler

Or alternatively without it by running the following command to install gem dependencies:

$ gem install json colorize async async-dns async-http

Usage

Navigate to the working directory and run URLCrazy:

$ cd urlcrazy
$ chmod +x  urlcrazy sudo ./ urlcrazy
_______ ______ _____   ______                         
|   |   |   __ \     |_|      |.----.---.-.-----.--.--.
|   |   |      <       |   ---||   _|  _  |-- __|  |  |
|_______|___|__|_______|______||__| |___._|_____|___  |
                                                |_____|

URLCrazy version 0.7 by Andrew Horton (urbanadventurer)
http://www.morningstarsecurity.com/research/urlcrazy
 
Generate and test domain typos and variations to detect and perform 
typo squatting, URL hijacking, phishing, and corporate espionage.

Usage: ./urlcrazy [options] domain
 
Options
-k, --keyboard=LAYOUT	Options are: qwerty, azerty, qwertz, dvorak 
(default: qwerty)
-p, --popularity	Check domain popularity with Google
-r, --no-resolve	Do not resolve DNS
-i, --show-invalid	Show invalid domain names
-f, --format=TYPE	Human readable or CSV (default: human readable)
-o, --output=FILE	Output file
-h, --help		This help
-v, --version   	Print version information. This version is 0.7
Documentation Box
Download Box
hijackinglinuxOSINTPentestingPhishing