search

elceef / dnstwist

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
https://dnstwist.it
Apache License 2.0
4.85k stars 767 forks source link

Feature request: Typos connected to subdomains #146

Closed Lionade closed 2 years ago

Lionade commented 2 years ago

The company I work for has an web application that is accessed by tens/hundreds of clients over a subdomain (e.g. spec.nonsense.com). Out of curiosity I registered the domain specnonsene.com (without a dot), cloned our web app and logged the access to it. I was suprised that there were a hand full of users that tried to log in to the website with their credentials in a short period of time. Another example that also comes to mind is a hyphen instead of a dot (spec-nonsense.com). Especially since a dot and hyphen are directly next to each other at some keyboards.

So I would argue that it makes sense to also check for things like that when going through registered domain names. If you agree, I would be glad if that could be implemented.

elceef commented 2 years ago

Thanks for this suggestion. It has been implemented.

$ ./dnstwist.py -f list spec.nonsense.com |egrep spec.nonsense\.com
spec.nonsense.com
spec-nonsense.com

it makes sense to also check for things like that when going through registered domain names

I don't get this, could you please explain?

Lionade commented 2 years ago

Not of if importance. With "checking for things like that" I just meant that it makes sense to also include URLs with missing dots or hyphens. Thanks for adding this that quickly!