search

elceef / dnstwist

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
https://dnstwist.it
Apache License 2.0
4.73k stars 753 forks source link

RFC: "Insertion" fuzzer should also consider prepending letters #206

Closed olifre closed 5 months ago

olifre commented 8 months ago

I hit a case in which dnstwist did not catch a twisted domain since a letter was prepended to the domain by someone registering a "typo domain".

It seems the current "insertion" fuzzer never prepends. Modifying the code at: https://github.com/elceef/dnstwist/blob/f96ad84d8bc568d2f8964b77f3744e9fd31b646d/dnstwist.py#L709 to:

for i in range(0, len(self.domain)-1):

lets dnstwist detect the registered domain.

Is this limitation of the insertion fuzzer on purpose, or would it be ok to lift it? If yes (and if it helps), I can of course create a PR.

elceef commented 7 months ago

This has been changed in commit e4c92a77d353b8fde45e59b480dadde34277221c. Thank you for your contribution.

olifre commented 7 months ago

Many thanks, both for accepting this change and of course for maintaining dnstwist! I think then the issue can be closed (unless you want to keep it open until this enters a release of course).

olifre commented 5 months ago

Closing, since this is now released, thanks again! :+1: