Lead Image © tobkatrina, 123RF.com
Detecting phishing domains with dnstwist
Trappers
A User's browser can be redirected to a domain name other than the one they intended in many ways. For example, URLs with mixed up letters or with similar names have proven to be an effective means of detouring a request.
Anyone responsible for the operation and maintenance of a company website is probably familiar with complaints and emergency calls from users saying that a website cannot be reached. Often users have simply made a typing error, which only becomes a problem if the incorrect address takes them to a page that actually harms the user's computer (e.g., by installing malware).
Things get even worse if, for example, customers arrive at what they think is the company's website, when it is in fact a malicious copy that, at best, only confuses the user or, in the worst case, installs malware or causes financial damage. Therefore, it makes sense for IT staff responsible for the company website to search for domains with similar names, check to see whether those domains distribute dangerous content, and warn users about them.
Automatic Name Finding
Although you could try out different domain name combinations by hand, this method is not only inconvenient, but also time-consuming and error-prone. Such a task can and should be automated. Marcin Ulikowski, who works as a security consultant at Sony, developed a Python script more than two years ago that handles this work very quickly and reliably. He explains on his website that a user who wants to check all variants of "google.com" manually would need more than 300,000 queries and that this number would then increase to more than 5 million queries for "facebook.com" – which is one good reason for assigning this task to Ulikowski's Python script dnstwist [1].
This script works quite simply: You pass in a domain name. The script then uses
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Automate Active Directory management with the Python PyAD library
Windows admins can use the Python PyAD library to automate Active Directory configuration and management. Deployment on a Windows server is a snap and paves the way for delegating tedious routine tasks to Python scripts. -
Web-based reconnaissance
The recon-ng web reconnaissance framework is an important tool in penetration testing. -
Targeted attacks on companies
Watering hole and spear phishing targeted attacks offer the greatest rewards to cybercriminals. Here's how to protect your company from these types of attacks. -
Test your system to help fight phishing attacks
The Gophish phishing framework lets you set up your own phishing campaigns to identify vulnerabilities and make users aware of these dangers. -
What's new in Samba 4
In December 2012, the open source world received the first, and very long awaited, release of the Samba 4.x series.