Detect domain name typosquatting attack


In this post we will see different technique on how can we detect a similar looking domain, phishing attack using that domain. We will see offline and online methods to detect these attacks.

What is typosquatting
When ever you search for a domain and sometime you mistype a domain suddenly then what you get with a similar looking domain is a phishing domain this is called typosquatting and this technique could be used to hack or phish you by providing fake and similar looking domain.And this is what we are going to look on how can we detect these similar looking domain and block them.

Spotting the similar looking domains

STEP 1. Open your terminal and type git clone https://github.com/elceef/dnstwist.git && cd dnstwist



STEP 2. Now install the dependencies , in the dnstwist folder type apt-get install libgeoip-dev libffi-dev



STEP 3. Now type BUILD_LIB=1 pip install -r requirements.txt  


STEP 4. Now we will look for only those domain which are registered and alive so type dnstwist.py --registered yourdomain.com this will look for all those similar looking domain which are registered. It may take a while to give you results. 


and after waiting some time we got the result


We can see above the domain has been registered by using Bitsquating method which is registering a domain name by making one bit different of original domain.


Above pic show us that the domain name has been registered using Insertion method , simply say it is a method in which attacker register the domain by adding an extra letter in the domain name.


Above pic show us that the domain has been registered using similar looking character , this type of attack can be done using Unicode character .

Alternate Method 
You can also check your domain for typosquatting attack using dnstwister just enter your domain name and you will get something like below. 


Final Words 

So by using any of these methods we can detect typosquatting attack , but still there are lot of new technique and tools are coming day to day so be extra careful by typing a domain name and always look the domain name carefully before visiting it.


Comments

Popular posts from this blog

USB forensic : Find the history of every connected USB device on your computer

Crawling pastebin to find specific pastedump

Hack WinRAR password by using Brute force attack

Fileless malware Analysis with Cuckoo sandbox

Web application penetration testing: Tools and Techniques for web security auditing