URLCrazy Domain Name Hijacking tool
September 20, 2011 in General
URLCrazy is a domain name typo generator that helps to hijack domains to spread maleware or any other malicious thing you can think of. URLCrazy generates 13 types of typos, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo. It also supports bit flipped domains. Urlcrazy is written in Ruby.
You can download it here:urlcrazy-0.4.tar
These typos are created by leaving out a letter of the domain name, one letter at a time. For example, www.goole.com and www.gogle.com
These typos are created by repeating a letter of the domain name. For example, www.ggoogle.com and www.gooogle.com
Adjacent Character Swap
These typos are created by swapping the order of adjacent letters in the domain name. For example, www.googel.com and www.ogogle.com
Adjacent Character Replacement
These typos are created by replacing each letter of the domain name with letters to the immediate left and right on the keyboard. For example, www.googke.com and www.goohle.com
Adjacent Character Insertion
These typos are created by inserting letters to the immediate left and right on the keyboard of each letter. For example, www.googhle.com and www.goopgle.com
These typos are created by omitting a dot from the domainname. For example, wwwgoogle.com and www.googlecom
These typos are created by omitting a dash from the domainname. For example, www.domain-name.com becomes www.domainname.com
Singular or Pluralise
These typos are created by making a singular domain plural and vice versa. For example, www.google.com becomes www.googles.com and www.games.co.nz becomes www.game.co.nz
Over 8000 common misspellings from Wikipedia. For example, www.youtube.com becomes www.youtub.com and www.abseil.com becomes www.absail.com
Swap vowels within the domain name except for the first letter. For example, www.google.com becomes www.gaagle.com.
Over 450 sets of words that sound the same when spoken. For example, www.base.com becomes www.bass.com.
Wrong Top Level Domain
For example, www.trademe.co.nz becomes www.trademe.co.nz and www.google.com becomes www.google.org
Uses the 19 most common top level domains.
Wrong Second Level Domain
Uses an alternate, valid second level domain for the top level domain.
For example, www.trademe.co.nz becomes www.trademe.ac.nz and www.trademe.iwi.nz
Supported Keyboard Layouts
Keyboard layouts supported are:
Is the domain valid?
UrlCrazy has a database of valid top level and second level domains. This information has been compiled from Wikipedia and domain registrars. We know whether a domain is valid by checking if it matches toplevel and second level domains. For example, www.trademe.co.bz is a valid domain in Belize which allows any second level domain registrations but www.trademe.xo.nz isn’t because xo.nz isn’t an allowed second level domain in New Zealand.
We can estimate the relative popularity of a typo by measuring how often that typo appears on webpages. Querying goole.com for the number of search results for a typo gives us a indication of how popular a typo is.
The drawback of this approach is that you need to manually identify and omit legitimate domains such as googles.com
For example, consider the following typos for google.com.
An IP address for a typo domainname indicates it is in use.
Tip: An IP repeating for multiple typos or IPs in a close range shows common ownership. For example, gogle.com, gogole.com and googel.com all resolve to 18.104.22.168 which is owned by Google.
Country Code Database
2nd level domains here:
Strider is tool with similar aims and is produced by Microsoft http://research.microsoft.com/csm/strider/
UrlCrazy requires ruby. If you are using Ubuntu or Debian try:
$ sudo apt-get install ruby.
Authored by Andrew Horton (urbanadventurer). Andrew is a security consultant for Security-Assessment.com