Introduction
urlcrazy对指定域名生成typos域名及变形域名同时检测生成的域名是否能够访问。urlcrazy主要被用作用做对知名站点url劫持、钓鱼等攻击的预检查,主要目的是为了找到可用的typos域名来实施后续的钓鱼、URL劫持等非定向攻击。
Example 1
root@kali:/tmp# urlcrazy ziroom.comWhen no parameters are added, urlcrazy uses the qwerty keyboard by default to generate the typos domain name and then detect it.
typos domain name
When I enter www.baidu.com, it will be entered as: www.baudi.com because I press the wrong key. At this time, another site is visited instead of Baidu. This site may be an advertising site, a phishing site for Baidu, etc., and different sites will be accessed with different spelling mistakes. This type of domain name due to keystroke errors is the typos domain name. Typos domain names are relatively common in large and medium-sized companies. This type of domain name has the following advantages:
- Increase site traffic
- Set up a fishing site and go fishing
There are many types of typos domain names generated by urlcrazy, such as: character repetition, character exchange, etc., which can be viewed through utlcrazy -h.
keyboard : qwerty
The output of Example 1 includes the keyboard type: qwerty. When urlcrazy is working, it will generate typos domain according to different keyboard types according to the wrong keys that people often make . urlcrazy supports four types of keyboards, which are described below.
- qwerty: domestic computer keyboard, domestic smartphone default keyboard
- qwertz: German keyboard
- azerty: French keyboard
- dvorak: A keyboard invented by the Americans that puts common characters together for easy use, which is rare in China
I have only used qwerty keyboards for the above keyboards. When looking up the typos domain names of those countries through urlcrazy, you can use the -k parameter to specify the corresponding keyboard.
Example 2: Check the popularity of typos sites through google
# -p参数设置对typos域名进行Google流行度查询。为了获取流行度,需要连入外网
root@kali:/tmp # urlcrazy ziroom.com -p
The popularity statistics is the frequency ranking of different typos domain names in Google search, and the typos domain names with high ranking are more likely to be accessed, which can provide the success rate of the attack. Since I don’t have ×××, I didn’t get any information on Google’s popularity. In theory, we can also obtain Baidu popularity, but due to the existence of PPC in Baidu, the results may not be accurate. This function will be expanded in the future.
Example 3: Do not do dns query for typos domain name
# -r参数设置不做dns查询。做dns查询是为了获取域名的IP地址,目前尚不清楚有什么具体的作用,如果想要了解可以直接查看/usr/share/urlcrazy/目录下的源码
root@kali:/tmp # urlcrazy ziroom.com -r
Since the main purpose of using urlcrazy is to determine whether the typos domain name can be registered, it is necessary to query the A record of the DNS. The domain names that cannot find the corresponding IP in the DNS are generally for sale domain names, which can be purchased as soon as possible.
Example 4: Save the result to a file
# -o 参数用于指定保存结果的文件
# -f 参数用来指定数据的保存格式。urlcrazy支持两种格式:human readable 和 CSV,默认为human readable
The purpose of the function of saving the results in the file is unclear, and it is not known how to use it to make this function work.
Summarize
If you want to carry out phishing, URL hijacking and other attacks through the typos domain name, use urlcrazy, you can find a more suitable typos domain name.