URLCrazy is an OSINT tool to generate and test domain typos or variations to detect or perform typo squatting, URL hijacking, phishing, and corporate espionage.
Use Cases
Features
Installation
If you are using Kali Linux, Ubuntu or Debian use:
$ sudo apt install urlcrazy
Visit https://github.com/urbanadventurer/urlcrazy/releases
Be aware the latest development version may not be stable.
$ git clone https://github.com/urbanadventurer/urlcrazy.git
URLCrazy has been tested with Ruby versions 2.4 and 2.6.
If you are using Ubuntu or Debian use:
$ sudo apt install ruby
Bundler provides dependecy management for Ruby projects
$ gem install bundler
$ bundle install
Alternatively, if you don’t want to install bundler, the following command will install the gem dependencies.
$ gem install json colorize async async-dns async-http
Also Read – DroidFiles : Get Files From Android Directories
Usage
With default options, URLCrazy will check over 2000 typo variants for google.com.
$ urlcrazy google.com
$ urlcrazy -p domain.com
Usage: ./urlcrazy [options] domain
Options
-k, –keyboard=LAYOUT Options are: qwerty, azerty, qwertz, dvorak (default: qwerty)
-p, –popularity Check domain popularity with Google
-r, –no-resolve Do not resolve DNS
-i, –show-invalid Show invalid domain names
-f, –format=TYPE Human readable or CSV (default: human readable)
-o, –output=FILE Output file
-n, –nocolor Disable colour
-h, –help This help
-v, –version Print version information. This version is 0.7
Types of Domain Variations Supported
Supported Keyboard Layouts
Keyboard layouts supported are:
Is the domain valid?
URLCrazy has a database of valid top level and second level domains. This information has been compiled from Wikipedia and domain registrars. We know whether a domain is valid by checking if it matches top level and second level domains. For example, www.trademe.co.bz is a valid domain in Belize which allows any second level domain registrations but www.trademe.xo.nz isn’t because xo.nz isn’t an allowed second level domain in New Zealand.
Popularity Estimate
URLCrazy pioneered the technique of estimating the relative popularity of a typo from search engine results data. By measuring how many times a typo appears in webpages, we can estimate how popular that typo will be made when users type in a URL.
The inherent limitation of this technique, is that a typo for one domain, can be a legitimate domain in its own right. For example, googles.com is a typo of google.com but it also a legitimate domain.
For example, consider the following typos for google.com.
Count. | Typo |
---|---|
25424 | gogle.com |
24031 | googel.com |
22490 | gooogle.com |
19172 | googles.com |
19148 | goole.com |
18855 | googl.com |
17842 | ggoogle.com |
Known Issues
If DNS resolution fails under Macos it could be due to the small default file descriptor limit.
To display the current file descriptor limit use:
$ ulimit -a
To increase the file descriptor limit use:
$ ulimit -n 10000
URLCrazy Appearances
PTES Technical Guidelines
Penetration Testing Execution Standard (PTES) is a standard designed to provide a common language and scope for performing penetration testing (i.e. Security evaluations). URLCrazy is included in the Tools Required section.
http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines
Network Security Toolkit
Network Security Toolkit is a bootable Linux distribution designed to provide easy access to best-of-breed Open Source Network Security Applications. https://www.networksecuritytoolkit.org/
See Also
URLCrazy was first published in 2009, and for many years was the most advanced opensource tool for studying typosquatting. Since then multiple other tools have been developed by the infosec community.
DNSTwist
DNSTwist is developed by Marcin Ulikowski and first published in 2015. DNSTwist had a significant feature overlap with URLCrazy at the time, and introduced many new features.
Language: Python
https://github.com/elceef/dnstwist
URLInsane
URLInsane was developed by Rangertaha in 2018 and claims to match the features of URLCrazy and DNSTwist.
Language: Go
https://github.com/cybint/urlinsane
DomainFuzz
DomainFuzz was developed by monkeym4sterin 2017. Language: Node.JS
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…