The aim of the project is to identify the domain names that can be used in phishing attacks through the method of creating a similar domain name used in website-based phishing attacks, which are frequently used today.
The process of the project will include 4 different algorithms and similarity analysis as the main logic. In this process, Fuzzy will be used for similarity analysis, Hypenation for character substitution, homoglyph for hyphenation and TLD algorithm for TLD based analysis.
- Fuzzy Hash based similarity algorithm will be developed for similarity analysis,
- Hyphenation algorithm will be developed for hyphen-based analysis,
- Alphabet algorithm will be developed for Hyphenation analysis,
- Homoglyph algorithms based on alphabets:
- Turkish alphabet,
- Cyrillic alphabet,
- Swiss alphabet,
- French alphabet,
- Belgian alphabet,
- Canadian alphabet,
- Norwegian alphabet,
- Polish alphabet,
- Brazilian alphabet,
- German alphabet,
- Finnish alphabet,
- Danish alphabet,
- Liechtenstein alphabet,
- Wallis and Futuna alphabet,
- Saint Pierre and Miquelon alphabet.
- Glyph Homoglyph algorithm to be developed:
- Glyph Unicode,
- Glyph ASCII.
- Keyboard-based Homoglyph algorithms:
- Qwerty,
- Qwertz,
- Azerty.
- Homoglyph algorithms based on alphabets:
- Clone the project repository or download the zip file:
git clone https://github.com/eyupergin/hookhunter.git- Install the required Python packages by running the following command:
pip3 install -r requirements.txtHuntRthys is used via a command-line interface. Below are examples of basic usage.
- List arguments:
python3 main.pyHookHunter Phishing and Impersonating Domain Scanner tool visualizes the scanning results in a tabular format and prints them to the console. Additionally, you can choose to save the results to a JSON file. (Soon)
Here is an example output of the results:
$ python3 run.py
______ __ ______ ______ __ _____ | Version: v1.0
___ / / /______________ /____ / / /___ __________ /_____________ | Developed by Eyup Sukru ERGIN
__ /_/ /_ __ \ __ \_ //_/_ /_/ /_ / / /_ __ \ __/ _ \_ ___/ | --------------------------------------
_ __ / / /_/ / /_/ / ,< _ __ / / /_/ /_ / / / /_ / __/ / | https://ergin.dev
/_/ /_/ \____/\____//_/|_| /_/ /_/ \__,_/ /_/ /_/\__/ \___//_/ | https://github.com/eyupergin/hookhunter
Advanced Domain Based Phishing and Impersonating Domain Detection Tool
[INFO] Please enter domain: google.com
Processing: 100%|███████████████████████████████████████████| 556/556 [21:47<00:00, 2.35s/ domains]
# SC BASE DOMAIN IMPERSONATING DOMAIN SIMILARITY HTTP STATUS IP ADDRESS ABUSE E-MAIL
--- ---- ------------- ---------------------- ------------ ------------- --------------- --------------------------------------
1 CA google.com agoogle.com 95 200 198.251.81.30 abuse@namesilo.com
2 CA google.com bgoogle.com 95 200 209.141.38.71 abuse@namesilo.com
3 CA google.com cgoogle.com 95 200 199.59.243.225 abuse@dynadot.com
4 CA google.com dgoogle.com 95 ERR N/A abusecomplaints@markmonitor.com
5 CA google.com egoogle.com 95 ERR 82.192.82.226 abuse@metaregistrar.com
6 CA google.com fgoogle.com 95 ERR 127.0.0.10 abuse@pananames.com
7 CA google.com ggoogle.com 95 404 216.58.212.36 abusecomplaints@markmonitor.com
8 CA google.com hgoogle.com 95 200 198.251.81.30 abuse@namesilo.com
9 CA google.com igoogle.com 95 200 142.251.140.4 abusecomplaints@markmonitor.com
10 CA google.com jgoogle.com 95 ERR N/A abusecomplaints@markmonitor.com
11 CA google.com kgoogle.com 95 200 74.208.236.137 abuse@ionos.com
12 CA google.com lgoogle.com 95 ERR N/A abusecomplaints@markmonitor.com
13 CA google.com mgoogle.com 95 ERR N/A abusecomplaints@markmonitor.com
14 CA google.com ngoogle.com 95 ERR N/A abusecomplaints@markmonitor.com
15 CA google.com ogoogle.com 95 ERR N/A abusecomplaints@markmonitor.com
16 CA google.com pgoogle.com 95 436 103.224.182.251 abuse@above.com
17 CA google.com qgoogle.com 95 ERR 66.28.214.11
18 CA google.com rgoogle.com 95 ERR 47.254.33.193 abuse@ename.com
19 CA google.com sgoogle.com 95 ERR N/A abusecomplaints@markmonitor.com
20 CA google.com tgoogle.com 95 200 198.251.81.30 abuse@namesilo.com
21 CA google.com ugoogle.com 95 404 185.230.63.186 abuse@godaddy.com
22 CA google.com vgoogle.com 95 ERR 47.254.33.193 abuse@ename.com
23 CA google.com wgoogle.com 95 ERR N/A abusecomplaints@markmonitor.com
24 CA google.com xgoogle.com 95 ERR N/A abusecomplaints@markmonitor.com
This project is licensed under the MIT License. See the LICENSE file for more details.
Repo Update Date: 09-01-2024
If you would like to contribute to this project, please open an issue or submit a pull request. Any contributions and suggestions are welcome!