9 releases
| 0.3.0 | Jan 13, 2021 |
|---|---|
| 0.2.4 | Dec 4, 2019 |
| 0.2.2 | Jul 3, 2018 |
| 0.2.1 | Jun 20, 2018 |
| 0.1.3 | Apr 18, 2018 |
#5 in #idna
18KB
393 lines
Nettfiske
Uses certstream SSL certificates live stream to identify possible phishing domain names. It is inspired by Phishing Catcher.
Usage
cargo run --release sample.json
Example
[Nettfiske] Fetching Certificates ...
Homoglyph detected youtuḅe.com (Punycode: xn--youtue-tg7b.com)
Homoglyph detected youtuḅe.com (Punycode: xn--youtue-tg7b.com)
Homoglyph detected whatsapp.com (Punycode: xn--hatsapp-h41c.com)
Homoglyph detected whatsapp.com (Punycode: xn--hatsapp-h41c.com)
Homoglyph detected twiṫter.com (Punycode: xn--twiter-507b.com)
Homoglyph detected twiṫter.com (Punycode: xn--twiter-507b.com)
Suspicious paypal.com-secure.warn-allmail.com (score 72)
Suspicious applêid.àpplê.com.iosets.com (score 65) (Punycode: xn--applid-lva.xn--ppl-8ka7c.com.iosets.com)
Suspicious facebook.com-verified-id939819835.com (score 69)
Suspicious appleid.apple.com.invoice-qwery.gq (score 75)
Suspicious instagramaccountverifica.altervista.org (score 69)
Use Cases
Attempt to detect the use of Punycode and Homoglyph Attacks to obfuscate Domains. The homograph protection mechanism in Chrome, Firefox, and Opera may fail when some characters are replaced with a similar character from a foreign language.
Example:
- microsoft.com⁄index.html.irongeek.com
- microsoft.xn--comindex-g03d.html.irongeek.com
The slash symbol in the first url is not really a slash symbol at all. Also adding a SSL certificate can take few minutes and the user can feel safer with the locker next to domain.
Example, try to open the domain https://www.xn--80ak6aa92e.com/ on Firefox.
Dependencies
~8MB
~157K SLoC