Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Ditto is a small tool that accepts a domain name as input and generates all its variants for an homograph attack as output, checking which ones are available and which are already registered.

PoC domains

Using with Docker

The image on docker hub is updated on every push, you can just:

docker run evilsocket/ditto -h

Compiling from sources

Compiling from sources requires the go compiler, this will install the binary in $GOPATH/bin:

# make sure go modules are used
GO111MODULE=on go get


To only transform a string:

ditto -string google

For a domain:

ditto -domain

Use more concurrent workers to increase speed (WARNING: might cause a temporary IP ban from the WHOIS servers):

ditto -workers 4 -domain

If instead of mutating the domain name you want to check other TLDs (throttle is set to 1s in order to avoid being blocked by WHOIS servers due to the many requests in a short timeframe):

ditto -domain -tld -throttle 1000 -limit 100

Only show available domains:

ditto -domain -available

Only show registered domains:

ditto -domain -registered

Only show registered domains that resolve to an IP:

ditto -domain -live

Show WHOIS information:

ditto -domain -live -whois

Save to CSV file with extended WHOIS information:

ditto -domain -whois -csv output.csv

Keep running and monitoring for changes every hour:

ditto -domain -monitor 1h

The same but also keep and store the changes as JSON files:

ditto -domain -monitor 1h -changes /some/path -keep-changes

Execute a command if changes have been detected (see example in this repo, automatically added to the docker image):

    ditto -domain \
          -monitor 1h \
          -trigger "/usr/bin/ {{.Domain}} {{.ChangesFile}}"

For more options:

ditto -help


Released under the GPL3 license.


A tool for IDN homograph attacks and detection.




No releases published


No packages published