Tools and materials that have been used by our team during cybersquatting research
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
majestic_million
moz500
pics
LICENSE
README.md
bigresults.csv
count_domains.py Initial commit. May 21, 2018
count_squats.py Initial commit. May 21, 2018
majestic_million.csv
moz500.txt
otherlinks.txt
otherlinksresults.csv
research.py
scraper.py
top500.domains.02.18.csv Initial commit. May 21, 2018
virustotalscanner.py
vtresults.txt
vturldataset.txt Initial commit. May 21, 2018

README.md

Kromtech Security Center Cybersquatting Research materials

This is a set of custom scripts written and used to conduct research.

Here is the main flow:

  1. Run research.py

It takes moz500 list of popular domains and first 10000 of majestic million list. It generates to folders for each of the lists and for each domain it generates a file in a corresponding folder with results from a tool called dnstwist in json format.

  1. Run count_squats.py

This script will generate bigresults.csv with all results for domains in moz500 list with final links it got redirected to, verdict(if it's legitimate, down or potentially malicious), the reason why it gave that verdict, fuzzer name and ssdeep site similarity score from dnstwist results.

  1. Then we put all "Potentially malicious" links from bigresults.csv to vturldataset.txt and ran virustotalscanner.py

You'll need to supply your own Virus Total API key in order for the script to work. The script will generate vtresults.txt with url scanned and number of positives in csv format.

  1. Run scraper.py

The script will scrape all links in otherlinks.txt, count forms, mentions of original domains in body of the site, urls to download files and interesting ones (like exe, sh, etc.) separately. The results will be stored in otherlinksresults.csv in csv format.