Skip to content

Commit

Permalink
Capped at 1000 initial homoglyph results to manage time complexity
Browse files Browse the repository at this point in the history
  • Loading branch information
@thisismyrobot
thisismyrobot committed Dec 2, 2018
1 parent b02cf5b commit da6fc6f
Show file tree
Hide file tree
Showing 3 changed files with 107 additions and 100 deletions.
5 changes: 5 additions & 0 deletions dnstwister/dnstwist/dnstwist.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -212,6 +212,11 @@ def __homoglyph(self):
win = win.replace(c, g)
result.add(self.domain[:i] + win + self.domain[i+ws:])
win = win_copy

# Very long domains have terrible complexity when
# ran through this algorithm.
if len(result) >= 1000:
return result
j += 1

return result
Expand Down
196 changes: 98 additions & 98 deletions tests/test_dnstwist.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,104 @@
import dnstwister.dnstwist.dnstwist as dnstwist


def test_small_domain_stats():
"""Test of the size of the results for a simple domain."""
fuzzer = dnstwist.fuzz_domain('abc.com')
fuzzer.fuzz()

assert breakdown(fuzzer.domains) == {
'Addition': 26,
'Bitsquatting': 13,
'Homoglyph': 27,
'Hyphenation': 2,
'Insertion': 8,
'Omission': 3,
'Original*': 1,
'Repetition': 2,
'Replacement': 14,
'Subdomain': 2,
'Transposition': 2,
'Various': 4,
'Vowel swap': 2
}


def test_medium_domain_stats():
"""Test of the size of the results for a medium-length domain."""
fuzzer = dnstwist.fuzz_domain('example.com')
fuzzer.fuzz()

assert breakdown(fuzzer.domains) == {
'Addition': 26,
'Bitsquatting': 33,
'Homoglyph': 59,
'Hyphenation': 6,
'Insertion': 43,
'Omission': 7,
'Original*': 1,
'Repetition': 3,
'Replacement': 30,
'Subdomain': 6,
'Transposition': 6,
'Various': 4,
'Vowel swap': 6
}


def test_medium_domain_with_subdomain_stats():
"""Test of the size of the results for a medium-length domain."""
fuzzer = dnstwist.fuzz_domain('www.example.com')
fuzzer.fuzz()

assert breakdown(fuzzer.domains) == {
'Addition': 26,
'Bitsquatting': 49,
'Homoglyph': 96,
'Hyphenation': 8,
'Insertion': 75,
'Omission': 10,
'Original*': 1,
'Repetition': 4,
'Replacement': 48,
'Subdomain': 8,
'Transposition': 8,
'Various': 1,
'Vowel swap': 6
}


def test_crawler_massive_domain():
"""Test of the size of the results for a crawler monster domain."""
fuzzer = dnstwist.fuzz_domain(
'zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.zzzzzzzzzzzzzzzzzzzzzzzzzppieo.com'
)
fuzzer.fuzz()

assert breakdown(fuzzer.domains) == {
'Addition': 26,
'Bitsquatting': 288,
'Homoglyph': 252,
'Hyphenation': 29,
'Insertion': 375,
'Omission': 7,
'Original*': 1,
'Repetition': 4,
'Replacement': 1077,
'Subdomain': 91,
'Transposition': 5,
'Various': 1,
'Vowel swap': 6
}


def breakdown(result):
return dict(
[(f, len([d for d in result if d['fuzzer'] == f]))
for f
in set([d['fuzzer'] for d in result])]
)


def test_unicode_fuzzing():
"""Test can fuzz and generate unicode."""
unicode_domain = 'xn--domain.com'.decode('idna')
Expand Down Expand Up @@ -416,101 +514,3 @@ def test_basic_fuzz():
{'domain-name': 'www.exumple.com', 'fuzzer': 'Vowel swap'},
{'domain-name': 'www.examplecom.com', 'fuzzer': 'Various'}
]


def test_small_domain_stats():
"""Test of the size of the results for a simple domain."""
fuzzer = dnstwist.fuzz_domain('abc.com')
fuzzer.fuzz()

assert breakdown(fuzzer.domains) == {
'Addition': 26,
'Bitsquatting': 13,
'Homoglyph': 27,
'Hyphenation': 2,
'Insertion': 8,
'Omission': 3,
'Original*': 1,
'Repetition': 2,
'Replacement': 14,
'Subdomain': 2,
'Transposition': 2,
'Various': 4,
'Vowel swap': 2
}


def test_medium_domain_stats():
"""Test of the size of the results for a medium-length domain."""
fuzzer = dnstwist.fuzz_domain('example.com')
fuzzer.fuzz()

assert breakdown(fuzzer.domains) == {
'Addition': 26,
'Bitsquatting': 33,
'Homoglyph': 59,
'Hyphenation': 6,
'Insertion': 43,
'Omission': 7,
'Original*': 1,
'Repetition': 3,
'Replacement': 30,
'Subdomain': 6,
'Transposition': 6,
'Various': 4,
'Vowel swap': 6
}


def test_medium_domain_with_subdomain_stats():
"""Test of the size of the results for a medium-length domain."""
fuzzer = dnstwist.fuzz_domain('www.example.com')
fuzzer.fuzz()

assert breakdown(fuzzer.domains) == {
'Addition': 26,
'Bitsquatting': 49,
'Homoglyph': 96,
'Hyphenation': 8,
'Insertion': 75,
'Omission': 10,
'Original*': 1,
'Repetition': 4,
'Replacement': 48,
'Subdomain': 8,
'Transposition': 8,
'Various': 1,
'Vowel swap': 6
}


def test_crawler_massive_domain():
"""Test of the size of the results for a crawler monster domain."""
fuzzer = dnstwist.fuzz_domain(
'zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.zzzzzzzzzzzzzzzzzzzzzzzzzppieo.com'
)
fuzzer.fuzz()

assert breakdown(fuzzer.domains) == {
'Addition': 26,
'Bitsquatting': 288,
'Homoglyph': 1353,
'Hyphenation': 29,
'Insertion': 375,
'Omission': 7,
'Original*': 1,
'Repetition': 4,
'Replacement': 1077,
'Subdomain': 91,
'Transposition': 5,
'Various': 1,
'Vowel swap': 6
}


def breakdown(result):
return dict(
[(f, len([d for d in result if d['fuzzer'] == f]))
for f
in set([d['fuzzer'] for d in result])]
)
6 changes: 4 additions & 2 deletions tests/test_slow_requests.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
import dnstwister.tools


def test2():
def test_large_domain_is_reasonable_in_performance():
"""Looooong domain names highlighted that the idna decoding is slooooow.
This is a basic benchmark for performance, based on a bot's behaviour
Expand All @@ -17,4 +17,6 @@ def test2():

duration = (datetime.datetime.now() - start).total_seconds()

assert duration < 7, 'duration too long: {} secs'.format(duration)
assert duration < 0.5, 'duration too long: {} secs'.format(duration)

print 'Long domain name fuzzed in: {} seconds'.format(duration)

0 comments on commit da6fc6f

Please sign in to comment.