The aim of the project is to identify the domain names that can be used in phishing attacks through the method of creating a similar domain name used in website-based phishing attacks, which are frequently used today.
The process of the project will include 4 different algorithms and similarity analysis as the main logic. In this process, Fuzzy will be used for similarity analysis, Hypenation for character substitution, homoglyph for hyphenation and TLD algorithm for TLD based analysis.
- Fuzzy Hash based similarity algorithm will be developed for similarity analysis,
- Hyphenation algorithm will be developed for hyphen-based analysis,
- Alphabet algorithm will be developed for Hyphenation analysis,
- Homoglyph algorithms based on alphabets:
- Turkish alphabet,
- Cyrillic alphabet,
- Swiss alphabet,
- French alphabet,
- Belgian alphabet,
- Canadian alphabet,
- Norwegian alphabet,
- Polish alphabet,
- Brazilian alphabet,
- German alphabet,
- Finnish alphabet,
- Danish alphabet,
- Liechtenstein alphabet,
- Wallis and Futuna alphabet,
- Saint Pierre and Miquelon alphabet.
- Glyph Homoglyph algorithm to be developed:
- Glyph Unicode,
- Glyph ASCII.
- Keyboard-based Homoglyph algorithms:
- Qwerty,
- Qwertz,
- Azerty.
- Homoglyph algorithms based on alphabets:
- Clone the project repository or download the zip file:
git clone https://github.com/eyupergin/hookhunter.git- Install the required Python packages by running the following command:
pip3 install -r requirements.txtHuntRthys is used via a command-line interface. Below are examples of basic usage.
- List arguments:
python3 main.pyHookHunter Phishing and Impersonating Domain Scanner tool visualizes the scanning results in a tabular format and prints them to the console. Additionally, you can choose to save the results to a JSON file. (Soon)
Here is an example output of the results:
$ python3 run.py
______ __ ______ ______ __ _____ | Version: v1.0
___ / / /______________ /____ / / /___ __________ /_____________ | Developed by Eyup Sukru ERGIN
__ /_/ /_ __ \ __ \_ //_/_ /_/ /_ / / /_ __ \ __/ _ \_ ___/ | --------------------------------------
_ __ / / /_/ / /_/ / ,< _ __ / / /_/ /_ / / / /_ / __/ / | https://ergin.dev
/_/ /_/ \____/\____//_/|_| /_/ /_/ \__,_/ /_/ /_/\__/ \___//_/ | https://github.com/eyupergin/hookhunter
Advanced Domain Based Phishing and Impersonating Domain Detection Tool
[INFO] Please enter domain: google.com
Processing: 100%|███████████████████████████████████████████| 556/556 [21:47<00:00, 2.35s/ domains]
# SC BASE DOMAIN IMPERSONATING DOMAIN SIMILARITY HTTP STATUS IP ADDRESS ABUSE E-MAIL
--- ---- ------------- ---------------------- ------------ ------------- --------------- --------------------------------------
1 CA google.com agoogle.com 95 200 198.251.81.30 [email protected]
2 CA google.com bgoogle.com 95 200 209.141.38.71 [email protected]
3 CA google.com cgoogle.com 95 200 199.59.243.225 [email protected]
4 CA google.com dgoogle.com 95 ERR N/A [email protected]
5 CA google.com egoogle.com 95 ERR 82.192.82.226 [email protected]
6 CA google.com fgoogle.com 95 ERR 127.0.0.10 [email protected]
7 CA google.com ggoogle.com 95 404 216.58.212.36 [email protected]
8 CA google.com hgoogle.com 95 200 198.251.81.30 [email protected]
9 CA google.com igoogle.com 95 200 142.251.140.4 [email protected]
10 CA google.com jgoogle.com 95 ERR N/A [email protected]
11 CA google.com kgoogle.com 95 200 74.208.236.137 [email protected]
12 CA google.com lgoogle.com 95 ERR N/A [email protected]
13 CA google.com mgoogle.com 95 ERR N/A [email protected]
14 CA google.com ngoogle.com 95 ERR N/A [email protected]
15 CA google.com ogoogle.com 95 ERR N/A [email protected]
16 CA google.com pgoogle.com 95 436 103.224.182.251 [email protected]
17 CA google.com qgoogle.com 95 ERR 66.28.214.11
18 CA google.com rgoogle.com 95 ERR 47.254.33.193 [email protected]
19 CA google.com sgoogle.com 95 ERR N/A [email protected]
20 CA google.com tgoogle.com 95 200 198.251.81.30 [email protected]
21 CA google.com ugoogle.com 95 404 185.230.63.186 [email protected]
22 CA google.com vgoogle.com 95 ERR 47.254.33.193 [email protected]
23 CA google.com wgoogle.com 95 ERR N/A [email protected]
24 CA google.com xgoogle.com 95 ERR N/A [email protected]
This project is licensed under the MIT License. See the LICENSE file for more details.
Repo Update Date: 09-01-2024
If you would like to contribute to this project, please open an issue or submit a pull request. Any contributions and suggestions are welcome!