In this short blog, I share 3 papers and 7 tools that focus on detecting cyber squatting domains (including typosquating, homograph, combosquatting, etc.).
- Detection of Cybersquatted Domains (Master’s Thesis) by Patrick Frischknecht
- Hiding in plain sight: A longitudinal study of combosquatting abuse
- Seven months’ worth of mistakes: A longitudinal study of typosquatting abuse
Tools for generating cybersquatting domains (for use in detection)
- https://github.com/elceef/dnstwist
- https://github.com/atenreiro/opensquat
- http://www.morningstarsecurity.com/research/urlcrazy
- https://github.com/phar/eyephish
- https://github.com/SquatPhish/2-Distributed-Crawler
- https://github.com/SquatPhish/3-Phish-Page-Detection
- https://github.com/SquatPhish/4-Evasion-Obfuscation-Analysis
Lots of other tools/libraries now exist if you need an implementation in a different language. See these github tags for lots more tools: typosquatting, homoglyph, and homograph-attack.
Lastly, if you’re interested in discovering more interesting papers like these, use the method I outlined here.
— Jason
The “short links” format was inspired by O’Reilly’s Four Short Links series.
