- Author
- CIRCL
- Repository
- {Github]/ail-project/ail-typo-website
ail-typo-website
Website for ail-typo-squatting library. This website is strongly inspired by dnstwist website.
Requirements
How to run
The main script to run is Flask_server.py
, but you might start with:
- Fill
conf/conf.cfg
- If you want to have some misp-warninglists
- run
external_script/warning_list/generate_warning_list.py
- run
Choice of algorithm
In the Advanced
option, it’s possible to choose algorithms to generate variations from a domain name.
There’s 20 algorithms which can be chosen. List can be found here.
Download results
After a search, the list of variations can be download to be reused, and also the result can be download to Json format.
Misp feed-json
After a search, under the download
button, it’ll be possible to download a Misp event at Json format or go to the page of misp-feed.
Share
It’s possible to share the session by copied the url given by the share
button who will spawn at the end of a search.
Notice: a session is keep for 1h at the moment
Session db
When a search is done, results are store into a redis db in order to be able to share a session or to be faster the second time a domain is search.
session_uuid
:url
: domainresult_list
: all the result of dns query (Will be remove)variations_list
: list of variations (Useful for status)stopped
: boolean to know if the session was stopped (Useful in case someone else search for the same domain)md5url
: md5sum of the domainrequest_algo
: list of algo used for the search (Useful to return only result of the session)
- md5 of the domain: used to know if the domain was already searched
md5_of_domain:algo
: list of the result for a given algo (Used in case different people search for the same domain with different algo)event_manifest:session_uuid
: manifest of eventevent_hashes:session_uuid
: hashes of eventevent_json:session_uuid
: json of event
API
This will work only if Flask_api.py
is running.
First, you need to get your sid passing the address you want to analyse:
curl http://localhost:7006/scan/<url>
Second, result from dns check can be obtain using:
curl http://localhost:7006/domains/<sid>
Parameters
By passing parameters to the request, it’s possible to choose algorithms to run.
curl "http://localhost:7006/scan/url?charom&add"
runAll
addDash
addTld
addition
changeDotDash
changeOrder
commonMisspelling
doubleReplacement
homoglyph
homophones
missingDot
omission
repetition
replacement
singularPluralize
stripDash
vowelSwap
wrongTld
Output
[
{"circl.lu":{"A":["185.194.93.14"],"AAAA":["2a00:5980:93::14"],"MX":["10 cppy.circl.lu."],"NS":["ns3.eurodns.com.",...],"NotExist":false,"geoip":"Luxembourg"}}, ...
{"complete":1535,"id":"3322fa4f-52a0-43cb-a057-22bc07bdde01","registered":2,"remaining":4372,"total":5907}
]
The status of the current scan can be found at the end of the json output with :
complete
: Number of variations check
id
: id of the current scan
registered
: Number of variations which can be accessible with dns
remaining
: Number of variations to check to finish the scan
total
: Number of variations generated