Day by day computers and system are getting stronger. Directly broke into a system is getting harder for cyber criminals. So they are trying to play with our minds, a good example can be the Twitter got compromised due to spear phishing attack some months ago. Phishing and other Social Engineering techniques are growing heavily. So as an security researcher it's our responsibility to aware normal people. Still many people are don't care of these things.
In today's article we are going to learn about a tool which can find variants of domain names. Sometimes cyber criminals registers the same looking domain names of a legit website and use the almost same looking domain for phishing. To find these kind of domain variants we are going to use a tool named URLCRAZY.
URLCRAZY is an OSINT tool that generates and tests domain name typos or variations to detect or perform typo squatting, phishing, URL hijacking, corporate spying etc. We can use URLCRAZY to know more about similar looking domains.
Installing URLCRAZY on Kali Linux
URLCRAZY comes pre-installed with Kali Linux full version. We can search for it on our application menu, it it is not there we can install it by using following command:
After the installation process is successful we can see the help options of URLCRAZY by applying following command:
The output of the above command shown in the following screenshot:
Using URLCRAZY on Kali Linux
Now we use this URLCRAZY tool for finding domain names variants. For an example we want to know about the similar domain of KuCoin. We can use following command to do so:
In the following screenshot we can see the output of applied command:
We can see there are lots of domain variants of KuCoin. We can filter these domains by popularity on Google search engine. To Do so we can use -p flag, and the command will be urlcrazy -p -r kucoin.com
Something Extra
Here we can ask that is this beneficial ? Well, it is as a security expert we will know that if any similar domain exists there might have higher chance to be a phishing site. For an example here we got a special variant of KuCoin, which is highlighted in the following screenshot:
The highlighted domain variant is a phishing page of KuCoin. We had open that page, shown in the following screenshot:
This KuCoin domain variant is a Phishing Page |
As a cybersecurity expert this is our duty to protect others from this kind of scam and phishing. These days bad guys uses many manipulative things for phishing and other cybercrime. So we need to be aware from same looking domain names.
Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Whatsapp Channel & Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply