2023-07-04, 09:50–10:10 (Europe/Paris), Amphitheater
Existing tools like dnstwist or urlcrazy are useful for identifying typosquatting, but they don't allow users to choose a generation of variation with all possible algorithms. To address this, we created a library that compiles all possible variations for a domain name. But why stop there? We also developed a user-friendly website to make the tool accessible to everyone. And now, there's a possibility to look for package squatting on platform like pypi...
In this session, we will introduce the website and its functionalities, including all possible algorithms currently implemented in the library. Our library and website are both open source, and there is even an online version available to the public, as well as MISP integration. With these resources, there is no excuse for not protecting your organization from potential typosquatting domains.
I break stuff and I do stuff.
Security researcher at CIRCL