Lookalike domain finder: Fun with homoglyphs and more
Here's a cool tool that a colleague at Valimail created recently, and if you care about protecting against people spoofing your emails through lookalike domains, I think you might find it interesting.
It's Valimail's Domain Lookalike Finder, created by VP of product, Scott Ziegler, and it works like this: Feed it your domain name, and it will give you a list of alternative variants of that domain name, using different ways to generate domain names that look similar to yours.
Homoglyphs are one particular area worth exploring here -- in this context, that means characters that visually look like typical ASCII letters found in domain names, but they're actually extended, accented or other characters that are encoded into domain names differently. Meaning the domain name looks the same in the browser or email client, but is actually not the domain name you were expecting.
The tool might delete or double random letters, replace some letters with numbers, try different TLD variations, along with a few other tricks to try to generate a list of variants to check. Then it will check to see if those different variant domains are registered or not, and do they have an MX record or website. It even shows you how the different variations would be encoded using punycode, the way that we encode extended characters into domain names to make them 7-bit ASCII safe. And you can export it all to CSV, allowing you to save your research.
This tool is very new and a work in progress, so you might hit an edge case or two where it suggests a domain that can't actually be registered, and Scott's been updating the backend logic regularly to improve it. But I've found it a lot of fun so far, and I hope that you will, too! And if you have any thoughts or feedback on how the tool could be improved, drop me a line and I'll be sure to pass your feedback on to Scott.
Happy lookalike hunting!
(Disclaimer: I am, of course, employed as Industry Research and Community Engagement Lead for DMARC provider Valimail.)
Here's a cool tool that a colleague at Valimail created recently, and if you care about protecting against people spoofing your emails through lookalike domains, I think you might find it interesting.
It's Valimail's Domain Lookalike Finder, created by VP of product, Scott Ziegler, and it works like this: Feed it your domain name, and it will give you a list of alternative variants of that domain name, using different ways to generate domain names that look similar to yours.
Homoglyphs are one particular area worth exploring here -- in this context, that means characters that visually look like typical ASCII letters found in domain names, but they're actually extended, accented or other characters that are encoded into domain names differently. Meaning the domain name looks the same in the browser or email client, but is actually not the domain name you were expecting.
The tool might delete or double random letters, replace some letters with numbers, try different TLD variations, along with a few other tricks to try to generate a list of variants to check. Then it will check to see if those different variant domains are registered or not, and do they have an MX record or website. It even shows you how the different variations would be encoded using punycode, the way that we encode extended characters into domain names to make them 7-bit ASCII safe. And you can export it all to CSV, allowing you to save your research.
This tool is very new and a work in progress, so you might hit an edge case or two where it suggests a domain that can't actually be registered, and Scott's been updating the backend logic regularly to improve it. But I've found it a lot of fun so far, and I hope that you will, too! And if you have any thoughts or feedback on how the tool could be improved, drop me a line and I'll be sure to pass your feedback on to Scott.
Happy lookalike hunting!
Comments
Post a Comment
Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.