URLCrazy
Overview
Abschnitt betitelt „Overview“URLCrazy is a DNS crawler and domain typosquatting detection tool that identifies similar domain variations of a target domain. It systematically generates domain name variations using typosquatting techniques (character substitution, homoglyph attacks, transposition, omission, and other common mistakes) and checks which variants are registered or actively hosting content. Security professionals use URLCrazy to discover potential phishing domains, domain hijacking, and brand protection vulnerabilities.
Note: Use only for authorized brand protection and security research. Unauthorized domain registration or phishing simulation requires proper legal authorization.
Installation
Abschnitt betitelt „Installation“Linux Installation
Abschnitt betitelt „Linux Installation“# Debian/Ubuntu
sudo apt-get update
sudo apt-get install urlcrazy
# Install dependencies
sudo apt-get install ruby ruby-dev bundler
# Kali Linux (pre-installed)
urlcrazy --versionFrom Source
Abschnitt betitelt „From Source“# Clone repository
git clone https://github.com/urbanadventurer/urlcrazy.git
cd urlcrazy
# Install dependencies
bundle install
# or
gem install www-mechanize geoip net-dns
# Make executable
chmod +x urlcrazy
# Run directly
./urlcrazy -hManual Installation
Abschnitt betitelt „Manual Installation“# Install Ruby first
curl -fsSL https://rvm.io/install.sh | bash
rvm install ruby-2.7
# Install URLCrazy
gem install urlcrazy
# Verify installation
urlcrazy --versionBasic Usage
Abschnitt betitelt „Basic Usage“| Command | Description |
|---|---|
urlcrazy domain.com | Scan domain for typosquatting variations |
urlcrazy -k domain.com | Perform keyboard-based variations |
urlcrazy -s domain.com | Check specific variation types |
urlcrazy -o report.html domain.com | Generate HTML report |
urlcrazy --help | Display help information |
Domain Variation Types
Abschnitt betitelt „Domain Variation Types“Character Substitution
Abschnitt betitelt „Character Substitution“# Detect homoglyph attacks
urlcrazy domain.com
# Example: domain.com -> dоmain.com (o=о cyrillic)
# Common visual look-alikes detected:
# - l (L) vs I (i)
# - 0 (zero) vs O (letter)
# - 1 (one) vs l (letter)Typo Detection Methods
Abschnitt betitelt „Typo Detection Methods“# Keyboard typos (adjacent keys)
./urlcrazy domain.com
# Single character typos:
# - Transposition: dmain.com (swap letters)
# - Omission: doman.com (missing letter)
# - Repetition: doomain.com (doubled letter)
# - Substitution: fomain.com (wrong key)Basic Scanning Operations
Abschnitt betitelt „Basic Scanning Operations“Simple Domain Scan
Abschnitt betitelt „Simple Domain Scan“# Scan for typosquatting variations
urlcrazy example.com
# Output shows:
# Domain Name | DNS Status | IP Address | Country | Notes
# example.com | NXDOMAIN | (not registered) | |
# exmple.com | A | 192.0.2.1 | US | activeDetailed Analysis
Abschnitt betitelt „Detailed Analysis“# Verbose output with detailed findings
urlcrazy -v example.com
# Shows additional information:
# - Registration status
# - IP geolocation
# - Server response
# - Potential threatsVariation Type Selection
Abschnitt betitelt „Variation Type Selection“Keyboard Variations
Abschnitt betitelt „Keyboard Variations“# Focus on keyboard-based typos (adjacent keys)
./urlcrazy -k example.com
# Detects:
# - exakple.com (a next to m)
# - ezample.com (z next to x)
# - examlle.com (l next to k)Specific Variation Methods
Abschnitt betitelt „Specific Variation Methods“# Try all variation methods
./urlcrazy example.com
# Separate method types:
# 1. Typosquatting (common typos)
# 2. Homoglyphs (visual lookalikes)
# 3. Transposition (letter order)
# 4. Omission (missing letters)
# 5. Substitution (wrong character)
# 6. Pluralization (adding 's')TLD Variations
Abschnitt betitelt „TLD Variations“# Check different top-level domains
./urlcrazy example.com
# Variations include:
# - example.net (different TLD)
# - example.org (different TLD)
# - example.co (different TLD)Report Generation
Abschnitt betitelt „Report Generation“HTML Report Output
Abschnitt betitelt „HTML Report Output“# Generate comprehensive HTML report
urlcrazy -o report.html example.com
# Open in browser
firefox report.html
# or
open report.html # macOS
# Report includes:
# - All domain variations
# - Registration status
# - Active domains with content
# - Geolocation information
# - Threat assessmentCSV/Text Report
Abschnitt betitelt „CSV/Text Report“# Text-based output
urlcrazy example.com > results.txt
# Pipe to file
urlcrazy example.com | tee scan_results.txt
# Format output for parsing
urlcrazy example.com | grep "A " > active_domains.txtAdvanced Scanning Options
Abschnitt betitelt „Advanced Scanning Options“Custom Variation Limits
Abschnitt betitelt „Custom Variation Limits“# Generate limited set of variations
./urlcrazy -l 10 example.com # Top 10 variations
# Increase variation count
./urlcrazy -l 500 example.com # Up to 500 variationsDNS Resolution Control
Abschnitt betitelt „DNS Resolution Control“# Check DNS resolution for all variations
./urlcrazy example.com
# Resolution types detected:
# - A record (IPv4)
# - AAAA record (IPv6)
# - MX record (mail)
# - CNAME (alias)Custom Nameserver
Abschnitt betitelt „Custom Nameserver“# Use specific nameserver
./urlcrazy -n 8.8.8.8 example.com
# Use Google nameservers
./urlcrazy -n 8.8.8.8 -n 8.8.4.4 example.com
# Alternative nameservers
./urlcrazy -n 1.1.1.1 example.com # CloudflareThreat Detection Workflow
Abschnitt betitelt „Threat Detection Workflow“Identify Malicious Domains
Abschnitt betitelt „Identify Malicious Domains“# Scan domain and identify threats
urlcrazy -o report.html example.com
# Review active domains
urlcrazy example.com | grep "A\|MX"
# Check for phishing indicators
urlcrazy example.com | grep -E "suspicious|malware"Verify Registrations
Abschnitt betitelt „Verify Registrations“# Check WHOIS information for suspicious registrations
for domain in $(urlcrazy example.com | grep "A " | awk '{print $1}'); do
echo "Checking: $domain"
whois $domain | grep -E "Registrant|Created"
doneMonitor Typosquatting Campaigns
Abschnitt betitelt „Monitor Typosquatting Campaigns“#!/bin/bash
# Regular monitoring script
DOMAIN="example.com"
REPORT_DIR="/var/log/urlcrazy"
mkdir -p "$REPORT_DIR"
# Scan periodically
while true; do
echo "Scanning: $DOMAIN at $(date)"
urlcrazy -o "$REPORT_DIR/report_$(date +%Y%m%d_%H%M%S).html" "$DOMAIN"
sleep 86400 # Daily
doneBrand Protection Workflow
Abschnitt betitelt „Brand Protection Workflow“Corporate Domain Monitoring
Abschnitt betitelt „Corporate Domain Monitoring“# Monitor company domain variations
urlcrazy company.com -o company_report.html
# Check registered variations
urlcrazy company.com | grep "A\|MX" > registered.txt
# Research suspicious registrations
for domain in $(cat registered.txt | awk '{print $1}'); do
whois $domain | head -20
echo "---"
donePhishing Detection
Abschnitt betitelt „Phishing Detection“# Detect potential phishing domains
urlcrazy -o phishing_report.html example.com
# Identify newly registered variations
urlcrazy example.com | grep "A " | head -10
# Check content of suspicious domains
for domain in $(urlcrazy example.com | grep "A " | awk '{print $1}'); do
echo "Content check: $domain"
curl -s -I $domain | head -5
doneIntegration with Security Tools
Abschnitt betitelt „Integration with Security Tools“WHOIS Lookup Integration
Abschnitt betitelt „WHOIS Lookup Integration“#!/bin/bash
# Combine URLCrazy with WHOIS
DOMAIN="$1"
VARIATIONS=$(urlcrazy -l 50 "$DOMAIN")
while read -r variation; do
if [[ -n "$variation" ]]; then
WHOIS_INFO=$(whois "$variation" 2>/dev/null)
if [[ ! -z "$WHOIS_INFO" ]]; then
echo "=== $variation ==="
echo "$WHOIS_INFO" | grep -E "Registrant|Admin|Created|Expires"
fi
fi
done <<< "$VARIATIONS"DNS Enumeration
Abschnitt betitelt „DNS Enumeration“# URLCrazy combined with DNS tools
urlcrazy example.com > urlcrazy_results.txt
# Cross-reference with other DNS tools
nmap -p 53 -sV example.com
# Check DNS propagation
for domain in $(cat urlcrazy_results.txt | grep "A " | awk '{print $1}'); do
nslookup $domain
doneThreat Intelligence Integration
Abschnitt betitelt „Threat Intelligence Integration“#!/bin/bash
# Check domains against threat intelligence
for domain in $(urlcrazy example.com | grep "A " | awk '{print $1}'); do
# Check against VirusTotal
curl -s "https://www.virustotal.com/api/v3/domains/$domain" \
-H "x-apikey: YOUR_API_KEY" | jq .
# Check reputation
echo "Checking: $domain"
doneAnalysis Techniques
Abschnitt betitelt „Analysis Techniques“Comparative Domain Analysis
Abschnitt betitelt „Comparative Domain Analysis“# Scan legitimate domain
urlcrazy -o legitimate.html company.com
# Scan competitor/target
urlcrazy -o competitor.html competitor.com
# Compare results
diff legitimate.html competitor.html | grep -i domainHomoglyph Detection
Abschnitt betitelt „Homoglyph Detection“# Scan for visual lookalike attacks
urlcrazy company.com | grep -E "0O|l1|rn|vv"
# Manual homoglyph testing
# Common substitutions:
# - Cyrillic о (U+043E) vs Latin o
# - Greek α (U+03B1) vs Latin a
# - Superscript numbers vs regular numbersBulk Domain Scanning
Abschnitt betitelt „Bulk Domain Scanning“#!/bin/bash
# Scan multiple domains
DOMAINS="company.com competitor.org partner.net"
for domain in $DOMAINS; do
echo "=== Scanning: $domain ==="
urlcrazy "$domain" | head -20
urlcrazy -o "report_${domain}.html" "$domain"
donePerformance Optimization
Abschnitt betitelt „Performance Optimization“Parallel Scanning
Abschnitt betitelt „Parallel Scanning“#!/bin/bash
# Scan multiple domains in parallel
DOMAINS=$(cat domains.txt)
for domain in $DOMAINS; do
(urlcrazy "$domain" -o "report_${domain}.html") &
done
wait # Wait for all background jobsLimited Variation Set
Abschnitt betitelt „Limited Variation Set“# Focus on high-probability variations
./urlcrazy -l 100 example.com
# Limits scanning to most common typos
# Faster execution
# Reduces false positivesReport Analysis
Abschnitt betitelt „Report Analysis“Processing Results
Abschnitt betitelt „Processing Results“# Extract registered domains
urlcrazy example.com | grep "A " | awk '{print $1}' > registered.txt
# Count active variations
urlcrazy example.com | grep "A " | wc -l
# Identify TLD variations
urlcrazy example.com | grep -v ".com " | head -20Risk Assessment
Abschnitt betitelt „Risk Assessment“# High-risk findings:
# - Newly registered domains similar to target
# - Domains with malware/phishing history
# - Domains hosted on known malicious networks
# - Domains with similar WHOIS registrants
urlcrazy example.com > results.txt
# Manually review high-risk findingsTroubleshooting
Abschnitt betitelt „Troubleshooting“DNS Resolution Issues
Abschnitt betitelt „DNS Resolution Issues“# Check DNS connectivity
nslookup example.com
# Verify nameserver access
dig @8.8.8.8 example.com
# Try alternative nameserver
./urlcrazy -n 1.1.1.1 example.comMissing Dependencies
Abschnitt betitelt „Missing Dependencies“# Install Ruby gems
gem install www-mechanize
gem install geoip
gem install net-dns
# Or use bundler
bundle installTimeout Issues
Abschnitt betitelt „Timeout Issues“# Check network connectivity
ping 8.8.8.8
# Reduce variation count
./urlcrazy -l 50 example.com
# Allow more time for resolution
timeout 300 urlcrazy -l 200 example.comBest Practices
Abschnitt betitelt „Best Practices“Authorized Testing
Abschnitt betitelt „Authorized Testing“# Ensure authorization before scanning
# Document:
# - Written approval
# - Testing scope
# - Target domain
# - Testing date/time
# - Personnel involvedRegular Monitoring
Abschnitt betitelt „Regular Monitoring“#!/bin/bash
# Schedule regular typosquatting checks
cat > /etc/cron.d/urlcrazy-monitor <<EOF
# URLCrazy monitoring - daily at 2 AM
0 2 * * * /usr/bin/urlcrazy -o /var/log/urlcrazy/report_\$(date +\%Y\%m\%d).html example.com
EOFDocumentation
Abschnitt betitelt „Documentation“# Document findings
echo "Date: $(date)" > scan_log.txt
echo "Domain: example.com" >> scan_log.txt
urlcrazy example.com >> scan_log.txt
# Archive results
tar -czf urlcrazy_scans_$(date +%Y%m%d).tar.gz *.htmlLegal Considerations
Abschnitt betitelt „Legal Considerations“URLCrazy is legitimate for:
- Brand protection and monitoring
- Security research and education
- Phishing detection
- Corporate cybersecurity assessments
Always ensure:
- Written authorization from domain owner
- Compliance with local laws
- Ethical use of findings
- Proper documentation
- Confidentiality of results
Unauthorized domain registration or spoofing is illegal. Use URLCrazy only for defensive security purposes.