Skip to content

Python library to enumerate possible ASCII domains being spoofed by a particular IDN domain name

Notifications You must be signed in to change notification settings

xn-twist/xn-reverser

Repository files navigation

xn-reverser

Enumerate possible ASCII text being spoofed by a particular IDN domain name

Install

pip install xn-reverser

How it works

The basic algorithm for how this library works is as follows:

  • Convert raw xn-- IDN domain to Unicode representation (using idna library)
  • For each Unicode char in the domain:
  • Check a pre-built mapping for possible ASCII characters that look similar to the Unicode character (i.e. plaintext ASCII characters that the Unicode character could be spoofing)
  • Compute the Cartesian product of the character lists (using itertools.product) to generate the possible plaintext domain names

Usage

import xn_reverser

result = xn_reverser.xn_reverser("xn--80ak6aa92e.com")
print(result["possible_spoofed_ascii"])

xn_reverser() returns a dict containing the following elements:

  • domain_raw (string): the actual xn-- raw IDN domain provided as the input
  • domain_idn_rendered (string): the rendered Unicode form of the IDN domain
  • possible_spoofed_ascii (list): a list of possible ASCII domains converted from the IDN form

Caveats

  • Does not parse subdomains. Must provide a base domain

About

Python library to enumerate possible ASCII domains being spoofed by a particular IDN domain name

Resources

Stars

Watchers

Forks

Packages

No packages published