├── README.md
├── checkURL.py
├── screenshot.png
├── urls.txt
└── video.png
/README.md:
--------------------------------------------------------------------------------
1 | CheckURL
2 |
3 | Detect evil urls that uses IDN Homograph Attack.
4 |
5 |
6 | ### MAINTAINERS
7 | * **Vandré Augusto** |
8 | Twitter: @dr1nKoRdi3
9 | Github: @dr1nK0Rdi3
10 |
11 | ## VIDEO DEMO
12 |
13 |
14 | 
15 |
16 |
17 | ### CLONE
18 | ```
19 | # git clone https://github.com/UndeadSec/checkURL.git
20 | ```
21 |
22 | ### RUNNING
23 | ```
24 | # cd checkURL
25 | ```
26 |
27 | ```
28 | # python3 checkURL.py --help
29 | usage: checkURL.py [-h] [--url URL | --url-list URL_list] [--check-url]
30 |
31 | Check IDN Homograph Attack - UndeadSec
32 |
33 | optional arguments:
34 | -h, --help show this help message and exit
35 | --url URL Enter to check if it is Evil URL
36 | --url-list URL_list Specify a file with a list of Evil URL
37 | --check-url Check socket URL
38 |
39 | Examples:
40 | python3 checkURL.py --url google.com
41 | python3 checkURL.py --url google.com --check-url
42 | python3 checkURL.py --url-list urls.txt
43 | python3 checkURL.py --url-list urls.txt --check-url
44 |
45 | Telegram: https://t.me/UndeadSec
46 | ```
47 | ### PREREQUISITES
48 |
49 | * python 3.x
50 |
51 | ## TESTED ON
52 | [](https://www.kali.org) **Kali Linux - ROLLING EDITION**
53 |
54 | ### SCREENSHOT
55 | 
56 |
--------------------------------------------------------------------------------
/checkURL.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python3
2 |
3 | '''
4 | BY: UNDEADSEC from BRAZIL :)
5 |
6 | Visit: https://www.youtube.com/c/UndeadSec
7 | Github: https://github.com/UndeadSec/checkURL
8 | Telegram: https://t.me/UndeadSec
9 | '''
10 |
11 | from __future__ import print_function
12 | from platform import python_version
13 | from sys import exit, argv
14 |
15 | version = python_version().startswith('2', 0, len(python_version()))
16 | if version:
17 | print('Are you using python version {}\n'
18 | 'Please, use version 3.X of python'.format(python_version()))
19 | exit(1)
20 |
21 | from argparse import ArgumentParser, RawDescriptionHelpFormatter
22 | from textwrap import dedent
23 | from socket import socket, AF_INET, SOCK_STREAM, gethostbyname, gaierror
24 |
25 | white, red, yellow, green, END = '\33[;97m', '\33[1;91m', '\33[1;93m', '\33[1;32m', '\33[0m'
26 |
27 | def banner():
28 | '''
29 | Show banner of tool checkURL
30 | :return: banner
31 | '''
32 |
33 | msg = '''
34 | {3} _ _ {1}{2} _ _ _____ _
35 | {3} | | | | {1}{2}| | | | __ \| |
36 | {3} ___| |__ ___ ___| | __ {1}{2}| | | | |__) | |
37 | {3} / __| '_ \ / _ \/ __| |/ / {1}{2}| | | | _ /| |
38 | {3} | (__| | | | __| (__| < {1}{2}| |__| | | \ \| |____
39 | {3} \___|_| |_|\___|\___|_|\_\ {1}{2} \____/|_| \_|______|{1}
40 |
41 | {3}.. .UndeadSec from BRazil. ..{1}
42 | \n\n{3}Checking IDN Homograph Attack ... . {1}
43 | '''
44 | return msg.format(green,END,red,white)
45 |
46 | def parse_args():
47 |
48 | parser = ArgumentParser(
49 | formatter_class=RawDescriptionHelpFormatter,
50 | description='Check IDN Homograph Attack - UndeadSec',
51 | epilog=dedent('''\
52 | Examples:
53 | python3 {0} --url google.com
54 | python3 {0} --url google.com --check-url
55 | python3 {0} --url-list urls.txt
56 | python3 {0} --url-list urls.txt --check-url
57 |
58 | Telegram: https://t.me/UndeadSec'''.format(argv[0])))
59 |
60 | g = parser.add_mutually_exclusive_group()
61 |
62 | g.add_argument(
63 | '--url',
64 | dest='url',
65 | help='Enter to check if it is Evil URL',
66 | action='store',
67 | metavar='URL')
68 |
69 | g.add_argument(
70 | '--url-list',
71 | dest='url_list',
72 | help='Specify a file with a list of Evil URL',
73 | action='store',
74 | metavar='URL_list')
75 |
76 | parser.add_argument(
77 | '--check-url',
78 | dest='check_url',
79 | help='Check socket URL',
80 | action='store_true')
81 |
82 | args = parser.parse_args()
83 |
84 | return args, parser
85 |
86 | def check_EVIL(url):
87 |
88 | '''
89 | Check evil chars in URL
90 | :param url: suspicious URL
91 | :return: result of check and the evil chars
92 | '''
93 |
94 | bad_chars = ['\u0430', '\u03F2', '\u0435', '\u043E', '\u0440', '\u0455', '\u0501', '\u051B', '\u051D']
95 | result = [bad_chars[i] for i in range(len(bad_chars)) if bad_chars[i] in url]
96 |
97 | if result:
98 | msg = '\n{0}[*] Evil URL detected: {1}{2}{3}{1}'.format(yellow,END,red,url)
99 | msg += '\n{0}[*] Evil characters used: {1}{2}{3}{1}'.format(yellow,END,red,result)
100 | else:
101 | msg = '\n{0}[*] Evil URL NOT detected:{1} {2}{3}{1}'.format(yellow, END, green, url)
102 |
103 | return msg
104 |
105 | def urls_list(file):
106 | '''
107 | Read the file to verify Evil URL
108 | :param file: file with a list of Evil URLs
109 | :return: file reading
110 | '''
111 |
112 | with open(file) as arq:
113 | urls = [f.strip() for f in arq]
114 | for i in range(len(urls)): print(check_EVIL(urls[i]))
115 |
116 | def check_url(url):
117 |
118 | '''
119 | Check connection
120 | :param url: suspicious url
121 | :return: status of connection
122 | '''
123 |
124 | try:
125 | url = gethostbyname(url)
126 | except gaierror as err:
127 | error = '{1}[*] {0}{2}\n'.format(err,yellow,END)
128 | return error
129 | exit(1)
130 |
131 | s = socket(AF_INET, SOCK_STREAM)
132 | check = s.connect_ex((url,80))
133 |
134 | if check == 0:
135 | msg = '{0}[*] Connection accepted{1}\n'.format(green,END)
136 | else:
137 | msg = '{0}[*] Connection refused{1}\n'.format(green, END)
138 |
139 | return msg
140 |
141 | def check_list_url(file):
142 |
143 | '''
144 | Check Evil chars in list of suspicious Evil URL
145 | :param file: file with a list of Evil URLs
146 | :return: message with results
147 | '''
148 |
149 | with open(file) as arq:
150 | urls_arq = [u.strip() for u in arq]
151 |
152 | msg = ''
153 | for url in urls_arq:
154 |
155 | bad_chars = ['\u0430', '\u03F2', '\u0435', '\u043E', '\u0440', '\u0455', '\u0501', '\u051B', '\u051D']
156 | result = [bad_chars[i] for i in range(len(bad_chars)) if bad_chars[i] in url]
157 | check_result = check_url(url)
158 |
159 | if result:
160 | msg += '\n{0}[*] Evil URL detected: {1}{2}{3}{1}'.format(yellow, END, red, url)
161 | msg += '\n{0}[*] Evil characters used: {1}{2}{3}{1}\n'.format(yellow, END, red, result)
162 | msg += check_result
163 |
164 | else:
165 | msg += '\n{0}[*] Evil URL NOT detected:{1} {2}{3}{1}\n'.format(yellow, END, green, url)
166 | msg += check_result
167 |
168 | return msg
169 |
170 | def main():
171 |
172 | '''
173 | Main
174 | :return: execution of the program
175 | '''
176 | args = parse_args()[0]
177 | parse = parse_args()[1]
178 |
179 | if len(argv) < 2:
180 | parse.print_help()
181 | exit(1)
182 |
183 | print(banner())
184 |
185 | if args.url: print(check_EVIL(args.url))
186 | if args.url and args.check_url: print(check_url(args.url))
187 | if args.url_list and not args.check_url: urls_list(args.url_list)
188 | if args.url_list and args.check_url: print(check_list_url(args.url_list))
189 |
190 | if __name__ == '__main__':
191 | try: main()
192 | except KeyboardInterrupt: exit()
193 | except SystemExit: pass
194 |
195 |
196 |
197 |
198 |
199 |
200 |
201 |
202 |
203 |
204 |
205 |
206 |
207 |
--------------------------------------------------------------------------------
/screenshot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UndeadSec/checkURL/d5086f9ccbb1221ee2773f7f28dfbf1ec93357bd/screenshot.png
--------------------------------------------------------------------------------
/urls.txt:
--------------------------------------------------------------------------------
1 | facebook.com
2 | www.fаcebook.com
3 | www.faϲebook.com
4 | www.facеbook.com
5 | www.facebооk.com
6 | ԝԝԝ.facebook.com
7 | ԝԝԝ.fаϲеbооk.com
8 | www.googlе.com
9 | www.gооgle.com
10 | ԝԝԝ.google.com
11 | ԝԝԝ.gооglе.com
12 | www.google.com
13 |
--------------------------------------------------------------------------------
/video.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UndeadSec/checkURL/d5086f9ccbb1221ee2773f7f28dfbf1ec93357bd/video.png
--------------------------------------------------------------------------------