Home > Uncategorized > Punycode Phishing Domains Generator

Punycode Phishing Domains Generator

I wrote a simple script that can generate Pnnycode domain names that I can use during phishing tests.
The issue with Punycode is that an attacker can create a spoof website with a URL that looks exactly the same like the real website.  It relies on the way that many browsers interpret punycode.

Firefox and Safari seems to be vulnerable to punycode phishing attack currently.

There are around 80 similar looking domains being generated by the script.


$ python genPunycodeDomain.py -d uniqlo.com

uniqlo.com          uniqlo.com [54.199.235.240]
unïqlo.com          xn--unqlo-dta.com [available]
unìqlo.com          xn--unqlo-usa.com [available]
uníqlo.com          xn--unqlo-0sa.com [available]
uniqlö.com          xn--uniql-nua.com [available]
uniqlò.com          xn--uniql-yta.com [available]
uniqló.com          xn--uniql-4ta.com [available]
üniqlo.com          xn--niqlo-jva.com [available]
ùniqlo.com          xn--niqlo-0ua.com [available]
úniqlo.com          xn--niqlo-6ua.com [available]
uniql0.com          uniql0.com [153.122.57.60]
unïqlö.com          xn--unql-6pa8b.com [available]
unïqlò.com          xn--unql-6pau.com [available]
unïqló.com          xn--unql-6pa0a.com [available]
ünïqlo.com          xn--nqlo-5pa0f.com [available]
ùnïqlo.com          xn--nqlo-5pa2d.com [available]
únïqlo.com          xn--nqlo-5pa8d.com [available]
unïql0.com          xn--unql0-dta.com [available]
unìqlö.com          xn--unql-rpa6d.com [available]
unìqlò.com          xn--unql-rpa2b.com [available]
unìqló.com          xn--unql-rpa8b.com [available]
ünìqlo.com          xn--nqlo-qpa8g.com [available]
ùnìqlo.com          xn--nqlo-qpa0f.com [available]
únìqlo.com          xn--nqlo-qpa6f.com [available]
unìql0.com          xn--unql0-usa.com [available]
uníqlö.com          xn--unql-wpa0d.com [available]
uníqlò.com          xn--unql-wpa6a.com [available]
uníqló.com          xn--unql-wpa2b.com [available]
üníqlo.com          xn--nqlo-vpa2g.com [available]
ùníqlo.com          xn--nqlo-vpa4e.com [available]
úníqlo.com          xn--nqlo-vpa0f.com [available]
uníql0.com          xn--unql0-0sa.com [available]
üniqlö.com          xn--niql-8qa5a.com [available]
ùniqlö.com          xn--niql-8qan.com [available]
úniqlö.com          xn--niql-8qat.com [available]
üniqlò.com          xn--niql-oqa9c.com [available]
ùniqlò.com          xn--niql-oqa1b.com [available]
úniqlò.com          xn--niql-oqa7b.com [available]
üniqló.com          xn--niql-tqa3c.com [available]
ùniqló.com          xn--niql-tqa5a.com [available]
úniqló.com          xn--niql-tqa1b.com [available]
üniql0.com          xn--niql0-jva.com [available]
ùniql0.com          xn--niql0-0ua.com [available]
úniql0.com          xn--niql0-6ua.com [available]
ünïqlö.com          xn--nql-zma1b5a.com [available]
ùnïqlö.com          xn--nql-zma1bn.com [available]
únïqlö.com          xn--nql-zma1bt.com [available]
ünïqlò.com          xn--nql-zmar9c.com [available]
ùnïqlò.com          xn--nql-zmar1b.com [available]
únïqlò.com          xn--nql-zmar7b.com [available]
ünïqló.com          xn--nql-zmaw3c.com [available]
ùnïqló.com          xn--nql-zmaw5a.com [available]
únïqló.com          xn--nql-zmaw1b.com [available]
ünïql0.com          xn--nql0-5pa0f.com [available]
ùnïql0.com          xn--nql0-5pa2d.com [available]
únïql0.com          xn--nql0-5pa8d.com [available]
ünìqlö.com          xn--nql-nma6c5a.com [available]
ùnìqlö.com          xn--nql-nma6cn.com [available]
únìqlö.com          xn--nql-nma6ct.com [available]
ünìqlò.com          xn--nql-nma6a5c.com [available]
ùnìqlò.com          xn--nql-nma6azb.com [available]
únìqlò.com          xn--nql-nma6a5b.com [available]
ünìqló.com          xn--nql-nma1bzc.com [available]
ùnìqló.com          xn--nql-nma1b5a.com [available]
únìqló.com          xn--nql-nma1bzb.com [available]
ünìql0.com          xn--nql0-qpa8g.com [available]
ùnìql0.com          xn--nql0-qpa0f.com [available]
únìql0.com          xn--nql0-qpa6f.com [available]
üníqlö.com          xn--nql-rma1c5a.com [available]
ùníqlö.com          xn--nql-rma1cn.com [available]
úníqlö.com          xn--nql-rma1ct.com [available]
üníqlò.com          xn--nql-rma1a9c.com [available]
ùníqlò.com          xn--nql-rma1a1b.com [available]
úníqlò.com          xn--nql-rma1a7b.com [available]
üníqló.com          xn--nql-rma6azc.com [available]
ùníqló.com          xn--nql-rma6a5a.com [available]
úníqló.com          xn--nql-rma6azb.com [available]
üníql0.com          xn--nql0-vpa2g.com [available]
ùníql0.com          xn--nql0-vpa4e.com [available]
úníql0.com          xn--nql0-vpa0f.com [available]

The domain on the left column is how the domain will appear in the browser’s location bar.
The domain on the right column is the domain to use/register.
If the domain is already in use, the IP address will appear next to the domain in the output above.

I hope this can be useful to some of you during your phishing tests.

The link to the source code is available at https://gist.github.com/milo2012/889752dadbf2d45c8e96d4a096a1736d

Below are some references to phishing with punycode.
https://www.xudongz.com/blog/2017/idn-phishing/
Phishing with ‘punycode’ – when foreign letters spell English words

Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: