Home > Uncategorized > Punycode Phishing Domains Generator

Punycode Phishing Domains Generator

November 9, 2017 Leave a comment Go to comments

I wrote a simple script that can generate Pnnycode domain names that I can use during phishing tests.
The issue with Punycode is that an attacker can create a spoof website with a URL that looks exactly the same like the real website.  It relies on the way that many browsers interpret punycode.

Firefox and Safari seems to be vulnerable to punycode phishing attack currently.

There are around 80 similar looking domains being generated by the script.


$ python genPunycodeDomain.py -d uniqlo.com

uniqlo.com          uniqlo.com [54.199.235.240]
unïqlo.com          xn--unqlo-dta.com [available]
unìqlo.com          xn--unqlo-usa.com [available]
uníqlo.com          xn--unqlo-0sa.com [available]
uniqlö.com          xn--uniql-nua.com [available]
uniqlò.com          xn--uniql-yta.com [available]
uniqló.com          xn--uniql-4ta.com [available]
üniqlo.com          xn--niqlo-jva.com [available]
ùniqlo.com          xn--niqlo-0ua.com [available]
úniqlo.com          xn--niqlo-6ua.com [available]
uniql0.com          uniql0.com [153.122.57.60]
unïqlö.com          xn--unql-6pa8b.com [available]
unïqlò.com          xn--unql-6pau.com [available]
unïqló.com          xn--unql-6pa0a.com [available]
ünïqlo.com          xn--nqlo-5pa0f.com [available]
ùnïqlo.com          xn--nqlo-5pa2d.com [available]
únïqlo.com          xn--nqlo-5pa8d.com [available]
unïql0.com          xn--unql0-dta.com [available]
unìqlö.com          xn--unql-rpa6d.com [available]
unìqlò.com          xn--unql-rpa2b.com [available]
unìqló.com          xn--unql-rpa8b.com [available]
ünìqlo.com          xn--nqlo-qpa8g.com [available]
ùnìqlo.com          xn--nqlo-qpa0f.com [available]
únìqlo.com          xn--nqlo-qpa6f.com [available]
unìql0.com          xn--unql0-usa.com [available]
uníqlö.com          xn--unql-wpa0d.com [available]
uníqlò.com          xn--unql-wpa6a.com [available]
uníqló.com          xn--unql-wpa2b.com [available]
üníqlo.com          xn--nqlo-vpa2g.com [available]
ùníqlo.com          xn--nqlo-vpa4e.com [available]
úníqlo.com          xn--nqlo-vpa0f.com [available]
uníql0.com          xn--unql0-0sa.com [available]
üniqlö.com          xn--niql-8qa5a.com [available]
ùniqlö.com          xn--niql-8qan.com [available]
úniqlö.com          xn--niql-8qat.com [available]
üniqlò.com          xn--niql-oqa9c.com [available]
ùniqlò.com          xn--niql-oqa1b.com [available]
úniqlò.com          xn--niql-oqa7b.com [available]
üniqló.com          xn--niql-tqa3c.com [available]
ùniqló.com          xn--niql-tqa5a.com [available]
úniqló.com          xn--niql-tqa1b.com [available]
üniql0.com          xn--niql0-jva.com [available]
ùniql0.com          xn--niql0-0ua.com [available]
úniql0.com          xn--niql0-6ua.com [available]
ünïqlö.com          xn--nql-zma1b5a.com [available]
ùnïqlö.com          xn--nql-zma1bn.com [available]
únïqlö.com          xn--nql-zma1bt.com [available]
ünïqlò.com          xn--nql-zmar9c.com [available]
ùnïqlò.com          xn--nql-zmar1b.com [available]
únïqlò.com          xn--nql-zmar7b.com [available]
ünïqló.com          xn--nql-zmaw3c.com [available]
ùnïqló.com          xn--nql-zmaw5a.com [available]
únïqló.com          xn--nql-zmaw1b.com [available]
ünïql0.com          xn--nql0-5pa0f.com [available]
ùnïql0.com          xn--nql0-5pa2d.com [available]
únïql0.com          xn--nql0-5pa8d.com [available]
ünìqlö.com          xn--nql-nma6c5a.com [available]
ùnìqlö.com          xn--nql-nma6cn.com [available]
únìqlö.com          xn--nql-nma6ct.com [available]
ünìqlò.com          xn--nql-nma6a5c.com [available]
ùnìqlò.com          xn--nql-nma6azb.com [available]
únìqlò.com          xn--nql-nma6a5b.com [available]
ünìqló.com          xn--nql-nma1bzc.com [available]
ùnìqló.com          xn--nql-nma1b5a.com [available]
únìqló.com          xn--nql-nma1bzb.com [available]
ünìql0.com          xn--nql0-qpa8g.com [available]
ùnìql0.com          xn--nql0-qpa0f.com [available]
únìql0.com          xn--nql0-qpa6f.com [available]
üníqlö.com          xn--nql-rma1c5a.com [available]
ùníqlö.com          xn--nql-rma1cn.com [available]
úníqlö.com          xn--nql-rma1ct.com [available]
üníqlò.com          xn--nql-rma1a9c.com [available]
ùníqlò.com          xn--nql-rma1a1b.com [available]
úníqlò.com          xn--nql-rma1a7b.com [available]
üníqló.com          xn--nql-rma6azc.com [available]
ùníqló.com          xn--nql-rma6a5a.com [available]
úníqló.com          xn--nql-rma6azb.com [available]
üníql0.com          xn--nql0-vpa2g.com [available]
ùníql0.com          xn--nql0-vpa4e.com [available]
úníql0.com          xn--nql0-vpa0f.com [available]

The domain on the left column is how the domain will appear in the browser’s location bar.
The domain on the right column is the domain to use/register.
If the domain is already in use, the IP address will appear next to the domain in the output above.

I hope this can be useful to some of you during your phishing tests.

The link to the source code is available at https://gist.github.com/milo2012/889752dadbf2d45c8e96d4a096a1736d

Below are some references to phishing with punycode.
https://www.xudongz.com/blog/2017/idn-phishing/

Phishing with ‘punycode’ – when foreign letters spell English words

Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a comment