Nekuda: IDN-Squatting Detector
Nekuda – IDN-Squatting Detector
A domain lookalike is a domain name that is similar to a legitimate domain name but with slight differences. These differences can be in the spelling of the domain name, the top-level domain (TLD), or the extension. Domain lookalikes are often used in phishing attacks, where attackers attempt to trick users into entering their personal information on a fake website. For example, one may try and fool users with the domain
micros0ft.com, trying to mimic
Internationalized Domain Name and IDN TLDs
An internationalized domain name (IDN) is an Internet domain name that contains at least one label displayed in software applications, in whole or in part, in non-Latin script or alphabet, or in the Latin alphabet-based characters with diacritics or ligatures. These writing systems are encoded by computers in multibyte Unicode. Internationalized domain names are stored in the Domain Name System (DNS) as ASCII strings using Punycode transcription. Here are a few examples of IDNs:
In order to be compatible with components expecting ASCII input, these characters must be encoded in Punycode. It is an ASCII-compatible encoding of Unicode characters that allows internationalized domain names (IDNs) to be used across the entire internet. Out of the 1470 available top-level domain names (e.g.
.com) there are currently 152 IDN TLDs – reflecting other non-country specific TLDs as
.net in native tongues alongside localized ones as
.укр (Ukraine) and others.
This is a new disruptive concept devised by the authors of this tool – instead of integrating non-ASCII characters as part of the domain – register the entire domain in the target’s native tongue. For example, instead of
microsoft.com register any of the following domains:
What is Nekuda?
Nekuda is a Python notebook that given an input keyword will yield potential IDN-Squat-able domains. Its goal is to educate about this potential new technique for creating phishing pages alongside assisting defenders in tracking down these domains shortly.
Copyright (C) 2023 G4LB1T