Url crazy is used to test domain names and its variations on internet. Url crazy, let you see if someone has registered a domain that closely associated to your domain. If these domains are in use, you can investigate them further, .i.e. there purpose on presence on internet. Some may be appropriate sites some may not, while other may be hoax sites. Attacker mostly creates phishing sites with similar names for social engineering activities.
HOW ATTACKER USES THIS TOOL:-
Phishing websites are increasing day by day to carry out phishing attacks even big tech giants have phishing webpages which are used to gather personal information as said by ethical hacking researcher of international institute of cyber security Using this tool attacker will first find the similar domains of any popular websites/domain like (facebook.com, msn.com, yahoo.com, etc) and then create fake websites with similar domain names. After creating fake website, attacker can use these fake websites for social engineering activities.
To open urlcrazy go to linux terminal and type urlcrazy.
As shown below:
- -k, is used to change keyboard layout. This could give you better picture of the domains generated in other countries by attacker.
- -p, is used to check domain name spelling, while searching in google results. You can check this manually from google.
- -r, gives list of generated domains without resolving domain names in IP addresses.
- -i, will show invalid domain names such as invalid TLD (Top Level domains).
- -f, is used to specify output files which has 2 options – human readable and CSV(comma separated values), and default is human readable.
- -o is used to create file of your scan output.
Type urlcrazy msn.com.
- Above screenshot shows types of domains variations for msn.com.
- Typo column means, that these domains are generated by urlcrazy (by leaving out a letter or adding any sign in domain name) to check the presence of fake msn domains on internet. For ex-msn.com and mn.com.
- DNS-A shows the IP address of all domains in use. It also shows the domains with same IP, which reflects the common ownership of domains.For if msn.ch and msn.com shows same ip to 22.214.171.124, then both domains belongs to msn.
- CC-A shows the country codes or you can say 2nd level domains. For ex- US (United States), NL (Netherlands).
- DNS-MX shows the mail exchange records
- Extn shows the extension used by these domain names.
Type urlcrazy -k azerty msn.com
- The standard keyboard layout is the “qwerty” and other layouts are used in other countries so the domain results might be little different. Changing the keyboard layouts makes easy how someone might end up at one of these domains.
Type urlcrazy -i msn.com
- In above screenshot (Valid column) shows that all true are the valid domains and all false are invalid domains of msn.com
- For saving the above result type urlcrazy -o msn.txt msn.com. This will create a file in the current location with name as msn.txt.
Research done by ethical hacking researcher in international institute of cyber security microsoft.com has 130 phishing hostnames which is used phishing attacks which can be used in information gathering. These phishing attacks are increasing day by day.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.