squatcop 0.1.0.dev

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 875c451126a8c25e0cddec24ed0a13841e5401a2
+  data.tar.gz: 14c2547e41ced0e43b8cd7710332487812eeea87
+SHA512:
+  metadata.gz: f2b7aad9855878c61e1544900e5d8d4e8213b641814a75ff43e4439fa622649f5395c9d0d298fffc319b787b96ef3b1838dbe77f74abafc35ddac5eb9c32d9c0
+  data.tar.gz: bcd773a061007a9e7e1ceac71f3b8d5cf3f3f30443238bdb0128bcaf6c6055b27b504363322035066d7b64eda5a508480e7875fa05ec6001068b272872e09c13

data/LICENSE

@@ -0,0 +1,13 @@
+Copyright (c) 2017, Michelle Pellon <mpellon@conroeisd.net>
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

data/README.md

@@ -0,0 +1,4 @@
+# squatcop
+
+SquatCop finds similar-looking domains that your adversaries can use to attack 
+you via typo-squatting, phishing attacks, fraud and corporate espionage.

data/lib/squatcop.rb

@@ -0,0 +1,4 @@
+# encoding: utf-8
+
+require 'squatcop/version'
+require 'squatcop/fuzzer'

data/lib/squatcop/constants.rb

@@ -0,0 +1,8 @@
+# encoding: utf-8
+
+module SquatCop
+  # 
+  module Constants
+    VOWELS = ['a', 'e', 'i', 'o', 'u']
+  end # module Constants
+end # module SquatCop

data/lib/squatcop/fuzzer.rb

@@ -0,0 +1,92 @@
+# encoding: utf-8
+
+# Standard library dependencies.
+require 'set'
+
+# Third-party dependencies.
+require 'connection_pool'
+require 'parallel'
+require 'public_suffix'
+require 'whois'
+require 'whois-parser'
+
+# Internal dependencies.
+require 'squatcop/constants'
+require 'squatcop/result'
+
+module SquatCop
+  class InvalidDomainError < StandardError
+  end # class InvalidDomainError
+
+  #
+  class Fuzzer
+
+    attr_reader :domain
+
+    attr_reader :tld
+
+    attr_reader :nthreads
+
+    attr_reader :pqueue
+
+    private
+
+    def initialize(_domain, _nthread = 1)
+      raise InvalidDomainError unless PublicSuffix.valid?(_domain)
+      @domain = PublicSuffix.parse(_domain).sld
+      @tld = PublicSuffix.parse(_domain).tld
+      @nthreads = _nthread
+      @pqueue = Set.new
+    end # def initialize
+
+    def run
+      addition
+      vowel_swap
+      fill_whois
+      pp_json_results
+    end # def run
+
+    def fill_whois
+      # Rate limit whois server lookups.
+      $whois = ConnectionPool.new(size: @nthreads) {
+        Whois::Client.new
+      }
+
+      Parallel.each(@pqueue, in_threads: @nthreads) do |record|
+        $whois.with do |conn|
+          begin
+            whois_result = conn.lookup(record.fqdn)
+            parsed = whois_result.parser
+            record.registered = true if parsed.registered?
+          rescue Exception => e
+            puts "Error on whois lookup - #{record.fqdn} - #{e}"
+          end
+        end
+      end
+    end # def fill_whois
+
+    def pp_json_results
+      @pqueue.each do |record|
+        puts record.to_json
+      end
+    end # def pp_json_results
+
+    def vowel_swap
+      Parallel.each((0..@domain.length - 1), in_threads: @nthreads) do |i|
+        SquatCop::Constants::VOWELS.each do |vowel|
+          if SquatCop::Constants::VOWELS.include?(@domain[i])
+            @pqueue.add(Result.new((@domain[0..i-1] + vowel + @domain[i+1..@domain.length - 1]) + ".#{@tld}", 'vowel-swap'))
+          end
+        end       
+      end
+    end # def vowel_swap
+
+    def addition
+      Parallel.each((97..122), in_threads: @nthreads) do |i|
+        @pqueue.add(Result.new(@domain + i.chr + ".#{@tld}", 'addition'))
+      end
+    end # def addition
+
+    public(:initialize, :run)
+  end # class Fuzzer
+end # module SquatCop

data/lib/squatcop/result.rb

@@ -0,0 +1,33 @@
+# encoding: utf-8
+
+require 'json'
+
+module SquatCop
+  #
+  class Result
+
+    attr_accessor :fqdn
+
+    attr_reader :method
+    
+    attr_accessor :registered
+
+    private
+
+    def initialize(fqdn, method)
+      @fqdn = fqdn
+      @method = method
+      @registered = false
+    end # def initialize
+
+    def to_json
+      {
+        :fqdn => @fqdn,
+        :method => @method,
+        :registered => @registered
+      }.to_json
+    end # def to_json
+
+    public(:initialize, :fqdn, :registered, :to_json)
+  end # class Result
+end # module SquatCop

data/lib/squatcop/version.rb

@@ -0,0 +1,18 @@
+# encoding: utf-8
+
+module SquatCop
+  # This module holds the SquatCop version information.
+  module Version
+    STRING = '0.1.0.dev'.freeze
+
+    module_function
+
+    def version(debug = false)
+      if debug
+        format(STRING, RUBY_ENGINE, RUBY_VERSION, RUBY_PLATFORM)
+      else
+        STRING
+      end
+    end # def version
+  end # module Version
+end # module SquatCop

metadata

@@ -0,0 +1,251 @@
+--- !ruby/object:Gem::Specification
+name: squatcop
+version: !ruby/object:Gem::Version
+  version: 0.1.0.dev
+platform: ruby
+authors:
+- Michelle Pellon
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-01-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: commander
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.4.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.4.3
+- !ruby/object:Gem::Dependency
+  name: connection_pool
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.1
+- !ruby/object:Gem::Dependency
+  name: paint
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+- !ruby/object:Gem::Dependency
+  name: parallel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.10.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.10.0
+- !ruby/object:Gem::Dependency
+  name: public_suffix
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.5
+- !ruby/object:Gem::Dependency
+  name: whois
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.1
+- !ruby/object:Gem::Dependency
+  name: whois-parser
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 12.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 12.0.0
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.5.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.5.0
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.46'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.46.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.46'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.46.0
+description: A typo-squatting and phishing domain detector.
+email:
+- opensource@michaelpellon.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/squatcop.rb
+- lib/squatcop/constants.rb
+- lib/squatcop/fuzzer.rb
+- lib/squatcop/result.rb
+- lib/squatcop/version.rb
+homepage: https://github.com/michellepellon/squatmap
+licenses:
+- ISC
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">"
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: A typo-squatting and phishing domain detector.
+test_files: []