add doppelganger strategie

vbrevet · vbrevet · commit 4bb8d6898e9a · 2021-06-07T23:22:04.000+02:00
diff --git a/dnsmorph.go b/dnsmorph.go
@@ -568,7 +568,8 @@ func outputToFile(targets []string) {
 			{"omission", sanitizedDomain, omissionAttack},
 			{"hyphenation", sanitizedDomain, hyphenationAttack},
 			{"bitsquatting", sanitizedDomain, bitsquattingAttack},
-			{"homograph", sanitizedDomain, homographAttack}} {
+			{"homograph", sanitizedDomain, homographAttack},
+			{"doppelganger", sanitizedDomain, doppelgangerAttack}} {
 			for _, r := range t.Function(t.TargetDomain) {
 				results = append(results, []string{r + "." + tld, t.Technique})
 			}
@@ -636,6 +637,7 @@ func runPermutations(targets []string) {
 			printReport("replacement", replacementAttack(sanitizedDomain), tld)
 			printReport("bitsquatting", bitsquattingAttack(sanitizedDomain), tld)
 			printReport("transposition", transpositionAttack(sanitizedDomain), tld)
+			printReport("doppelganger", doppelgangerAttack(sanitizedDomain), tld)
 		}
 	}
 }
@@ -769,6 +771,18 @@ func hyphenationAttack(domain string) []string {
 	return results
 }
 
+// performs a doppelganger attack by removing hypens in subdomain
+func doppelgangerAttack(domain string) []string {
+	results := []string{}
+
+	for i := len(domain)-1; i > 0; i-- {
+		if (rune(domain[i]) == '.' || rune(domain[i]) == '-') {
+			results = append(results, fmt.Sprintf("%s%s", domain[:i], domain[i+1:]))
+		}
+	}
+	return results
+}
+
 // performs a bitsquat permutation attack
 func bitsquattingAttack(domain string) []string {
 
diff --git a/dnsmorph_test.go b/dnsmorph_test.go
@@ -54,6 +54,7 @@ var tests = []testcase{
 	{"test", hyphenationAttack, 3, "t-est"},
 	{"test", bitsquattingAttack, 31, "test"},
 	{"test", homographAttack, 27, "τest"},
+	{"test.test", doppelgangerAttack, 1, "testtest"},
 }
 
 func TestAttackResults(t *testing.T) {
@@ -75,7 +76,7 @@ func TestWhoisLookup(t *testing.T) {
 		t.Errorf("expected 1997-09-15T04:00:00Z, got %s", result[0])
 	}
 
-	if result[1] != "2018-02-21T18:36:40Z" {
-		t.Errorf("expected 2018-02-21T18:36:40Z, got %s", result[1])
+	if result[1] != "2019-09-09T15:39:04Z" {
+		t.Errorf("expected 2019-09-09T15:39:04Z, got %s", result[1])
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -54,6 +54,7 @@ var tests = []testcase{`
`54`	`54`	`{"test", hyphenationAttack, 3, "t-est"},`
`55`	`55`	`{"test", bitsquattingAttack, 31, "test"},`
`56`	`56`	`{"test", homographAttack, 27, "τest"},`
	`57`	`+ {"test.test", doppelgangerAttack, 1, "testtest"},`
`57`	`58`	`}`
`58`	`59`
`59`	`60`	`func TestAttackResults(t *testing.T) {`
`@@ -75,7 +76,7 @@ func TestWhoisLookup(t *testing.T) {`
`75`	`76`	`t.Errorf("expected 1997-09-15T04:00:00Z, got %s", result[0])`
`76`	`77`	`}`
`77`	`78`
`78`		`- if result[1] != "2018-02-21T18:36:40Z" {`
`79`		`- t.Errorf("expected 2018-02-21T18:36:40Z, got %s", result[1])`
	`79`	`+ if result[1] != "2019-09-09T15:39:04Z" {`
	`80`	`+ t.Errorf("expected 2019-09-09T15:39:04Z, got %s", result[1])`
`80`	`81`	`}`
`81`	`82`	`}`