Improved results from opensquat, against typosquatting and related types of cyber threats, such as domain squatting, phishing campaigns, IDN homoglyph attacks
Opensquat is an open-source OSINT tool to find and analyze typosquatting domains efficiently. It can use custom lists of newly registered domains as the input for the search, hence, it is possible to use it with the lists of NRD2 data feeds to obtain more complete results.
To create a list suitable as an input to opensquat, a possibility is to use the csvkit package which is, like opensquat itself, written in Python and thus available on many platforms. In BASH, a typical approach would be
zcat nrd.2022-07-31.ultimate.daily.data.csv.gz | csvgrep -c reason -m added \
| csvcut -c domainName \
| tail --lines +2 > domain_names_nrd2_20220731.txt
where nrd.2022-07-31.ultimate.daily.data.csv.gz is the file downloaded from the NRD2 data feed. Ultimate is the most complete list, but the recipe works with the files from other subscription types, too. The file domain_names_nrd2_20220731.txt will include the list of newly registered domains for the given day, suitable to use it with opensquat like this:
./opensquat.py -d domain_names_nrd2_20220731.txt
which will find typosquatting domains for the file in keywords.txt and leave the result in result.txt. Consult the documentation of opensquat for further options, and this blog for a more detailed explanation with examples.