{ "info": { "author": "Jos\u00e9 Ignacion Escribano & Miguel Hern\u00e1ndez & Alfonso Mu\u00f1oz", "author_email": "douncoge@gmail.com", "bugtrack_url": null, "classifiers": [ "Environment :: Console", "Intended Audience :: Other Audience", "Intended Audience :: System Administrators", "License :: OSI Approved :: BSD License", "Operating System :: MacOS", "Operating System :: Microsoft :: Windows", "Operating System :: POSIX", "Programming Language :: Python :: 3" ], "description": "# V2D - Visual Unicode attacks with deep learning\n\nUnlike the classic tools for generating malicious domains (typographical errors), we have created a system to detect similar domains from Unicode. This system does not have a static table with the possible changes, the domains creation are based on the similarity of the characters by means of Deep Learning. Consequently, this provides a greater number of variations and possible updates over time if new characters are created.\n\n## State of Art\n\nThis project is based on the initial idea of capturing the differences between Unicode characters through their representation in images. In actual fact, there are some projects which use the standard of Unicode and some repositories have been created. Some interesting projects are:\n\n* Standard: https://unicode.org/cldr/utility/confusables.jsp\n\n* Personal project: http://www.irongeek.com/i.php?page=security/out-of-character-use-of-punycode-and-homoglyph-attacks-to-obfuscate-urls-for-phishing\n\nWe based on these repositories to update our tool and try to get more accurate and complete results.\n\n\n## Research\n\nThis tool is the result of the work of the Cybersecurity Lab I4S team within BlueIndico, where we started from the simple idea of comparing images of unicode characters. Initially, the images of all these Unicode characters were needed and this was the first problem as we could not find them on the Internet. So that, we created the first database with the unicode image characters. It can be found on the repository of Unicode images, https://github.com/PantherLab/v2d-unicodeDB. There are 38,880 characters that we will use to compare with Basic Latins characters and select the most similar ones. This is the first public database with the images of the Unicode characters, we would like to share it with the community in order to improve the image recognition. Anyone can download the images from the repository. Any contribution to improve the algorithms for characters recognition would be appreciated.\n\n![Image repository](/img/repository.png \"Image repository.\")\n\nAfter having all the characters, the next step is to calculate the similarity between images of Unicode characters. To accomplish that, we used Transfer Learning with Keras. The full project is available on Github, https://github.com/PantherLab/v2d-similarity. This code extracts image features to compare and create a confusables file that it will be used by the CLI.\nFinally, we created a CLI using the result of the previous step. This CLI generates all the possible combinations with each similar letter of each letter in Unicode. On the one hand, as an attacker, it can be used to generate malicious web domains, emails, phishing, etc. On the other hand, as a defender, to check how all these variations affect/impact in a web and if they exist, block them or report them as fraud to State forces.\n\nRepo: https://github.com/PantherLab/v2d-cli\n\nThis is the schema of the system:\n\n![Alt text](/img/Architecture.png \"Repositories system.\")\n\n## V2D - CLI\n\nV2D is the first tool that uses Deep Learning, especially Transfer Learning, to automatically create new variations of inputs using Unicode characters. It is a typical visual attack but in this case the tool uses the power of the machines to select the most similar characters between all possibles.\n\n[![demo](https://asciinema.org/a/oxZKyNJAoblosmwtzWr8Pgchg.png)](https://asciinema.org/a/oxZKyNJAoblosmwtzWr8Pgchg?autoplay=1)\n\n\n### Prerequisites\n\nPython>=3.5\n\n### Installing\n\n```\npip3 install v2d\n```\n\n### Getting started\n\n#### Quick example\n\n```\n$ v2d -d example.org -m 10 -c -v\n\n\noooooo oooo .oooo. oooooooooo.\n `888. .8' .dP\"\"Y88b `888' `Y8b\n `888. .8' ]8P' 888 888\n `888. .8' .d8P' 888 888\n `888.8' .dP' 888 888\n `888' .oP .o 888 d88'\n `8' 8888888888 o888bood8P'\n\n\n Visual Unicode attacks with Deep Learning\n Version 1.1.0\n Authors: Jos\u00e9 Ignacio Escribano\n Miguel Hern\u00e1ndez (MiguelHzBz)\n Alfonso Mu\u00f1oz (@mindcrypt)\n\n\n\nSimilar domains to example.org\nexamp\u01c0e.org\nexamp1\u0435.org\nexamp1\u0258.org\nexamp1e.org\nexamp|\u0435.org\nexamp|\u0258.org\nexample.org\nexampl\u0435.org\nexamp|e.org\nexampl\u0258.org\nChecking if domains are up\nThe domain examp\u01c0e.org does not exist\nThe domain examp1\u0435.org does not exist\nThe domain examp1\u0258.org does not exist\nThe domain examp1e.org does not exist\nThe domain examp|\u0435.org does not exist\nThe domain examp|\u0258.org does not exist\nThe domain example.org exists\nThe domain exampl\u0435.org does not exist\nThe domain examp|e.org does not exist\nThe domain exampl\u0258.org does not exist\nTotal similar domains to example.org: 10\n```\n##### Note\n\n> Sometimes the output isn't render, that is because the terminal needs the font, but if you copy the text is correct.\n\n#### Getting help\n\n```\n$ v2d -h\n\noooooo oooo .oooo. oooooooooo.\n `888. .8' .dP\"\"Y88b `888' `Y8b\n `888. .8' ]8P' 888 888\n `888. .8' .d8P' 888 888\n `888.8' .dP' 888 888\n `888' .oP .o 888 d88'\n `8' 8888888888 o888bood8P'\n\n\n Visual Unicode attacks with Deep Learning\n Version 1.1.0\n Authors: Jos\u00e9 Ignacio Escribano\n Miguel Hern\u00e1ndez (MiguelHzBz)\n Alfonso Mu\u00f1oz (@mindcrypt)\n\n\n\nusage: v2d [-h] [-d DOMAIN] [-v] [-c] [-w] [-vt] [-m MAX]\n [-t 75,80,85,90,95,99] [-key API] [-o OUTPUT] [-i FILEINPUT]\n\nv2d-cli: Visual Unicode attacks with Deep Learning - System based on the\nsimilarity of the characters unicode by means of Deep Learning. This provides\na greater number of variations and a possible update over time\n\noptional arguments:\n -h, --help show this help message and exit\n -d DOMAIN, --domain DOMAIN\n check similar domains to this one\n -v, --verbose\n -c, --check check if this domain is alive\n -w, --whois check whois\n -vt, --virustotal check Virus Total\n -m MAX, --max MAX maximum number of similar domains\n -t 75,80,85,90,95,99, --threshold 75,80,85,90,95,99\n Similarity threshold\n -key API, --api-key API\n VirusTotal API Key\n -o OUTPUT, --output OUTPUT\n Output file\n -i FILEINPUT, --input FILEINPUT\n List of targets. One input per line.\n\nExamples:\n\n>$ v2d -d example.com -o dominionsexample.txt\n>$ v2d --domain example.com -m 100 -t 85\n>$ v2d -i fileexample.txt -c -w -v\n\n```\n\n\n\n## Authors\n\n* Jos\u00e9 Ignacio Escribano Pablos\n* Miguel Hern\u00e1ndez Boza - @MiguelHzBz\n* Alfonso Mu\u00f1oz Mu\u00f1oz - @mindcrypt\n\n## Contributing\n\nAny collaboration is welcome!\n\nThere're many tasks to do.You can check the [Issues](https://github.com/PantherLab/v2d-cli/issues) and send us a Pull Request.\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE.md](LICENSE.md) file for details.", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/PantherLab/v2d-cli", "keywords": "", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "v2d", "package_url": "https://pypi.org/project/v2d/", "platform": "", "project_url": "https://pypi.org/project/v2d/", "project_urls": { "Homepage": "https://github.com/PantherLab/v2d-cli" }, "release_url": "https://pypi.org/project/v2d/1.1.0/", "requires_dist": null, "requires_python": ">3.5.0", "summary": "v2d - cli generates new variations of an input based on similarity matrix generated by v2d-similarity.", "version": "1.1.0" }, "last_serial": 3803215, "releases": { "0.0.1": [ { "comment_text": "", "digests": { "md5": "00f754598b70552024bc916ef513c1bd", "sha256": "70f844a9deec6d43562cad3afea058d30a8ddd8ceeebe7d2501578d9aab9c657" }, "downloads": -1, "filename": "v2d-0.0.1.tar.gz", "has_sig": false, "md5_digest": "00f754598b70552024bc916ef513c1bd", "packagetype": "sdist", "python_version": "source", "requires_python": ">3.5.0", "size": 7817, "upload_time": "2018-04-24T07:17:05", "url": "https://files.pythonhosted.org/packages/10/8a/b06a9ff07d9cdc7c0f23253faa06426edbd927d485a7b90600831bcaab5a/v2d-0.0.1.tar.gz" } ], "1.0.0": [ { "comment_text": "", "digests": { "md5": "db4574720ea7a0aa3445c6676912d8a5", "sha256": "d82886a37c3b5022b2f8bafb95a530f8fcafbf527b6e919dc3eb517c870397f2" }, "downloads": -1, "filename": "v2d-1.0.0.tar.gz", "has_sig": false, "md5_digest": "db4574720ea7a0aa3445c6676912d8a5", "packagetype": "sdist", "python_version": "source", "requires_python": ">3.5.0", "size": 7817, "upload_time": "2018-04-24T07:22:00", "url": "https://files.pythonhosted.org/packages/88/19/e845c8749da9ec14f8b58a8fd122cdaf59e2ae7ce9ed1882774df4a49ee1/v2d-1.0.0.tar.gz" } ], "1.1.0": [ { "comment_text": "", "digests": { "md5": "b6e9b223285a8a2ed6cbfb2123f20ae5", "sha256": "28b57040ed38ee09e133751cc792a702db48316e397312414dc551fcd55dd4e8" }, "downloads": -1, "filename": "v2d-1.1.0.tar.gz", "has_sig": false, "md5_digest": "b6e9b223285a8a2ed6cbfb2123f20ae5", "packagetype": "sdist", "python_version": "source", "requires_python": ">3.5.0", "size": 8178, "upload_time": "2018-04-24T15:02:30", "url": "https://files.pythonhosted.org/packages/4d/a5/3e80fd481ab3881ee236d05d7136547a877490b4c389fc446fb17910fab5/v2d-1.1.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "b6e9b223285a8a2ed6cbfb2123f20ae5", "sha256": "28b57040ed38ee09e133751cc792a702db48316e397312414dc551fcd55dd4e8" }, "downloads": -1, "filename": "v2d-1.1.0.tar.gz", "has_sig": false, "md5_digest": "b6e9b223285a8a2ed6cbfb2123f20ae5", "packagetype": "sdist", "python_version": "source", "requires_python": ">3.5.0", "size": 8178, "upload_time": "2018-04-24T15:02:30", "url": "https://files.pythonhosted.org/packages/4d/a5/3e80fd481ab3881ee236d05d7136547a877490b4c389fc446fb17910fab5/v2d-1.1.0.tar.gz" } ] }