npm
Sign UpSign In

dgadetective

1.0.5 • Public • Published

DGADetective

Check if a domain has been created using a Domain Generation Algorithm. Usefull to discover malware and trackers.

How Works

Algorithm to detect DGA:

  • Check if length > 10
  • Check if domain is Hex
  • Check if domain is Hash
  • Check if more than 3 numbers in domain
  • Check if low frecuency letters are contained
  • Check if more than 4 consonants together
  • Check if a char is repeated more than 4 times
  • Check if high entropy (with length > 10)
  • Check if records in Ecosia (Only in the asynchronous version)

Install

npm install dgadetective

How to use

The function checkDGA(DOMAIN) will return a promise that will return a value. If this value is greater than 100, probably the domain was created using DGA.

Asynchronous

const dgadetective = require('dgadetective');
 
dgadetective.checkDGA("malwareworld").then(function(result){ 
        console.log(result);
    }, function(err) {
        console.log(err);
});
// Result: 18
 
dgadetective.checkDGA("google").then(function(result){ 
        console.log(result);
    }, function(err) {
        console.log(err);
});
// Result: 0
 
dgadetective.checkDGA("facebook").then(function(result){ 
        console.log(result);
    }, function(err) {
        console.log(err);
});
// Result: 20
 
 
dgadetective.checkDGA("ikaxbvtyuagnsub").then(function(result){ 
        console.log(result);
    }, function(err) {
        console.log(err);
});
// Result: 152.5
 
dgadetective.checkDGA("1ro5huh1gh8ilh1823i081rkpgd5").then(function(result){ 
        console.log(result);
    }, function(err) {
        console.log(err);
});
// Result: 272
 

Synchronous

const dgadetective = require('dgadetective');
 
console.log(dgadetective.checkDGASync("malwareworld"));
// Result: 18
 
console.log(dgadetective.checkDGASync("google"));
// Result: 0
 
console.log(dgadetective.checkDGASync("facebook"));
// Result: 20
 
console.log(dgadetective.checkDGASync("ikaxbvtyuagnsub"));
// Result: 102.5
 
console.log(dgadetective.checkDGASync("1ro5huh1gh8ilh1823i081rkpgd5"));
// Result: 222
 
 
console.log(dgadetective.isDGAlowSync("ikaxbvtyuagnsub"));
// Low version: Check if checkDGA > 60
// Result: true
 
console.log(dgadetective.isDGAmediumSync("ikaxbvtyuagnsub"));
// Medium version: Check if checkDGA > 100
// Result: true
 
console.log(dgadetective.isDGAhighSync("ikaxbvtyuagnsub"));
// High version: Check if checkDGA > 150
// Result: false
 

Readme

Keywords

Package Sidebar

Install

npm i dgadetective

Repository

github.com/carlospolop-node-apis/dgadetective

Homepage

github.com/carlospolop-node-apis/dgadetective#readme

Weekly Downloads

8

Version

1.0.5

License

ISC

Unpacked Size

8.98 kB

Total Files

3

Last publish

Collaborators

  • carlospolop
Try on RunKit
Report malware