Skip to content
/ dgadetective Public

Check if a domain has been created using a Domain Generation Algorithm. Usefull to discover malware and trackers.

malwareworld.com
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

carlospolop-node-apis/dgadetective

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.gitignore
.gitignore
 
 
DGADetective.js
DGADetective.js
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

DGADetective

Check if a domain has been created using a Domain Generation Algorithm. Usefull to discover malware and trackers.

How Works

Algorithm to detect DGA:

  • Check if length > 10
  • Check if domain is Hex
  • Check if domain is Hash
  • Check if more than 3 numbers in domain
  • Check if low frecuency letters are contained
  • Check if more than 4 consonants together
  • Check if a char is repeated more than 4 times
  • Check if high entropy (with length > 10)
  • Check if records in Ecosia (Only in the asynchronous version)

Install

npm install dgadetective

How to use

The function checkDGA(DOMAIN) will return a promise that will return a value. If this value is greater than 100, probably the domain was created using DGA.

Asynchronous

const dgadetective = require('dgadetective');

dgadetective.checkDGA("malwareworld").then(function(result){ 
        console.log(result);
    }, function(err) {
        console.log(err);
});
// Result: 18

dgadetective.checkDGA("google").then(function(result){ 
        console.log(result);
    }, function(err) {
        console.log(err);
});
// Result: 0

dgadetective.checkDGA("facebook").then(function(result){ 
        console.log(result);
    }, function(err) {
        console.log(err);
});
// Result: 20


dgadetective.checkDGA("ikaxbvtyuagnsub").then(function(result){ 
        console.log(result);
    }, function(err) {
        console.log(err);
});
// Result: 152.5

dgadetective.checkDGA("1ro5huh1gh8ilh1823i081rkpgd5").then(function(result){ 
        console.log(result);
    }, function(err) {
        console.log(err);
});
// Result: 272

Synchronous

const dgadetective = require('dgadetective');

console.log(dgadetective.checkDGASync("malwareworld"));
// Result: 18

console.log(dgadetective.checkDGASync("google"));
// Result: 0

console.log(dgadetective.checkDGASync("facebook"));
// Result: 20

console.log(dgadetective.checkDGASync("ikaxbvtyuagnsub"));
// Result: 102.5

console.log(dgadetective.checkDGASync("1ro5huh1gh8ilh1823i081rkpgd5"));
// Result: 222


console.log(dgadetective.isDGAlowSync("ikaxbvtyuagnsub"));
// Low version: Check if checkDGA > 60
// Result: true

console.log(dgadetective.isDGAmediumSync("ikaxbvtyuagnsub"));
// Medium version: Check if checkDGA > 100
// Result: true

console.log(dgadetective.isDGAhighSync("ikaxbvtyuagnsub"));
// High version: Check if checkDGA > 150
// Result: false

About

Check if a domain has been created using a Domain Generation Algorithm. Usefull to discover malware and trackers.

malwareworld.com

Topics

dga-detection malwareworld

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages