Skip to content
This repository has been archived by the owner on Jul 22, 2020. It is now read-only.

exp0se/dga_detector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
gib
gib
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
dga_detector.py
dga_detector.py
 
 
dga_routines.py
dga_routines.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

DGA Detector

DGA Domains detection

DGA domain detection is based on ngram analysis with trained markov chain model. It is incorporate code by https://github.com/rrenaud/Gibberish-Detector

The decision is based solely on results by this check.

In addition to ngram analysis it is also provide additional methods:

  • entropy - High entropy is another indicator of DGA domain. Threshold is 3.8
  • consonants - High consonants count is an indicator of DGA domain. Threshold is 7
  • length - High domain length can also indicate DGA. Threshold is 12.

Usage


_______________________       ________     _____           _____
___  __ \_  ____/__    |      ___  __ \______  /_____________  /______________
__  / / /  / __ __  /| |      __  / / /  _ \  __/  _ \  ___/  __/  __ \_  ___/
_  /_/ // /_/ / _  ___ |      _  /_/ //  __/ /_ /  __/ /__ / /_ / /_/ /  /
/_____/ \____/  /_/  |_|      /_____/ \___/\__/ \___/\___/ \__/ \____//_/
        
usage: dga_detector.py [-h] [-d DOMAIN] [-f FILE]

DGA domain detection

optional arguments:
  -h, --help            show this help message and exit
  -d DOMAIN, --domain DOMAIN
                        Domain to check
  -f FILE, --file FILE  File with domains. One per line

About

DGA Domains detection

Resources

Readme
Activity

Stars

62 stars

Watchers

2 watching

Forks

13 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages