A few days back, I came across an interesting project by Sahar Shlichove. Through this project, Sahar has published a ready to use prompt for generating red team tools via generative AI agents. As an example, Sahar has provided a snippet of a mock ransomware tool, generated via this prompt.

What I liked about the prompt is it’s structure that makes it apt to provide all necessary details in an organized manner. Being used to provide messy long paragraphs filled with incoherent details, this was a fresh breath of change. You think I am praising it too much? Here, have a look at it and then decide:

Follow my journey of 100 Days of Red Team on WhatsApp, Telegram or Discord.

Obviously, I decided to put it to use. I went for a simple use case → a tool to generate variations for a given domain name, check it’s registration status and store the output in a CSV file.

Here’s the prompt I used.

You are an expert red team operator and malware developer. Create a custom red-team tool designed for ethical penetration testing in controlled environments. The tool should include the following components:
  
- Objective: This tool should generate close variations of a given domain name, preferably with same TLD but similar or close TLDs should also be reported. For example, if the domain is xyz.com, variations of the form xyz.co should also be generated. The variations should be generated by misspelling, homoglyphs, using context specific short domain names, variations with - etc. Next, check if each variation is registered or not. Save the output in a CSV file with the format -> generated domain name, registration status.
- Language: Python
- Execution Context: Windows, Linux and macOS
- Limitations: Operate under ethical boundaries, do not target real infrastructure. Must be for lab or research purposes only.

Include:
1. Brief overview of the tool and its purpose.
2. Source code with inline comments explaining how it works.
3. Example usage and how it might be used in a red-team engagement.
4. Mitigations and how defenders could detect or stop this tool.

Introducing….

Domain Morph

This tool is designed to assist red teams in conducting phishing attacks, by leveraging "typosquatting" or "domain name squatting," where they generate variations of a given domain name. These variations could include:

• Misspellings (e.g., xyz.com -> xzy.com).

• Homoglyphs (e.g., using visually similar characters like "0" for "o" or "l" for "1").

• Shortened domain names.

• Variations with hyphens or other common alterations.

The tool will also check if these domains are registered and log the result in a CSV file, which can be used for further analysis.

Tool Structure

1. Input: A domain name to generate variations.

2. Output: A CSV file containing the generated domain variations along with their registration status (whether the domain is registered or not).

The tool is fully cross-platform, works on Windows, Linux, and macOS.

Example Usage

Run the script with the following command to generate domain variations for xyz.com:

python3 domain_variation_tool.py xyz.com

This will generate domain variations like xzy.com, xyz.co, and others, then check if they are registered and save the results in domain_variations.csv.

CSV Output Example:

Generated Domain, Registration Status
xzy.com, Registered
xyz.co, Unregistered
xy-z.com, Unregistered
...

The code for this tool is available in 100 Days of Red Team GitHub repository.

Note: The tool missed the mark on certain specification but it still provides a good starting point. The information generated by this tool may not be 100% accurate, so do not forget to validate the output.

Red Team Notes
- chatgpt-red-team is a project published by Sahar Shlichove to create red team tools using generative AI agents.
- Domain Morph - I used the prompt in this project to create a tool to generate variations for a given domain name. The code for this tool is available in 100 Days of Red Team GitHub repository.   

Follow my journey of 100 Days of Red Team on WhatsApp, Telegram or Discord.