DGADetective
Check if a domain has been created using a Domain Generation Algorithm. Usefull to discover malware and trackers.
How Works
Algorithm to detect DGA:
- Check if length > 10
- Check if domain is Hex
- Check if domain is Hash
- Check if more than 3 numbers in domain
- Check if low frecuency letters are contained
- Check if more than 4 consonants together
- Check if a char is repeated more than 4 times
- Check if high entropy (with length > 10)
- Check if records in Ecosia (Only in the asynchronous version)
Install
npm install dgadetective
How to use
The function checkDGA(DOMAIN)
will return a promise that will return a value. If this value is greater than 100, probably the domain was created using DGA.
Asynchronous
const dgadetective = ; dgadetective;// Result: 18 dgadetective;// Result: 0 dgadetective;// Result: 20 dgadetective;// Result: 152.5 dgadetective;// Result: 272
Synchronous
const dgadetective = ; console;// Result: 18 console;// Result: 0 console;// Result: 20 console;// Result: 102.5 console;// Result: 222 console;// Low version: Check if checkDGA > 60// Result: true console;// Medium version: Check if checkDGA > 100// Result: true console;// High version: Check if checkDGA > 150// Result: false