Typosquatterpy: Secure Your Brand with Defensive Domain Registration

I already wrote a post about how dangerous typosquatting can be for organizations and government entities:

After that, some companies reached out to me asking where to even get started. There are thousands of possible variations of certain domains, so it can feel overwhelming. Most people begin with dnstwist, a really handy script that generates hundreds or thousands of lookalike domains using statistics. Dnstwist also checks if they are already pointing to a server via DNS, which helps you identify if someone is already trying to abuse a typosquatted domain.

While this is great for finding typosquatter domains that already exist, it doesn’t necessarily help you find and register them before someone else does (at least, not in a targeted way).

On a few pentests where I demonstrated the risks of typosquatting, I registered a domain, set up a catch-all rule to redirect emails to my address—intercepting very sensitive information—and hosted a simple web server to collect API tokens from automated requests. To streamline this process, I built a small script to help me (and now you) get started with defensive domain registration.

I called the tool Typosquatterpy, and the code is open-source on my GitHub.

Usage

1. Add your OpenAI API key (or use a local Ollama, whatever).
2. Add your domain.
3.  Run it.

And you get an output like this:

root@code-server:~/code/scripts# python3 typo.py 
✅ karlcomd.de
✅ karlcome.de
✅ karlcpm.de
✅ karlcjm.de
✅ karlcok.de
❌ karcom.de
✅ karcomd.de
✅ karlcon.de
✅ karlcim.de
✅ karicom.de

Wow, there are still a lot of typo domains available for my business website 😅.

While longer domains naturally have a higher risk of typos, I don’t have enough traffic to justify the cost of defensively registering them. Plus, my customers don’t send me sensitive information via email—I use a dedicated server for secure uploads and file transfers. (Yes, it’s Nextcloud 😉).

README.md

You can find the source here.

typosquatterpy

🚀 What is typosquatterpy?

typosquatterpy is a Python script that generates common typo domain variations of a given base domain (on a QWERTZ keyboard) using OpenAI’s API and checks their availability on Strato. This tool helps in identifying potential typo-squatted domains that could be registered to protect a brand or business.

⚠️ Disclaimer: This project is not affiliated with Strato, nor is it their official API. Use this tool at your own risk!

🛠️ Installation

To use typosquatterpy, you need Python and the requests library installed. You can install it via pip:

pip install requests

📖 Usage

Run the script with the following steps:

1. Set your base domain (e.g., example) and TLD (e.g., .de).
2. Replace api_key="sk-proj-XXXXXX" with your actual OpenAI API key.
3. Run the script, and it will:
   • Generate the top 10 most common typo domains.
   • Check their availability using Strato’s unofficial API.

Example Code Snippet

base_domain = "karlcom"
tld = ".de"
typo_response = fetch_typo_domains_openai(base_domain, api_key="sk-proj-XXXXXX")
typo_domains_base = extract_domains_from_text(typo_response)
typo_domains = [domain.split(".")[0].rstrip(".") + tld for domain in typo_domains_base]
is_domain_available(typo_domains)

Output Example

✅ karicom.de
❌ karlcomm.de
✅ krlcom.de

⚠️ Legal Notice

• typosquatterpy is not affiliated with Strato and does not use an official Strato API.
• The tool scrapes publicly available information, and its use is at your own discretion.
• Ensure you comply with any legal and ethical considerations when using this tool.

Conclusion

If you’re wondering what to do next and how to start defensively registering typo domains, here’s a straightforward approach:

1. Generate Typo Domains – Use my tool to create common misspellings of your domain, or do it manually (with or without ChatGPT).
2. Register the Domains – Most companies already have an account with a registrar where their main domain is managed. Just add the typo variations there.
3. Monitor Traffic – Keep an eye on incoming and outgoing typo requests and emails to detect misuse.
4. Route & Block Traffic – Redirect typo requests to the correct destination while blocking outgoing ones. Most commercial email solutions offer rulesets for this. Using dnstwist can help identify a broad range of typo domains.
5. Block Outgoing Requests – Ideally, use a central web proxy. If that’s not possible, add a blocklist to browser plugins like uBlock, assuming your company manages it centrally. If neither option works, set up AdGuard for central DNS filtering and block typo domains there. (I wrote a guide on setting up AdGuard!)