-
Notifications
You must be signed in to change notification settings - Fork 0
/
feature.py
242 lines (209 loc) · 6.36 KB
/
feature.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
from urllib.parse import urlparse
import ipaddress
import re
from bs4 import BeautifulSoup
import whois
import urllib
import urllib.request
from datetime import datetime
import requests
# 1.Domain of the URL(Domain)
def getDomain(url):
domain = urlparse(url).netloc
if re.match(r"^www.",domain):
domain = domain.replace("www.","")
return domain
# 2.Checks for IP address in URL (Have_IP)
def havingIP(url):
try:
ipaddress.ip_address(url)
ip = 1
except:
ip = 0
return ip
# 3.Checks the presence of @ in URL (Have_At)
def haveAtSign(url):
if "@" in url:
at = 1
else:
at = 0
return at
# 4.Finding the length of URL and categorizing (URL_Length)
def getLength(url):
if len(url) < 54:
length = 0
else:
length = 1
return length
# 5.Gives number of '/' in URL (URL_Depth)
def getDepth(url):
s = urlparse(url).path.split('/')
depth = 0
for j in range(len(s)):
if len(s[j]) != 0:
depth = depth+1
return depth
# 6.Checking for redirection '//' in the url (Redirection)
def redirection(url):
pos = url.rfind('//')
if pos > 6:
if pos > 7:
return 1
else:
return 0
else:
return 0
# 7.Existence of “HTTPS” Token in the Domain Part of the URL (https_Domain)
def httpDomain(url):
domain = urlparse(url).netloc
if 'https' in domain:
return 1
else:
return 0
# Listing shortening services
shortening_services = r"bit\.ly|goo\.gl|shorte\.st|go2l\.ink|x\.co|ow\.ly|t\.co|tinyurl|tr\.im|is\.gd|cli\.gs|" \
r"yfrog\.com|migre\.me|ff\.im|tiny\.cc|url4\.eu|twit\.ac|su\.pr|twurl\.nl|snipurl\.com|" \
r"short\.to|BudURL\.com|ping\.fm|post\.ly|Just\.as|bkite\.com|snipr\.com|fic\.kr|loopt\.us|" \
r"doiop\.com|short\.ie|kl\.am|wp\.me|rubyurl\.com|om\.ly|to\.ly|bit\.do|t\.co|lnkd\.in|db\.tt|" \
r"qr\.ae|adf\.ly|goo\.gl|bitly\.com|cur\.lv|tinyurl\.com|ow\.ly|bit\.ly|ity\.im|q\.gs|is\.gd|" \
r"po\.st|bc\.vc|twitthis\.com|u\.to|j\.mp|buzurl\.com|cutt\.us|u\.bb|yourls\.org|x\.co|" \
r"prettylinkpro\.com|scrnch\.me|filoops\.info|vzturl\.com|qr\.net|1url\.com|tweez\.me|v\.gd|" \
r"tr\.im|link\.zip\.net"
# 8. Checking for Shortening Services in URL (Tiny_URL)
def tinyURL(url):
match=re.search(shortening_services,url)
if match:
return 1
else:
return 0
# 9.Checking for Prefix or Suffix Separated by (-) in the Domain (Prefix/Suffix)
def prefixSuffix(url):
if '-' in urlparse(url).netloc:
return 1 # phishing
else:
return 0 # legitimate
# 12.Web traffic (Web_Traffic)
def web_traffic(url):
try:
#Filling the whitespaces in the URL if any
url = urllib.parse.quote(url)
rank = BeautifulSoup(urllib.request.urlopen("http://data.alexa.com/data?cli=10&dat=s&url=" + url).read(), "xml").find(
"REACH")['RANK']
rank = int(rank)
except TypeError:
return 1
if rank <100000:
return 1
else:
return 0
# 13.Survival time of domain: The difference between termination time and creation time (Domain_Age)
def domainAge(domain_name):
creation_date = domain_name.creation_date
expiration_date = domain_name.expiration_date
if (isinstance(creation_date,str) or isinstance(expiration_date,str)):
try:
creation_date = datetime.strptime(creation_date,'%Y-%m-%d')
expiration_date = datetime.strptime(expiration_date,"%Y-%m-%d")
except:
return 1
if ((expiration_date is None) or (creation_date is None)):
return 1
elif ((type(expiration_date) is list) or (type(creation_date) is list)):
return 1
else:
ageofdomain = abs((expiration_date - creation_date).days)
if ((ageofdomain/30) < 6):
age = 1
else:
age = 0
return age
# 14.End time of domain: The difference between termination time and current time (Domain_End)
def domainEnd(domain_name):
expiration_date = domain_name.expiration_date
if isinstance(expiration_date,str):
try:
expiration_date = datetime.strptime(expiration_date,"%Y-%m-%d")
except:
return 1
if (expiration_date is None):
return 1
elif (type(expiration_date) is list):
return 1
else:
today = datetime.now()
end = abs((expiration_date - today).days)
if ((end/30) < 6):
end = 0
else:
end = 1
return end
# 15. IFrame Redirection (iFrame)
def iframe(response):
if response == "":
return 1
else:
if re.findall(r"[<iframe>|<frameBorder>]", response.text):
return 0
else:
return 1
# 16.Checks the effect of mouse over on status bar (Mouse_Over)
def mouseOver(response):
if response == "" :
return 1
else:
if re.findall("<script>.+onmouseover.+</script>", response.text):
return 1
else:
return 0
# 17.Checks the status of the right click attribute (Right_Click)
def rightClick(response):
if response == "":
return 1
else:
if re.findall(r"event.button ?== ?2", response.text):
return 0
else:
return 1
# 18.Checks the number of forwardings (Web_Forwards)
def forwarding(response):
if response == "":
return 1
else:
if len(response.history) <= 2:
return 0
else:
return 1
#-------------------------------------------------------------------------
# Function to extract features
def featureExtraction(url):
features = []
# Address bar based features (10)
features.append(havingIP(url))
features.append(haveAtSign(url))
features.append(getLength(url))
print(url)
features.append(getDepth("https://www.youtube.com/watch?v=iX3E_IjSMAc&ab_channel=DonutMedia"))
features.append(redirection(url))
features.append(httpDomain(url))
features.append(tinyURL(url))
features.append(prefixSuffix(url))
# Domain based features (4)
dns = 0
try:
domain_name = whois.whois(urlparse(url).netloc)
except:
dns = 1
features.append(dns)
features.append(web_traffic(url))
features.append(1 if dns == 1 else domainAge(domain_name))
features.append(1 if dns == 1 else domainEnd(domain_name))
# HTML & Javascript based features (4)
try:
response = requests.get(url)
except:
response = ""
features.append(iframe(response))
features.append(mouseOver(response))
features.append(rightClick(response))
features.append(forwarding(response))
return features