Mosqito is a defensive cybersecurity tool for detecting Unicode homoglyph and IDN-based domain impersonation and phishing risks.
Unicode homoglyphs are frequently abused in phishing and brand impersonation attacks by replacing ASCII characters with visually similar Unicode characters.
Mosqito helps security professionals:
- Detect Unicode-based domain masquerading
- Generate potential homoglyph impersonation variants
- Analyze suspicious domains during SOC triage
- Understand IDN and Punycode abuse techniques
Mosqito is designed strictly for defensive security research, detection engineering, and education.
- Unicode homoglyph domain variant generation
- Masquerade detection for single domains
- Visual normalization and impersonation detection
- Risk scoring for prioritization
- IDN / Punycode identification
- Colorized terminal output
- 🟢 Green: clean / low risk
- 🟠 Orange: suspicious / malicious-looking
- Single-file, dependency-free Python tool
Clone the repository:
git clone https://github.com/zrnge/Mosqito.git
cd MosqitoMosqito requires Python 3.9 or higher.
python mosqito.py <domain> [options]| Option | Description | Default |
|---|---|---|
-m, --max-changes <int> |
Maximum homoglyph substitutions per label | 2 |
--punycode |
Display IDNA / Punycode representation | Disabled |
--check |
Analyze a domain for masquerading indicators | Disabled |
--compare <domain> |
Legitimate domain to compare against (used with --check) |
None |
python mosqito.py google.compython mosqito.py google.com --max-changes 1python mosqito.py google.com --punycodepython mosqito.py --check gοοgle.compython mosqito.py --check gοοgle.com --compare google.comThis flags high-confidence visual impersonation.
Mosqito is intended solely for defensive cybersecurity research, education, and detection engineering.
It must not be used for phishing, impersonation, fraud, or any malicious activity. The authors assume no responsibility for misuse of this tool.
Use responsibly and in compliance with applicable laws and policies.