MaskURL is an open-source URL masking and analysis tool designed for security research, phishing awareness, and defensive testing.
It demonstrates how adversaries may disguise malicious links using URL manipulation and social engineering techniques, helping defenders understand and mitigate such attacks.
Mapped to MITRE ATT&CK® T1665 – Hide Infrastructure (Command and Control).
This project is publicly referenced by Tidal Cyber (Community Edition) as part of adversary behavior research.
🔗 https://app.tidalcyber.com/references/bd80f3d7-e653-5f8f-ba8a-00b8780ae935
Important
Educational & Defensive Use Only
MaskURL is a proof-of-concept project intended for security research, phishing awareness training, and authorized penetration testing. It demonstrates techniques used by real-world attackers so defenders can better recognize, detect, and prevent them.
Unauthorized or malicious use is strictly discouraged.
Your phishing link: https://example.com/whatever
Give any custom URL: gmail.com
Phishing keyword: anything-u-want
Output: https://gamil.com-anything-u-want@tinyurl.com/yourlink
# Get 4 masked URLs like this from different URL-shortener
-
URL Masking: MaskURL allows users to mask URLs with a custom domain and optional phishing keywords, making it difficult to identify the actual link.
-
Multiple URL Shorteners: The tool supports multiple URL shorteners, providing flexibility in choosing the one that best suits your needs. Currently, it supports popular services like TinyURL, osdb, dagd, and clckru.
-
Input Validation: MaskURL includes robust input validation to ensure that URLs, custom domains, and phishing keywords meet the required criteria, preventing errors and enhancing security.
-
User-Friendly Interface: Its simple and intuitive interface makes it accessible to both novice and experienced users, eliminating the need for complex command-line inputs.
-
Open Source: Being an open-source project, MaskURL is transparent and community-driven. Users can contribute to its development and suggest improvements.
git clone https://github.com/hackwithakki/MaskURL.git
cd MaskURL
pip3 install -r requirements.txt
python3 MaskURL.py
⭔ PYPI Installation : https://pypi.org/project/MaskURL/
pip install MaskURL
MaskURL <your-phishing-link> <any-custom-domain> <any-phishing-keyword>
Example: MaskURL https://ngrok.com gmail.com accout-login
import subprocess
# Define the command to run your MaskURL script with arguments
command = ["python3", "-m", "MaskURL.main", "https://ngrok.com", "facebook.com", "login"]
# Run the command
process = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
# Wait for the process to complete and get the output
stdout, stderr = process.communicate()
# Print the output and error (if any)
print("Output:")
print(stdout.decode())
print("Error:")
print(stderr.decode())
# Check the return code to see if the process was successful
if process.returncode == 0:
print("MaskURL completed successfully.")
else:
print("MaskURL encountered an error.")Contributions and feature requests are welcome! If you encounter any issues or have ideas for improvement, feel free to open an issue or submit a pull request.
- Fix trycloudflare error which is blocked by TinyURL
TinyURL not shorting trycloudflare Solution: don’t use pyshortner. shorten links manually one by one if TinyURL blocks try using different shortener
💬 If having an issue Chat here
