Packages and Binaries:

dnstwist

dnstwist generates a list of similarly looking domain names for a given domain name and performs DNS queries for them (A, AAAA, NS and MX). For MX records it checks whether there is an active mail server which could be used to intercept misdirected emails. Additionally it estimates webpage similarity based on fuzzy hashes. This functionality might be helpful in detecting typosquatters, phishing attacks, fraud and corporate espionage.

Installed size: 474 KB
How to install: sudo apt install dnstwist

Dependencies:
  • python3
dnstwist

Domain name permutation engine

[email protected]:~# dnstwist -h
dnstwist 20221213 by <[email protected]>

usage: /usr/bin/dnstwist [OPTION]... DOMAIN

Domain name permutation engine for detecting homograph phishing attacks,
typosquatting, fraud and brand impersonation.

positional arguments:
  domain                      Domain name or URL to scan

options:
  -a, --all                   Print all DNS records instead of the first ones
  -b, --banners               Determine HTTP and SMTP service banners
  -d FILE, --dictionary FILE  Generate more domains using dictionary FILE
  -f FORMAT, --format FORMAT  Output format: cli, csv, json, list (default:
                              cli)
  --fuzzers LIST              Use only selected fuzzing algorithms (separated
                              with commas)
  -g, --geoip                 Lookup for GeoIP location
  -m, --mxcheck               Check if MX host can be used to intercept emails
  -o FILE, --output FILE      Save output to FILE
  -r, --registered            Show only registered domain names
  -u, --unregistered          Show only unregistered domain names
  -p, --phash                 Render web pages and evaluate visual similarity
  --phash-url URL             Override URL to render the original web page
                              from
  --screenshots DIR           Save web page screenshots into DIR
  -s, --ssdeep                Fetch web pages and compare their fuzzy hashes
                              to evaluate similarity
  --ssdeep-url URL            Override URL to fetch the original web page from
  -t NUM, --threads NUM       Start specified NUM of threads (default: 12)
  -w, --whois                 Lookup WHOIS database for creation date and
                              registrar
  --tld FILE                  Swap TLD for the original domain from FILE
  --nameservers LIST          DNS or DoH servers to query (separated with
                              commas)
  --useragent STRING          Set User-Agent STRING (default: Mozilla/5.0
                              (linux 64-bit) dnstwist/20221213)
  --debug                     Display debug messages

Updated on: 2023-Mar-08