Packages and Binaries:


dnstwist generates a list of similarly looking domain names for a given domain name and performs DNS queries for them (A, AAAA, NS and MX). For MX records it checks whether there is an active mail server which could be used to intercept misdirected emails. Additionally it estimates webpage similarity based on fuzzy hashes. This functionality might be helpful in detecting typosquatters, phishing attacks, fraud and corporate espionage.

Installed size: 487 KB
How to install: sudo apt install dnstwist

  • python3

Domain name permutation engine

root@kali:~# dnstwist -h
dnstwist 20240116 by <[email protected]>

usage: /usr/bin/dnstwist [OPTION]... DOMAIN

Domain name permutation engine for detecting homograph phishing attacks,
typosquatting, fraud and brand impersonation.

positional arguments:
  domain                      Domain name or URL to scan

  -a, --all                   Print all DNS records instead of the first ones
  -b, --banners               Determine HTTP and SMTP service banners
  -d FILE, --dictionary FILE  Generate more domains using dictionary FILE
  -f FORMAT, --format FORMAT  Output format: cli, csv, json, list (default:
  --fuzzers LIST              Use only selected fuzzing algorithms (separated
                              with commas)
  -g, --geoip                 Lookup for GeoIP location
  --lsh [LSH]                 Evaluate web page similarity with LSH algorithm:
                              ssdeep, tlsh (default: ssdeep)
  --lsh-url URL               Override URL to fetch the original web page from
  -m, --mxcheck               Check if MX host can be used to intercept emails
  -o FILE, --output FILE      Save output to FILE
  -r, --registered            Show only registered domain names
  -u, --unregistered          Show only unregistered domain names
  -p, --phash                 Render web pages and evaluate visual similarity
  --phash-url URL             Override URL to render the original web page
  --screenshots DIR           Save web page screenshots into DIR
  -t NUM, --threads NUM       Start specified NUM of threads (default: 12)
  -w, --whois                 Lookup WHOIS database for creation date and
  --tld FILE                  Swap TLD for the original domain from FILE
  --nameservers LIST          DNS or DoH servers to query (separated with
  --useragent STRING          Set User-Agent STRING (default: Mozilla/5.0
                              (linux 64-bit) dnstwist/20240116)

Updated on: 2024-Feb-16