Packages and Binaries:
dnstwist
dnstwist generates a list of similarly looking domain names for a given domain name and performs DNS queries for them (A, AAAA, NS and MX). For MX records it checks whether there is an active mail server which could be used to intercept misdirected emails. Additionally it estimates webpage similarity based on fuzzy hashes. This functionality might be helpful in detecting typosquatters, phishing attacks, fraud and corporate espionage.
Installed size: 487 KB
How to install: sudo apt install dnstwist
Dependencies:
- python3
dnstwist
Domain name permutation engine
root@kali:~# dnstwist -h
dnstwist 20240116 by <[email protected]>
usage: /usr/bin/dnstwist [OPTION]... DOMAIN
Domain name permutation engine for detecting homograph phishing attacks,
typosquatting, fraud and brand impersonation.
positional arguments:
domain Domain name or URL to scan
options:
-a, --all Print all DNS records instead of the first ones
-b, --banners Determine HTTP and SMTP service banners
-d FILE, --dictionary FILE Generate more domains using dictionary FILE
-f FORMAT, --format FORMAT Output format: cli, csv, json, list (default:
cli)
--fuzzers LIST Use only selected fuzzing algorithms (separated
with commas)
-g, --geoip Lookup for GeoIP location
--lsh [LSH] Evaluate web page similarity with LSH algorithm:
ssdeep, tlsh (default: ssdeep)
--lsh-url URL Override URL to fetch the original web page from
-m, --mxcheck Check if MX host can be used to intercept emails
-o FILE, --output FILE Save output to FILE
-r, --registered Show only registered domain names
-u, --unregistered Show only unregistered domain names
-p, --phash Render web pages and evaluate visual similarity
--phash-url URL Override URL to render the original web page
from
--screenshots DIR Save web page screenshots into DIR
-t NUM, --threads NUM Start specified NUM of threads (default: 12)
-w, --whois Lookup WHOIS database for creation date and
registrar
--tld FILE Swap TLD for the original domain from FILE
--nameservers LIST DNS or DoH servers to query (separated with
commas)
--useragent STRING Set User-Agent STRING (default: Mozilla/5.0
(linux 64-bit) dnstwist/20240116)
Updated on: 2024-Feb-16