Packages and Binaries:

dnstwist

dnstwist generates a list of similarly looking domain names for a given domain name and performs DNS queries for them (A, AAAA, NS and MX). For MX records it checks whether there is an active mail server which could be used to intercept misdirected emails. Additionally it estimates webpage similarity based on fuzzy hashes. This functionality might be helpful in detecting typosquatters, phishing attacks, fraud and corporate espionage.

Installed size: 489 KB
How to install: sudo apt install dnstwist

Dependencies:
  • python3
dnstwist

Domain name permutation engine

root@kali:~# dnstwist -h
dnstwist 20250130 by <marcin@ulikowski.pl>

usage: /usr/bin/dnstwist [OPTION]... DOMAIN

Domain name permutation engine for detecting homograph phishing attacks,
typosquatting, fraud and brand impersonation.

positional arguments:
  domain                 Domain name or URL to scan

options:
  -a, --all              Print all DNS records instead of the first ones
  -b, --banners          Determine HTTP and SMTP service banners
  -d, --dictionary FILE  Generate more domains using dictionary FILE
  -f, --format FORMAT    Output format: cli, csv, json, list (default: cli)
  --fuzzers LIST         Use only selected fuzzing algorithms (separated with
                         commas)
  -g, --geoip            Lookup for GeoIP location
  --lsh [LSH]            Evaluate web page similarity with LSH algorithm:
                         ssdeep, tlsh (default: ssdeep)
  --lsh-url URL          Override URL to fetch the original web page from
  -m, --mxcheck          Check if MX host can be used to intercept emails
  -o, --output FILE      Save output to FILE
  -r, --registered       Show only registered domain names
  -u, --unregistered     Show only unregistered domain names
  -p, --phash            Render web pages and evaluate visual similarity
  --phash-url URL        Override URL to render the original web page from
  --screenshots DIR      Save web page screenshots into DIR
  -t, --threads NUM      Start specified NUM of threads (default: 10)
  -w, --whois            Lookup WHOIS database for creation date and registrar
  --tld FILE             Swap TLD for the original domain from FILE
  --nameservers LIST     DNS or DoH servers to query (separated with commas)
  --useragent STRING     Set User-Agent STRING (default: Mozilla/5.0 (linux
                         64-bit) dnstwist/20250130)

Updated on: 2025-May-20