Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Demo
Installation
Python PIP
- pip install dnstwist[full]
Git
If you want to run the latest version of the code, you can install it from Git:
- git clone https://github.com/elceef/dnstwist.git
- cd dnstwist
- pip install .
Debian/Ubuntu/Kali Linux
Invoke the following command to install the tool with all extra packages:
- sudo apt install dnstwist
Fedora Linux
- sudo dnf install dnstwist
macOS
This will install dnstwist along with all dependencies, and the binary will be added to $PATH.
- brew install dnstwist
Docker
Pull and run official image from the Docker Hub:
- docker run -it elceef/dnstwist
Features
- Variety of highly effective domain fuzzing algorithms
- Unicode domain names (IDN)
- Additional domain permutations from dictionary files
- Efficient multithreaded task distribution
- Live phishing webpage detection:
- HTML similarity with fuzzy hashes (ssdeep)
- Screenshot visual similarity with perceptual hashes (pHash)
- Rogue MX host detection (intercepting misdirected e-mails)
- GeoIP location
- Export to CSV and JSON