Table of Contents
Loading contents...
README.md
dnstwist
This is a tool that will fetch potential typo-squatting or IDN domains which could be targeting your domain for spear phishing.
Permutations will be fetched from https://dnstwist.it/.
It will take into account the registration and/or last updated WHOIS information and a potential whitelist.
Domains identified can be sent to Slack for automated alert purposes.
Usage
First create a configuration file:
# log settings, optional
log:
# log level to use
level: info
# the domains you'd like to monitor, required
domains:
# domain(s) to monitor
watchlist: [domain.com]
# any domains to ignore
whitelist: []
# domains created in the last week
created_since: 168h
# send alerts to a Slack channel, optional
slack:
# slack channel webhook
webhook: https://hooks.slack.com/services/XXX
And then run the tool:
% dnstwist -config=config.yml
You can also set configuration values via environment variables:
% LOG_LEVEL=info DOMAIN_WATCHLIST=domain.com SLACK_WEBHOOK=xxx dnstwist
And use it with the Docker image!
% docker run -ti --rm -e "DOMAIN_WATCHLIST=domain.com" -e "SLACK_WEBHOOK=xxx" ghcr.io/hazcod/dnstwist/dnstwist:latest
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)
Tool Information
Author
hazcod
Project Added On
May 31, 2025
License
Open Source
Tags
Related Tools
RedCloud-OS
RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers (CSPs)
Stable
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Stable
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Stable