dnstwist

dnstwist

22 Stars

A tool to monitor for potential spear phishing domains and send to Slack.

hazcod
Red-team
May 31, 2025
22 stars
View on GitHub
Share on:
X LinkedIn Facebook WhatsApp Telegram Reddit Email
Category
Red-team
GitHub Stars
22
Project Added On
May 31, 2025
Contributors
2

README.md

View on GitHub

dnstwist

This is a tool that will fetch potential typo-squatting or IDN domains which could be targeting your domain for spear phishing.
Permutations will be fetched from https://dnstwist.it/.

It will take into account the registration and/or last updated WHOIS information and a potential whitelist.

Domains identified can be sent to Slack for automated alert purposes.

Usage

First create a configuration file: 

# log settings, optional
log:
  # log level to use
  level: info

# the domains you'd like to monitor, required
domains:
  # domain(s) to monitor
  watchlist: [domain.com]
  # any domains to ignore
  whitelist: []
  # domains created in the last week
  created_since: 168h

# send alerts to a Slack channel, optional
slack:
  # slack channel webhook
  webhook: https://hooks.slack.com/services/XXX

And then run the tool: 

% dnstwist -config=config.yml

You can also set configuration values via environment variables:

% LOG_LEVEL=info DOMAIN_WATCHLIST=domain.com SLACK_WEBHOOK=xxx dnstwist

And use it with the Docker image!

% docker run -ti --rm -e "DOMAIN_WATCHLIST=domain.com" -e "SLACK_WEBHOOK=xxx" ghcr.io/hazcod/dnstwist/dnstwist:latest

Tool Information

Author

hazcod

Project Added On

May 31, 2025

License

Open Source

Tags

detection dnstwist phishing typosquat
View on GitHub

Related Tools

NTDLLReflection

NTDLLReflection

Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table

Stable
kernel-exploit-factory

kernel-exploit-factory

Linux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore.

Stable
NovaHypervisor

NovaHypervisor

NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks (either via Bring Your Own Vulnerable Driver (BYOVD) or other means) by safeguarding defense products (AntiVirus / Endpoint Protection) and kernel memory structures and preventing unauthorized access to kernel memory.

Stable
View more Red-team tools