dnstwist – Domain Name Permutation Engine

Domain name hijacking or typosquatting may allow attacker to run phishing attack and use similar domain names to trick users. in case you are looking to identify all possible phishing domains you can use dnstwist. This tool allow user to detect typosquatters, phishing attacks, fraud and corporate espionage. Useful as an additional source of targeted threat intelligence.

The way this tool work is by taking your domain name as a seed, generates a list of potential phishing domains and then checks to see if they are registered. Additionally it can test if the mail server from MX record can be used to intercept misdirected corporate e-mails and it can generate fuzzy hashes of the web pages to see if they are live phishing sites.

dnstwist – Domain Name Permutation Engine

Once user identify the registered domain he can verify what they are hosting and what type of application running in case there is a phishing website it should be reported to the hostage to remove the content.

The same way you may use this tool during awareness session to provide required training and examples for possible live attack that may target users online by exploiting domain name vulnerabilities.

The last but not least is to use this tool during forensic analysis to get list of possible registered domain that were used in phishing campaign.

You can read more and download this tool over here: https://github.com/elceef/dnstwist

Share