DNSTwist – OSINT Tool in Linux

DNSTwist allows one to detect phishing, typo squatters, and attack domains that are based on an inputted domain. If you are an owner of a site or have the responsibility of your company’s domain management and brand safety, Dnstwist can be of great use in seeing sites that are trying to harm other people by pretending to be your brand.

Features:

• Provides a variety of highly effective domain fuzzing algorithms.
• Unicode domain names (IDN).
• Gives additional domain permutations using dictionary files.
• Efficient multithreaded task distribution.
• Can detect live phishing webpage.
• Rogue MX host detection (intercepting misdirected e-mails).
• Provides geoIP location.

Installation:

git clone https://github.com/elceef/dnstwist.git
cd dnstwist
pip install dnstwist

Usages:

First let’s see the optional arguments Dnstwist provides, type the following command:

dnstwist.py --help

Fig 1: dnstwist.py –help.

Without registered argument:

Let’s start with a simple scan, type the following command:

dnstwist.py dropbox.com

Fig 2: Registered and Unregistered Domains.

The empty space in front of some domains shows that they are not registered. To remove these unregistered domains, use a registered argument.

Geoip and Registered argument:

Type the following command to get the geoip of registered domains only.

dnstwist.py --geoip --registered dropbox.com

Fig 3: Only Registered Domain.

As we can see that in the previous screenshot geolocation was not shown whereas when we put the geoip flag in our command, we got the geolocation of the domains.

ssdeep argument:

Now let’s fetch web pages and compare their fuzzy hashes to evaluate similarity, type the following command:

dnstwist.py --ssdeep --registered dropbox.com

Fig 4: Geoip location of Domains shown.

In conclusion, dnstwist is a very powerful tool written in python and can be used to gather information about other domains name similar to your domain name.