Provided by: dnstwist_0~20220815-1_all bug


       dnstwist - domain name permutation engine


       dnstwist [OPTION...] DOMAIN


       Find  similar-looking  domain  names  that  adversaries  can  use  to  attack  you. Detect
       typosquatters, phishing attacks, fraud and brand impersonation.


       -a, --all
              Show all DNS records.

       -b, --banners
              Determine HTTP and SMTP service banners.

       -d, --dictionary FILE
              Generate additional domains using a dictionary read from FILE.

       -f, --format FORMAT
              Select the output format. Supported values are: cli (default), csv, list, json.

       -g, --geoip
              Perform lookup for GeoIP location.

       -h, --help
              Display a help message and exit.

       -m, --mxcheck
              Check if MX host can be used to intercept e-mails.

       -o, --output FILE
              Save output to FILE.

       -r, --registered
              Show only registered domain names.

       -r, --unregistered
              Show only unregistered domain names.

       -p, --phash
              Render web pages and compare their perceptual hashes to evaluate visual similarity.

       --phash-url URL
              Override URL to render the original web page from.

       --screenshots DIR
              Save web page screenshots into DIR.

       -s, --ssdeep
              Fetch web pages and compare their fuzzy hashes to evaluate similarity.

       --ssdeep-url URL
              Override URL to fetch the original web page from.

       -t, --threads NUMBER
              Start specified NUMBER of threads (default: 10).

       -w, --whois
              Perform lookup for WHOIS creation date.

       --nameservers LIST
              DNS or DNS-over-HTTPS servers to query (comma-separated LIST).

       --tld FILE
              Generate additional domains by swapping TLD as read from FILE.

       --useragent STRING
              User-Agent to  send  with  HTTP  requests  (default:  Mozilla/5.0  (platform  arch)


       DNS fuzzing is an automated workflow for discovering potentially malicious domain names.

       The  tool  will run the provided domain name through its fuzzing algorithms and generate a
       list of potential phishing domains along with DNS records.  Usually  thousands  of  domain
       permutations are generated - especially for longer input domains. In such cases, it may be
       practical to display only registered (resolvable) ones using --registered argument.

       Ensure your local DNS server can handle thousands of requests within  a  short  period  of
       time.   Otherwise,  you  can  specify  an  external  DNS  or  DNS-over-HTTPS  server  with
       --nameservers argument.

   Fuzzy hashing
       Manually checking each domain name in terms of serving a  phishing  site  might  be  time-
       consuming.  To  address  this,  dnstwist  makes  use  of  so-called  fuzzy hashes (context
       triggered piecewise hashes, often called ssdeep)  and  perceptual  hashes  (pHash).  Fuzzy
       hashing  is  a  concept  that  involves  the ability to compare two inputs (HTML code) and
       determine a fundamental level of  similarity,  while  perceptual  hash  is  a  fingerprint
       dervied from visual features of an image (web browser screenshot). The level of similarity
       is be expressed as a percentage.

       Keep in mind it's rather unlikely to get 100% match for a dynamically generated web  page.
       However,  each  notification  is  a  strong  indicator  and  should be inspected carefully
       regardless of the score.

       If domain permutations generated by the fuzzing algorithms are  insufficient,  please  use
       --dictionary  option  with  a file to generate more domain variants.  If you need to check
       whether domains with different TLDs exist, you can use --tld argument.

       Along with the length of the domain, the number of variants generated  by  the  algorithms
       increases  considerably,  and therefore the time and resources needed to verify them. It's
       mathematically impossible to check all domain permutations - especially for  longer  input
       domains  which would require millions of DNS lookups. For this reason, this tool generates
       and checks domains very close to the original  one.  Theoretically,  these  are  the  most
       attractive  domains  from  the  attacker's  point  of  view.  However,  be  aware that the
       imagination of the aggressors is unlimited.

       Unicode tables consist of thousands of characters with many of them  visually  similar  to
       each  other.  However,  despite  the fact certain characters are encodable using punycode,
       most TLD authorities will reject them during domain registration process. In general,  TLD
       authorities  disallow  mixing  of  characters  coming  from  different  Unicode scripts or
       maintain their own sets of acceptable characters. With  that  being  said,  the  homoglyph
       fuzzer  was  build on top of carefully researched range of Unicode characters (homoglyphs)
       to ensure that generated domains can be registered in practice.

                                            June 2022                                 DNSTWIST(1)