Provided by: dnstwist_0~20221213-1_all bug

NAME
       dnstwist - domain name permutation engine


SYNOPSIS
       dnstwist [OPTION...] DOMAIN


DESCRIPTION
       Find  similar-looking  domain  names  that  adversaries  can  use  to  attack  you. Detect
       typosquatters, phishing attacks, fraud and brand impersonation.


COMMAND-LINE OPTIONS
       -a, --all
              Print all DNS records instead of the first ones.

       -b, --banners
              Determine HTTP and SMTP service banners.

       -d, --dictionary FILE
              Generate additional domains using a dictionary read from FILE.

       -f, --format FORMAT
              Select the output format. Supported values are: cli (default), csv, list, json.

       --fuzzers LIST
              Use only selected fuzzing algorithms (separated with commas).

       -g, --geoip
              Perform lookup for GeoIP location.

       -h, --help
              Display help message and exit.

       -m, --mxcheck
              Check if MX host can be used to intercept e-mails.

       -o, --output FILE
              Save output to FILE.

       -r, --registered
              Show only registered domain names.

       -u, --unregistered
              Show only unregistered domain names.

       -p, --phash
              Render web pages and compare their perceptual hashes to evaluate visual similarity.

       --phash-url URL
              Override URL to render the original web page from.

       --screenshots DIR
              Save web page screenshots into DIR.

       -s, --ssdeep
              Fetch web pages and compare their fuzzy hashes to evaluate similarity.

       --ssdeep-url URL
              Override URL to fetch the original web page from.

       -t, --threads NUM
              Start specified NUM of threads.

       -w, --whois
              Lookup WHOIS database for creation date and registrar.

       --nameservers LIST
              DNS or DNS-over-HTTPS servers to query (comma-separated LIST).

       --tld FILE
              Generate additional domains by swapping TLD as read from FILE.

       --useragent STRING
              Set User-Agent STRING (default: Mozilla/5.0 (platform arch) dnstwist/version).


NOTES
       DNS fuzzing is an automated workflow for discovering potentially malicious domain names.

       The tool will run the provided domain name through its fuzzing algorithms and  generate  a
       list  of  potential  phishing domains along with DNS records.  Usually thousands of domain
       permutations are generated - especially for longer input domains. In such cases, it may be
       practical to display only registered (resolvable) ones using --registered argument.

       Ensure  your  local  DNS  server can handle thousands of requests within a short period of
       time.  Otherwise,  you  can  specify  an  external  DNS  or  DNS-over-HTTPS  server   with
       --nameservers argument.

   Fuzzy hashing
       Manually  checking  each  domain  name  in terms of serving a phishing site might be time-
       consuming. To address  this,  dnstwist  makes  use  of  so-called  fuzzy  hashes  (context
       triggered  piecewise  hashes,  often  called  ssdeep) and perceptual hashes (pHash). Fuzzy
       hashing is a concept that involves the ability to  compare  two  inputs  (HTML  code)  and
       determine  a  fundamental  level  of  similarity,  while  perceptual hash is a fingerprint
       derived from visual features of an image (web browser screenshot). The level of similarity
       is be expressed as a percentage.

       Keep  in mind it's rather unlikely to get 100% match for a dynamically generated web page.
       However, each notification is  a  strong  indicator  and  should  be  inspected  carefully
       regardless of the score.

   Dictionaries
       If  domain  permutations  generated by the fuzzing algorithms are insufficient, please use
       --dictionary option with a file to generate more domain variants.  If you  need  to  check
       whether domains with different TLDs exist, you can use --tld argument.

   Coverage
       Along  with  the  length of the domain, the number of variants generated by the algorithms
       increases considerably, and therefore the time and resources needed to verify  them.  It's
       mathematically  impossible  to check all domain permutations - especially for longer input
       domains which would require millions of DNS lookups. For this reason, this tool  generates
       and  checks  domains  very  close  to  the original one. Theoretically, these are the most
       attractive domains from  the  attacker's  point  of  view.  However,  be  aware  that  the
       imagination of the aggressors is unlimited.

       Unicode  tables  consist  of thousands of characters with many of them visually similar to
       each other. However, despite the fact certain characters  are  encodable  using  punycode,
       most  TLD authorities will reject them during domain registration process. In general, TLD
       authorities disallow mixing  of  characters  coming  from  different  Unicode  scripts  or
       maintain  their  own  sets  of  acceptable characters. With that being said, the homoglyph
       fuzzer was build on top of carefully researched range of Unicode  characters  (homoglyphs)
       to ensure that generated domains can be registered in practice.


AUTHOR
       Marcin Ulikowski <marcin@ulikowski.pl>

                                          December 2022                               DNSTWIST(1)