Provided by: dnstwist_0~20250130-1_all bug

NAME
       dnstwist - domain name permutation engine


SYNOPSIS
       dnstwist [OPTION...] DOMAIN


DESCRIPTION
       Find  similar-looking domain names that adversaries can use to attack you. Detect typosquatters, phishing
       attacks, fraud and brand impersonation.


COMMAND-LINE OPTIONS
       -a, --all
              Print all DNS records instead of the first ones.

       -b, --banners
              Determine HTTP and SMTP service banners.

       -d, --dictionary FILE
              Generate additional domains using a dictionary read from FILE.

       -f, --format FORMAT
              Select the output format. Supported values are: cli (default), csv, list, json.

       --fuzzers LIST
              Use only selected fuzzing algorithms (separated with commas).

       -g, --geoip
              Perform lookup for GeoIP location.

       --lsh [LSH]
              Evaluate web page similarity with LSH algorithm: ssdeep (default), tlsh

       --lsh-url URL
              Override URL to fetch the original web page from.

       -h, --help
              Display help message and exit.

       -m, --mxcheck
              Check if MX host can be used to intercept e-mails.

       -o, --output FILE
              Save output to FILE.

       -r, --registered
              Show only registered domain names.

       -u, --unregistered
              Show only unregistered domain names.

       -p, --phash
              Render web pages and compare their perceptual hashes to evaluate visual similarity.

       --phash-url URL
              Override URL to render the original web page from.

       --screenshots DIR
              Save web page screenshots into DIR.

       -t, --threads NUM
              Start specified NUM of threads.

       -w, --whois
              Lookup WHOIS database for creation date and registrar.

       --nameservers LIST
              DNS or DNS-over-HTTPS servers to query (comma-separated LIST).

       --tld FILE
              Generate additional domains by swapping TLD as read from FILE.

       --useragent STRING
              Set User-Agent STRING (default: Mozilla/5.0 (platform arch) dnstwist/version).


NOTES
       DNS fuzzing is an automated workflow for discovering potentially malicious domain names.

       The tool will run the provided domain name  through  its  fuzzing  algorithms  and  generate  a  list  of
       potential  phishing  domains  along  with  DNS  records.   Usually  thousands  of domain permutations are
       generated - especially for longer input domains. In such cases, it  may  be  practical  to  display  only
       registered (resolvable) ones using --registered argument.

       Ensure  your  local DNS server can handle thousands of requests within a short period of time. Otherwise,
       you can specify an external DNS or DNS-over-HTTPS server with --nameservers argument.

   Fuzzy hashing
       Manually checking each domain name in terms of serving  a  phishing  site  might  be  time-consuming.  To
       address  this, dnstwist makes use of so-called fuzzy hashes (locality-sensitive hash, LSH) and perceptual
       hashes (pHash). Fuzzy hashing is a concept that involves the ability to compare two  inputs  (HTML  code)
       and  determine  a  fundamental  level  of similarity, while perceptual hash is a fingerprint derived from
       visual features of an image (web  browser  screenshot).  The  level  of  similarity  is  expressed  as  a
       percentage.

       Keep  in  mind it's rather unlikely to get 100% match for a dynamically generated web page. However, each
       notification is a strong indicator and should be inspected carefully regardless of the score.

   Dictionaries
       If domain permutations generated by the fuzzing algorithms  are  insufficient,  please  use  --dictionary
       option with a file to generate more domain variants.  If you need to check whether domains with different
       TLDs exist, you can use --tld argument.

   Coverage
       Along  with  the  length  of  the  domain,  the  number of variants generated by the algorithms increases
       considerably, and therefore the time and resources needed to verify them. It's mathematically  impossible
       to  check  all  domain permutations - especially for longer input domains which would require millions of
       DNS lookups. For this reason, this tool generates and checks domains very  close  to  the  original  one.
       Theoretically, these are the most attractive domains from the attacker's point of view. However, be aware
       that the imagination of the aggressors is unlimited.

       Unicode  tables  consist  of  thousands  of  characters with many of them visually similar to each other.
       However, despite the fact certain characters are encodable using  punycode,  most  TLD  authorities  will
       reject them during domain registration process. In general, TLD authorities disallow mixing of characters
       coming  from  different  Unicode  scripts  or maintain their own sets of acceptable characters. With that
       being said, the homoglyph fuzzer was build on top of carefully researched  range  of  Unicode  characters
       (homoglyphs) to ensure that generated domains can be registered in practice.


AUTHOR
       Marcin Ulikowski <marcin@ulikowski.pl>

                                                  December 2022                                      DNSTWIST(1)