Situatie
Discovering Typosquatting Domains with dnstwist
dnstwist is an open-source domain name permutation engine — a typosquatting detection tool used in cybersecurity to identify suspicious or malicious domains that look similar to legitimate ones.
dnstwist generates hundreds of typo variations (e.g., goggle.com, gooogle.com, g00gle.com) based on a target domain and checks:
-If those domains are registered
-Whether they resolve to IP addresses
-If they have DNS, MX, or WHOIS info
-(Optional) Whether they are serving web content, potentially phishing pages
Built into Kali Linux
You can run it without installing anything
Why It’s Useful (in Cybersecurity & OSINT)
-Detect phishing campaigns targeting your brand
-Monitor brand abuse or lookalike domains
-Alert your clients of malicious typosquat domains
-Enhance security posture in red team and blue team scenario
Goal:
Check for domains that look similar to your real domain (like gooogle.com, g00gle.com, etc.). These are often used for phishing, malware, or impersonation — a classic typosquatting tactic.
Solutie
1) Check for version
dnstwist –version
2)Scan for registered typo variants of a domain:
dnstwist –registered example.com
Domain Name A Record DNS Status WHOIS Registered
———————- —————— ————- —————–
examp1e.org 203.0.113.55 FOUND Yes
exampel.org 192.0.2.45 FOUND Yes
exampl3.org – NOT FOUND No
examp-le.org 198.51.100.34 FOUND Yes
example.net 93.184.216.34 FOUND Yes
exampIe.org 203.0.113.99 FOUND Yes
Leave A Comment?