dnstwist

dnstwist is a domain name permutation engine that detects potential phishing domains, typosquatting, and brand impersonation by generating thousands of lookalike domain variations and checking which ones are actually registered. It applies over a dozen fuzzing algorithms — character omission, repetition, replacement, insertion, homoglyphs (using Unicode lookalikes), hyphenation, subdomain tricks, and TLD swaps — to systematically generate every plausible misspelling or visual doppelganger of your domain. For each generated domain, dnstwist resolves DNS records, checks for active web servers, captures HTTP banners, fetches favicon hashes for visual comparison, and queries WHOIS data. It can detect phishing campaigns in progress by identifying newly registered lookalike domains serving content similar to your legitimate site. Output formats include CSV, JSON, and a live terminal display with color-coded threat levels. Essential for brand protection teams, SOC analysts, and anyone responsible for domain security.