git404hub

what is dnstwist fr?

elceef/dnstwist — explained in plain English

Analysis updated 2026-05-18

5,669PythonAudience · ops devopsComplexity · 2/5Setup · easy

tl;dr

A Python tool that generates lookalike domain names to help security teams detect phishing, typo squatting, and brand impersonation before attackers exploit them.

vibe map

mindmap
  root((dnstwist))
    What it does
      Domain permutations
      Phishing detection
      Brand monitoring
    Attack types caught
      Typo squatting
      Homograph attacks
      Homoglyphs
    Checks performed
      DNS resolution
      MX records
      IP addresses
    Audience
      Security teams
      OSINT researchers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Check if your company's domain has lookalike variants already registered that could be used for phishing.

VIBE 2

Monitor for newly registered typo-squatted domains that resemble your brand.

VIBE 3

Use as part of a threat intelligence workflow to detect active phishing campaigns targeting your users.

what's the stack?

PythonDNS

how it stacks up fr

elceef/dnstwistthudm/slimegboeing/osmnx
Stars5,6695,6705,671
LanguagePythonPythonPython
Setup difficultyeasyhardeasy
Complexity2/55/52/5
Audienceops devopsresearcherresearcher

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · easy time til it works · 5min

Requires Python, full documentation lives in the docs/ folder rather than the root README.

No license information is available from the sources provided.

in plain english

This Python tool takes a domain name and generates hundreds of similar-looking variants that could be used in phishing attacks or brand impersonation. If you give it a domain like "example.com", it produces alternatives such as character swaps, skipped or doubled letters, transpositions, and domains that use characters from other alphabets that look identical to Latin letters but are technically different. This last technique is called a homograph attack, and it is a common method attackers use to create convincing fake websites. The tool is designed for security teams and researchers who want to know what lookalike domains exist before attackers exploit them. By discovering which variants are registered or active, an organization can register the most dangerous lookalikes themselves, set up monitoring alerts, or work to take malicious domains down. Beyond generating the list of permutations, dnstwist can optionally check each one against live DNS records. This means it can tell you whether a lookalike domain is registered, what IP address it points to, whether it has an MX record suggesting it can receive email, and other indicators of active use. This makes it useful for actual threat intelligence gathering, not just listing possibilities. The topics associated with the project include DNS, domain fuzzing, homoglyphs, internationalized domain names, OSINT (open-source intelligence), and phishing. OSINT tools are those that gather information from publicly available sources rather than intrusion or exploitation, so dnstwist fits squarely into the defensive security toolkit. The repository points to a separate documentation folder for its full README, so the main project documentation is not included in the root file shown here.

prompts (copy fr)

prompt 1
I have dnstwist installed and I want to check for phishing domains targeting mycompany.com. Write me a command that finds all registered lookalike domains and outputs them as a CSV.
prompt 2
Using dnstwist, how can I check if any typo-squatted domains for my-brand.com are actively sending email?
prompt 3
Help me write a Python script that runs dnstwist on a list of domains once a day and sends an alert if any new lookalike domains appear since the last run.

Frequently asked questions

what is dnstwist fr?

A Python tool that generates lookalike domain names to help security teams detect phishing, typo squatting, and brand impersonation before attackers exploit them.

What language is dnstwist written in?

Mainly Python. The stack also includes Python, DNS.

What license does dnstwist use?

No license information is available from the sources provided.

How hard is dnstwist to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is dnstwist for?

Mainly ops devops.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.