dnstwist
Installation
섹션 제목: “Installation”From PyPI
섹션 제목: “From PyPI”pip install dnstwistFrom Source
섹션 제목: “From Source”git clone https://github.com/elceef/dnstwist.git
cd dnstwist
pip install -e .Docker
섹션 제목: “Docker”docker run -it elceef/dnstwist dnstwist example.comRequirements
섹션 제목: “Requirements”- Python 3.7+
dnspython— DNS resolutionrequests— HTTP requestsurllib3— URL parsingGeoIP2database (optional, for geolocation)
Basic Usage
섹션 제목: “Basic Usage”Simple Permutation Check
섹션 제목: “Simple Permutation Check”dnstwist example.comCheck and Resolve DNS
섹션 제목: “Check and Resolve DNS”dnstwist -r example.comExtended Output with Registered Domains
섹션 제목: “Extended Output with Registered Domains”dnstwist -r --registered example.comVerbose Mode
섹션 제목: “Verbose Mode”dnstwist -v example.comPermutation Types
섹션 제목: “Permutation Types”Bitsquatting
섹션 제목: “Bitsquatting”Domain names differing by single bit flip in DNS wire format.
dnstwist --bitsquatting example.comHomoglyph Attack
섹션 제목: “Homoglyph Attack”Visually similar characters (e.g., rn → m, 0 → O).
dnstwist --homoglyph example.comInsertion
섹션 제목: “Insertion”Add characters within domain name.
dnstwist --insertion example.comOmission
섹션 제목: “Omission”Remove single characters from domain.
dnstwist --omission example.comRepetition
섹션 제목: “Repetition”Double consecutive characters.
dnstwist --repetition example.comReplacement
섹션 제목: “Replacement”Replace characters with similar ones.
dnstwist --replacement example.comTransposition
섹션 제목: “Transposition”Swap adjacent characters.
dnstwist --transposition example.comVowel Swap
섹션 제목: “Vowel Swap”Replace vowels with other vowels.
dnstwist --vowelswap example.comAddition
섹션 제목: “Addition”Add common TLD variations and prefixes/suffixes.
dnstwist --addition example.comHyphenation
섹션 제목: “Hyphenation”Add hyphens at various positions.
dnstwist --hyphenation example.comAll Permutation Types
섹션 제목: “All Permutation Types”dnstwist -a example.comDNS Resolution
섹션 제목: “DNS Resolution”Resolve A Records
섹션 제목: “Resolve A Records”dnstwist -r example.comResolve AAAA Records (IPv6)
섹션 제목: “Resolve AAAA Records (IPv6)”dnstwist -r --aaaa example.comResolve with Specific Nameserver
섹션 제목: “Resolve with Specific Nameserver”dnstwist -r -ns 8.8.8.8 example.comCheck Registration Status
섹션 제목: “Check Registration Status”dnstwist --registered example.comVerify DNSSEC
섹션 제목: “Verify DNSSEC”dnstwist -r --dnssec example.comMX Record Checking
섹션 제목: “MX Record Checking”Detect MX Records
섹션 제목: “Detect MX Records”dnstwist -r example.com | grep MXFull MX Verification
섹션 제목: “Full MX Verification”dnstwist -r --mx example.comMail Server Analysis
섹션 제목: “Mail Server Analysis”dnstwist -r -mx example.com | head -20GeoIP Lookup
섹션 제목: “GeoIP Lookup”Enable GeoIP Resolution
섹션 제목: “Enable GeoIP Resolution”dnstwist -r --geoip example.comDownload GeoIP2 Database
섹션 제목: “Download GeoIP2 Database”# Requires MaxMind account
curl https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=YOUR_KEY&suffix=tar.gz -o geolite2.tar.gz
tar xzf geolite2.tar.gzUse Custom GeoIP Database
섹션 제목: “Use Custom GeoIP Database”dnstwist -r --geoip --db /path/to/GeoLite2-City.mmdb example.comWeb Page Similarity Detection
섹션 제목: “Web Page Similarity Detection”Fuzzy Hash Comparison
섹션 제목: “Fuzzy Hash Comparison”dnstwist -r --ssdeep example.comDetect Phishing Pages
섹션 제목: “Detect Phishing Pages”dnstwist -r --ssdeep --verify example.comHTTP Banner Grabbing
섹션 제목: “HTTP Banner Grabbing”dnstwist -r --http example.comHTTPS Certificate Analysis
섹션 제목: “HTTPS Certificate Analysis”dnstwist -r --cert example.comOutput Formats
섹션 제목: “Output Formats”CSV Output
섹션 제목: “CSV Output”dnstwist -r --csv example.com > results.csvJSON Output
섹션 제목: “JSON Output”dnstwist -r --json example.com > results.jsonList Format (Default)
섹션 제목: “List Format (Default)”dnstwist -r example.com > results.txtDomain Names Only
섹션 제목: “Domain Names Only”dnstwist example.com | cut -d' ' -f1Registered Domains Only
섹션 제목: “Registered Domains Only”dnstwist -r example.com | grep -E "^[a-z].*\[" | cut -d' ' -f1Dictionary-Based Generation
섹션 제목: “Dictionary-Based Generation”Add Dictionary Words
섹션 제목: “Add Dictionary Words”dnstwist -w /path/to/wordlist.txt example.comGenerate with Common Dictionary
섹션 제목: “Generate with Common Dictionary”dnstwist -w /usr/share/dict/words example.comDictionary-Only Mode
섹션 제목: “Dictionary-Only Mode”dnstwist -w wordlist.txt --dictionary-only example.comWordlist Format
섹션 제목: “Wordlist Format”# One word per line
malware
phishing
security
adminCombine with Permutations
섹션 제목: “Combine with Permutations”dnstwist -w wordlist.txt -a example.comWHOIS Lookups
섹션 제목: “WHOIS Lookups”Basic WHOIS Query
섹션 제목: “Basic WHOIS Query”dnstwist -r example.com | grep WHOISRegistrar Information
섹션 제목: “Registrar Information”whois examplee.comBulk WHOIS Batch
섹션 제목: “Bulk WHOIS Batch”dnstwist -r --whois example.comMonitoring and Automation
섹션 제목: “Monitoring and Automation”Run Periodic Checks (Bash Loop)
섹션 제목: “Run Periodic Checks (Bash Loop)”while true; do
dnstwist -r --json example.com > check_$(date +%s).json
sleep 3600 # Check hourly
doneContinuous Monitoring with cron
섹션 제목: “Continuous Monitoring with cron”# Add to crontab -e
0 * * * * /usr/local/bin/dnstwist -r --json example.com >> /var/log/dnstwist.logReal-Time Monitoring Script
섹션 제목: “Real-Time Monitoring Script”#!/bin/bash
domain="example.com"
baseline=$(dnstwist -r --json "$domain")
while true; do
current=$(dnstwist -r --json "$domain")
if [ "$baseline" != "$current" ]; then
echo "Change detected at $(date)" | mail -s "dnstwist Alert" admin@example.com
baseline="$current"
fi
sleep 300
doneLog Results to Database
섹션 제목: “Log Results to Database”dnstwist -r --json example.com | jq . | sqlite3 dnstwist.dbAPI and CI Integration
섹션 제목: “API and CI Integration”JSON API Output for Integration
섹션 제목: “JSON API Output for Integration”dnstwist -r --json example.com | jq '.[] | select(.dns_a != null)'Parse JSON Results
섹션 제목: “Parse JSON Results”dnstwist -r --json example.com | jq '.[] | {domain, dns_a, dns_aaaa, whois_created}'Filter Registered Domains
섹션 제목: “Filter Registered Domains”dnstwist -r --json example.com | jq '.[] | select(.dns_a != null) | .domain'GitHub Actions Integration
섹션 제목: “GitHub Actions Integration”name: dnstwist Security Check
on: [schedule]
jobs:
dnstwist:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-python@v2
- run: pip install dnstwist
- run: dnstwist -r --json example.com > results.json
- uses: actions/upload-artifact@v2
with:
name: dnstwist-results
path: results.jsonGitLab CI Integration
섹션 제목: “GitLab CI Integration”dnstwist_scan:
image: python:3.9
script:
- pip install dnstwist
- dnstwist -r --json example.com > results.json
artifacts:
paths:
- results.jsonJenkins Pipeline
섹션 제목: “Jenkins Pipeline”pipeline {
stages {
stage('dnstwist Scan') {
steps {
sh 'pip install dnstwist'
sh 'dnstwist -r --json example.com > results.json'
archiveArtifacts artifacts: 'results.json'
}
}
}
}Advanced Options
섹션 제목: “Advanced Options”Custom Threads for Parallel Resolution
섹션 제목: “Custom Threads for Parallel Resolution”dnstwist -r --threads 10 example.comSet DNS Query Timeout
섹션 제목: “Set DNS Query Timeout”dnstwist -r --timeout 2 example.comName Server Configuration
섹션 제목: “Name Server Configuration”dnstwist -r -ns 1.1.1.1 example.comDisable DNSSEC Validation
섹션 제목: “Disable DNSSEC Validation”dnstwist -r --no-dnssec example.comQuiet Mode (Minimal Output)
섹션 제목: “Quiet Mode (Minimal Output)”dnstwist -q example.comTypical Workflows
섹션 제목: “Typical Workflows”Complete Phishing Investigation
섹션 제목: “Complete Phishing Investigation”dnstwist -r -a --ssdeep --geoip --json example.com > investigation.jsonMonitor High-Risk Domains
섹션 제목: “Monitor High-Risk Domains”for domain in company.com company.org company.net; do
echo "=== $domain ==="
dnstwist -r --registered "$domain"
doneGenerate Squatting Report
섹션 제목: “Generate Squatting Report”dnstwist -r --csv -a example.com > squatting_report.csv
# Then import into spreadsheet for analysisCheck Permutations Without Resolution
섹션 제목: “Check Permutations Without Resolution”dnstwist example.com | wc -l # Total permutations
dnstwist example.com # List all potential domainsFind Only Suspicious Registrations
섹션 제목: “Find Only Suspicious Registrations”dnstwist -r example.com | grep -E "\[A\]|\[MX\]" | grep -v "$(dig +short example.com)"Performance Tips
섹션 제목: “Performance Tips”- Reduce Threads for API Rate Limits:
--threads 2on restricted networks - Skip DNS Verification: Remove
-rflag for faster enumeration - Filter by Permutation Type: Use specific flags instead of
-ato reduce output - Export to CSV Early: Process data in spreadsheet tools rather than terminal
- Batch Multiple Domains: Create script to iterate and append to single JSON
Common Issues
섹션 제목: “Common Issues”DNS Timeout
섹션 제목: “DNS Timeout”# Increase timeout value
dnstwist -r --timeout 5 example.comRate Limiting
섹션 제목: “Rate Limiting”# Add delay between requests
dnstwist -r --threads 1 example.comGeoIP Database Not Found
섹션 제목: “GeoIP Database Not Found”# Ensure database is in expected location
dnstwist -r --geoip --db ~/GeoLite2-City.mmdb example.comMemory Usage with Large Wordlists
섹션 제목: “Memory Usage with Large Wordlists”# Process in chunks instead
split -l 1000 wordlist.txt chunk_
for chunk in chunk_*; do
dnstwist -w "$chunk" example.com
doneSecurity Best Practices
섹션 제목: “Security Best Practices”- Responsible Disclosure: Only test domains you own or have authorization for
- Rate Limiting: Respect DNS provider rate limits and ISP policies
- Logging: Enable verbose mode during investigations for audit trails
- Automation Consent: Inform stakeholders of automated monitoring
- Data Privacy: Securely store results containing sensitive information
- Legal Compliance: Verify domain monitoring is within acceptable use policies