https://github.com/hazcod/dnstwist
A tool to monitor for potential spear phishing domains and send to Slack.
https://github.com/hazcod/dnstwist
detection dnstwist phishing typosquat
Last synced: 9 months ago
JSON representation
A tool to monitor for potential spear phishing domains and send to Slack.
- Host: GitHub
- URL: https://github.com/hazcod/dnstwist
- Owner: hazcod
- License: apache-2.0
- Created: 2022-12-29T09:47:58.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-02-08T04:57:57.000Z (over 2 years ago)
- Last Synced: 2025-04-19T19:08:42.879Z (about 1 year ago)
- Topics: detection, dnstwist, phishing, typosquat
- Language: Go
- Homepage:
- Size: 76.2 KB
- Stars: 22
- Watchers: 2
- Forks: 3
- Open Issues: 11
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
# dnstwist
This is a tool that will fetch potential typo-squatting or IDN domains which could be targeting your domain for spear phishing.
Permutations will be fetched from https://dnstwist.it/.
It will take into account the registration and/or last updated WHOIS information and a potential whitelist.
Domains identified can be sent to Slack for automated alert purposes.
## Usage
First create a configuration file:
```yaml
# log settings, optional
log:
# log level to use
level: info
# the domains you'd like to monitor, required
domains:
# domain(s) to monitor
watchlist: [domain.com]
# any domains to ignore
whitelist: []
# domains created in the last week
created_since: 168h
# send alerts to a Slack channel, optional
slack:
# slack channel webhook
webhook: https://hooks.slack.com/services/XXX
```
And then run the tool:
```shell
% dnstwist -config=config.yml
```
You can also set configuration values via environment variables:
```shell
% LOG_LEVEL=info DOMAIN_WATCHLIST=domain.com SLACK_WEBHOOK=xxx dnstwist
```
And use it with the Docker image!
```shell
% docker run -ti --rm -e "DOMAIN_WATCHLIST=domain.com" -e "SLACK_WEBHOOK=xxx" ghcr.io/hazcod/dnstwist/dnstwist:latest
```