https://github.com/netevert/dnsmorph

Domain name permutation engine written in Go
https://github.com/netevert/dnsmorph

dns domains go golang penetration-testing pentest-tool permutation-algorithms permutations phishing phishing-attacks phishing-sites threat-intelligence threatintel typosquatting

Last synced: 3 months ago
JSON representation

Domain name permutation engine written in Go

• Host: GitHub
• URL: https://github.com/netevert/dnsmorph
• Owner: netevert
• License: mit
• Created: 2018-02-20T19:13:35.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2023-08-08T06:38:59.000Z (almost 2 years ago)
• Last Synced: 2025-03-31T06:06:54.891Z (3 months ago)
• Topics: dns, domains, go, golang, penetration-testing, pentest-tool, permutation-algorithms, permutations, phishing, phishing-attacks, phishing-sites, threat-intelligence, threatintel, typosquatting
• Language: Go
• Homepage:
• Size: 203 MB
• Stars: 265
• Watchers: 22
• Forks: 43
• Open Issues: 11
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

        
![Icon](https://github.com/netevert/dnsmorph/blob/master/docs/icon.png)

==================================================================

[![baby-gopher](https://raw.githubusercontent.com/drnic/babygopher-site/gh-pages/images/babygopher-logo-small.png)](http://www.babygopher.org)

[![GitHub release](https://img.shields.io/github/release/netevert/dnsmorph.svg?style=flat-square)](https://github.com/netevert/dnsmorph/releases)

![GitHub All Releases](https://img.shields.io/github/downloads/netevert/dnsmorph/total.svg?style=flat-square)

DNSMORPH is a domain name permutation engine, inspired by [dnstwist](https://github.com/elceef/dnstwist). It is written in [Go](https://golang.org/) making for a compact and **very** fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options to tune permutation runs. 

![demo](https://github.com/netevert/dnsmorph/blob/master/docs/demo.gif)

DNSMORPH includes the following domain permutation attack types:

- Homograph attack (both on single and duplicate characters)

- Bitsquat attack

- Hyphenation attack

- Omission attack

- Repetition attack

- Replacement attack

- Subdomain attack

- Transposition attack

- Vowel swap attack

- Addition attack

- Doppelganger attack

Installation

============

There are two ways to install dnsmorph on your system:

1. Downloading the pre-compiled binaries for your platform from the [latest release page](https://github.com/netevert/dnsmorph/releases) and extracting in a directory of your choosing.

2. Downloading and compiling the source code yourself by running the following commands:

    - ```go get -v github.com/netevert/dnsmorph```

    - `cd /$GOPATH/src/github.com/netevert/dnsmorph`

    - `go get -v ./...`

    - `go build`

An Arch Linux package is also [available](https://aur.archlinux.org/packages/dnsmorph/).

Usage

========

Usage menu output



    dnsmorph -d domain | -l domains_file [-girvuw] [-csv | -json]

      -csv

            output to csv

      -d string

            target domain

      -g    geolocate domain

      -i    include subdomain

      -json

            output to json

      -l string

            domain list filepath

      -n    idna format homograph domain

      -r    resolve domain

      -u    update check

      -v    enable verbosity

      -w    whois lookup



Run attacks against a target domain



    ./dnsmorph -d amazon.com

![demo](https://github.com/netevert/dnsmorph/blob/master/docs/simple_permutation.gif)



Run attacks against a list of domains



    ./dnsmorph -l domains.txt

![demo](https://github.com/netevert/dnsmorph/blob/master/docs/list_permutation.gif)



Include subdomain in attack



    ./dnsmorph -d staging.amazon.com -i

![demo](https://github.com/netevert/dnsmorph/blob/master/docs/subdomain_permutation.gif)



Run dns resolutions against permutated domains



    ./dnsmorph -d amazon.com -r

![demo](https://github.com/netevert/dnsmorph/blob/master/docs/resolution.gif)



Run geolocation against permutated domains



    ./dnsmorph -d amazon.com -g

![demo](https://github.com/netevert/dnsmorph/blob/master/docs/geolocation.gif)



Run whois lookup against permutated domains



    ./dnsmorph -d amazon.com -w

![demo](https://github.com/netevert/dnsmorph/blob/master/docs/whois_lookup.gif)



Output results to csv or json



    ./dnsmorph -d amazon.com -r -g -csv

    ./dnsmorph -d amazon.com -r -g -json

![demo](https://github.com/netevert/dnsmorph/blob/master/docs/write_to_file.gif)



Activate verbose output



    ./dnsmorph -d staging.amazon.com -v

![demo](https://github.com/netevert/dnsmorph/blob/master/docs/verbose_output.gif)





License

=======

Distributed under the terms of the [MIT](http://www.linfo.org/mitlicense.html) license, DNSMORPH is free and open

source software written and maintained with ❤ by NetEvert.

This tool includes GeoLite2 data created by MaxMind, available from [maxmind.com](https://www.maxmind.com).

Versioning

==========

This project adheres to [Semantic Versioning](https://semver.org/).

Like it?

=========

If you like the tool please consider [contributing](https://github.com/netevert/dnsmorph/blob/master/CONTRIBUTING.md).

The tool received a few "honourable" mentions, including:

- [KitPloit](https://www.kitploit.com/2018/05/dnsmorph-domain-name-permutation-engine.html)

- [Seclist](http://seclist.us/dnsmorph-is-a-domain-name-permutation-engine.html)

- [HackPlayers](https://www.hackplayers.com/2018/05/dnsmorph-permutacion-dominios.html)

- [Segu-Info](https://blog.segu-info.com.ar/2018/05/dnsmorph-herramienta-de-permutacion-de.html)

- [True Blue IT - Security Review](http://news.security-intelligence.info/?edition_id=c6f2e150-998f-11e9-a7d8-0cc47a0d15fd#/science)