search

elceef / dnstwist

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
https://dnstwist.it
Apache License 2.0
4.76k stars 761 forks source link

Mixed parameter use, sometimes different results, and more questions. #136

Closed goro22052 closed 1 year ago

goro22052 commented 2 years ago

Hi,

  1. Thank you for your really cool product.
  2. Please help me with some questions: a) How I can use options --tld and all mutations together. for example in result: domain.com domain.com.ua domain.org domain.org.ua domuin.com domuin.com.ua dimain.org.ua b) I use your product and count the numbers of strings in the result and compare the previous count of string and a new count of string. When changed I send the alarm. But sometimes I see flapping in the results, one or two domain disappears and appears in the results... Why? How can i avoid this?
goro22052 commented 2 years ago

addition... I always get only one vowel-swap as a result for example tld-swap domAin.com tld-swap domAin.com.ua vowel-swap domOin.com

but I knew about exist domain domOin.cf Why I don't see domOin.cf as result?

elceef commented 2 years ago

Unfortunately, the tool only swaps TLD from a dictionary. When it comes to re-appearing domain permutations, I recommend discarding the ones with ServFail responses. You might also consider increasing REQUEST_TIMEOUT_DNS.

goro22052 commented 2 years ago

Where can I increase REQUEST_TIMEOUT_DNS? on my DNS server? on my Linux system? or on dnstwist?

elceef commented 2 years ago

It's internal constant. You need to modify the source code. I do no recommend setting it more than 5 seconds.