macOS
brew install dnstwistlocal Homebrew formula metadata
brew
Test domains for typo squatting, phishing and corporate espionage. Version 20250130 via Homebrew; verified 2026-06-15.
install
brew install dnstwistlocal Homebrew formula metadata
sudo apk add dnstwistAlpine Linux edge package indexes · dnstwist · source: dl-cdn.alpinelinux.org
sudo apt install dnstwistDebian stable package indexes · dnstwist · source: deb.debian.org
sudo dnf install dnstwistFedora Rawhide package metadata · dnstwist · source: dl.fedoraproject.org
nix profile install nixpkgs#dnstwistnixpkgs package indexes · pkgs/by-name/dn/dnstwist/package.nix · source: api.github.com
overview
Test domains for typo squatting, phishing and corporate espionage
history
dnstwist is a domain permutation and phishing-domain scanner used for typosquatting, homograph, brand impersonation, and targeted threat-intelligence workflows. It turns the old manual question of 'what lookalike domains exist?' into a repeatable CLI, API, and web workflow.
The GitHub repository was created in June 2015, and the first GitHub release, v1.00, was published in October 2015. The official README presents the tool as a way to find lookalike domains that adversaries can use for typosquatting, phishing, fraud, and brand impersonation.
Over time dnstwist grew beyond simple domain permutation. The README documents Unicode and homoglyph handling, dictionary and TLD permutation files, multithreaded lookups, fuzzy HTML similarity with ssdeep or TLSH, screenshot similarity with pHash, rogue MX detection, GeoIP, CSV/JSON export, a Python API, Docker images, and the dnstwist.it web scanner.
dnstwist has unusually strong adoption for a command-line security tool. The README documents installation through pip, Git, Debian/Ubuntu/Kali, Fedora, AUR, Homebrew, and Docker, and says the scanner is used by SOC and incident-response teams, independent analysts, and many named security products and services.
Users run dnstwist against a domain, often with --registered to reduce the output to live domains, then inspect DNS, MX, GeoIP, web similarity, screenshot similarity, or exported CSV/JSON results. The tool can also be imported from Python through dnstwist.run for automated monitoring or enrichment pipelines.
dnstwist is package-nerd significant because it packages a security research workflow into a normal installable CLI while still offering optional heavyweight capabilities such as GeoIP databases, headless Chromium screenshots, fuzzy hashing libraries, Docker images, and a web scanner.
security posture
No matching local secret-handling manifest was found for dnstwist. Nucleus package metadata is still published here so future coverage has a stable package URL.
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
dnstwist | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
install metadata
| Package key | brew:dnstwist |
|---|---|
| Version | 20250130 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/dnstwist |
| Homepage | https://dnstwist.it |
| Repository | https://github.com/elceef/dnstwist |
| Upstream docs | https://github.com/elceef/dnstwist#readme |
| License | Apache-2.0 |
| Source archive | https://files.pythonhosted.org/packages/e7/0e/88b4c5c7f3077c0d2e8544a14e321fce80b3cf0148a46dec9724e27c61d3/dnstwist-20250130.tar.gz |
| Last updated | 2026-06-15T10:20:15-04:00 |
| Pulse | updated |
| Dependencies | certifi, libmaxminddb, python@3.14, ssdeep |
| Build dependencies | rust |
| Uses from macOS | libffi |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | dnstwist |
| Version Scheme | 0 |
| Revision | 11 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
dnstwist 0~20250130-1
Domain name permutation engine
https://github.com/elceef/dnstwist
sudo apt install dnstwistdnstwist
nix profile install nixpkgs#dnstwistdnstwist 0~20240116-1
Domain name permutation engine
https://github.com/elceef/dnstwist
sudo apt install dnstwistdnstwist 20250130-r1
Domain name permutation engine
sudo apk add dnstwistdnstwist-dictionaries 20250130-r1
Dictionaries for dnstwist
sudo apk add dnstwist-dictionariesdnstwist-pyc 20250130-r1
Precompiled Python bytecode for dnstwist
sudo apk add dnstwist-pycdnstwist 20250130-4.fc44
Domain name permutation engine
https://github.com/elceef/dnstwist/
sudo dnf install dnstwistsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.