# Install dnstwist with Homebrew, apk, apt, dnf, Nix

Test domains for typo squatting, phishing and corporate espionage. Version 20250130 via Homebrew; verified 2026-06-15.

## Install

```sh
sudo av install brew:dnstwist
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install dnstwist
```

  Evidence: local Homebrew formula metadata

### Linux

- apk (92%):

```sh
sudo apk add dnstwist
```

  Evidence: Alpine Linux edge package indexes: dnstwist from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz

- Debian apt (92%):

```sh
sudo apt install dnstwist
```

  Evidence: Debian stable package indexes: dnstwist from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- dnf (92%):

```sh
sudo dnf install dnstwist
```

  Evidence: Fedora Rawhide package metadata: dnstwist from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

- Nix (92%):

```sh
nix profile install nixpkgs#dnstwist
```

  Evidence: nixpkgs package indexes: pkgs/by-name/dn/dnstwist/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:dnstwist
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/dnstwist>
- **Version:** 20250130
- **Source summary:** Test domains for typo squatting, phishing and corporate espionage
- **Homepage:** <https://dnstwist.it>
- **Repository:** <https://github.com/elceef/dnstwist>
- **Upstream docs:** <https://github.com/elceef/dnstwist#readme>
- **License:** Apache-2.0
- **Source archive:** <https://files.pythonhosted.org/packages/e7/0e/88b4c5c7f3077c0d2e8544a14e321fce80b3cf0148a46dec9724e27c61d3/dnstwist-20250130.tar.gz>
- **Last updated:** 2026-06-15T10:20:15-04:00
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- dnstwist (cli)
- dnstwist (alias)

## Dependencies

- certifi
- libmaxminddb
- python@3.14
- ssdeep

## Build dependencies

- rust

## Uses from macOS

- libffi

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 20250130
- Package-manager updated: 2026-06-15
- Local data: ok
- Upstream repository: https://dnstwist.it
- info: Release/tag comparison is only available for GitHub repositories.
## Project history and usage

dnstwist is a domain permutation and phishing-domain scanner used for typosquatting, homograph, brand impersonation, and targeted threat-intelligence workflows. It turns the old manual question of 'what lookalike domains exist?' into a repeatable CLI, API, and web workflow.

### Project history

The GitHub repository was created in June 2015, and the first GitHub release, v1.00, was published in October 2015. The official README presents the tool as a way to find lookalike domains that adversaries can use for typosquatting, phishing, fraud, and brand impersonation.

Over time dnstwist grew beyond simple domain permutation. The README documents Unicode and homoglyph handling, dictionary and TLD permutation files, multithreaded lookups, fuzzy HTML similarity with ssdeep or TLSH, screenshot similarity with pHash, rogue MX detection, GeoIP, CSV/JSON export, a Python API, Docker images, and the dnstwist.it web scanner.

### Adoption history

dnstwist has unusually strong adoption for a command-line security tool. The README documents installation through pip, Git, Debian/Ubuntu/Kali, Fedora, AUR, Homebrew, and Docker, and says the scanner is used by SOC and incident-response teams, independent analysts, and many named security products and services.

### How it is used

Users run dnstwist against a domain, often with --registered to reduce the output to live domains, then inspect DNS, MX, GeoIP, web similarity, screenshot similarity, or exported CSV/JSON results. The tool can also be imported from Python through dnstwist.run for automated monitoring or enrichment pipelines.

### Why package nerds care

dnstwist is package-nerd significant because it packages a security research workflow into a normal installable CLI while still offering optional heavyweight capabilities such as GeoIP databases, headless Chromium screenshots, fuzzy hashing libraries, Docker images, and a web scanner.

### Timeline

- 2015: GitHub repository created.
- 2015: First GitHub release, v1.00, published.
- 2025: Release 20250130 published.
- 2025: GitHub metadata shows continued repository activity.
- 2026: Homebrew still carries dnstwist as a packaged security CLI.

### Related projects

- The README names ssdeep, TLSH, pHash, GeoIP2, and Chromium as optional analysis components. It also lists integrations or downstream use in Splunk, SpiderFoot, Maltego, Intel Owl, CISA Crossfeed, Rapid7 InsightConnect SOAR, Palo Alto Cortex XSOAR, Fortinet FortiSOAR, and other security platforms.

### Sources

- <https://github.com/elceef/dnstwist/blob/master/docs/README.md>
- <https://dnstwist.it/>
- <https://api.github.com/repos/elceef/dnstwist>
- <https://api.github.com/repos/elceef/dnstwist/releases?per_page=100>
- <https://formulae.brew.sh/formula/dnstwist>


## Security Notes

No matching local secret-handling manifest was found for dnstwist. Nucleus package metadata is still published here so future coverage has a stable package URL.


## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** dnstwist
- **Version Scheme:** 0
- **Revision:** 11
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Debian apt - dnstwist - 0~20250130-1: normalized package name match | Debian stable package indexes: dnstwist from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Domain name permutation engine | https://github.com/elceef/dnstwist
- Nix - dnstwist: normalized package name match | nixpkgs package indexes: pkgs/by-name/dn/dnstwist/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - dnstwist - 0~20240116-1: normalized package name match | Ubuntu 24.04 LTS package indexes: dnstwist from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | Domain name permutation engine | https://github.com/elceef/dnstwist
- apk - dnstwist - 20250130-r1: normalized package name match | Alpine Linux edge package indexes: dnstwist from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | Domain name permutation engine | https://dnstwist.it
- apk - dnstwist-dictionaries - 20250130-r1: normalized package name match | Alpine Linux edge package indexes: dnstwist-dictionaries from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | Dictionaries for dnstwist | https://dnstwist.it
- apk - dnstwist-pyc - 20250130-r1: normalized package name match | Alpine Linux edge package indexes: dnstwist-pyc from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | Precompiled Python bytecode for dnstwist | https://dnstwist.it
- dnf - dnstwist - 20250130-4.fc44: normalized package name match | Fedora Rawhide package metadata: dnstwist from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Domain name permutation engine | https://github.com/elceef/dnstwist/


## Related links

- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [Homebrew utility packages](https://www.automicvault.com/pkg/brew-utility-packages/) - Matched Homebrew package provider.
- [libmaxminddb](https://www.automicvault.com/pkg/brew/libmaxminddb/) - Runtime dependency declared by Homebrew.
- [python@3.14](https://www.automicvault.com/pkg/brew/python-3-14/) - Runtime dependency declared by Homebrew.
- [ssdeep](https://www.automicvault.com/pkg/brew/ssdeep/) - Runtime dependency declared by Homebrew.
- [rust](https://www.automicvault.com/pkg/brew/rust/) - Build dependency declared by Homebrew.
- [findomain](https://www.automicvault.com/pkg/brew/findomain/) - Shares av.db curated category or tags: cli, dns, osint, security.
- [dnsgen](https://www.automicvault.com/pkg/brew/dnsgen/) - Shares av.db curated category or tags: cli, dns, security.
- [dnsmap](https://www.automicvault.com/pkg/brew/dnsmap/) - Shares av.db curated category or tags: cli, dns, security.
- [fierce](https://www.automicvault.com/pkg/brew/fierce/) - Shares av.db curated category or tags: cli, dns, security.
- [shuffledns](https://www.automicvault.com/pkg/brew/shuffledns/) - Shares av.db curated category or tags: cli, dns, security.
- [dnsrobocert](https://www.automicvault.com/pkg/brew/dnsrobocert/) - Shares av.db curated category or tags: cli, dns, security.
- [iocextract](https://www.automicvault.com/pkg/brew/iocextract/) - Shares av.db curated category or tags: cli, security, threat-intelligence.
- [amass](https://www.automicvault.com/pkg/brew/amass/) - Shares av.db curated category or tags: cli, osint, security.

## Combined YAML source

View the package source record on GitHub. [combined/dnstwist.yml](https://github.com/automic-vault/db/blob/main/combined/dnstwist.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
