Is Your Domain Name Being Exploited? Find out with DNStwister
26 February 2021
Utilising free tools such as DNStwister to seek out domain name permutations can protect your organisation from typosquatting-based phishing attacks and IP infringement. Its process is simple; DNStwister takes a domain name as input and uses various algorithms to generate a list of potential phishing domains and checks to see if they are registered.
For example, you search for Secrutiny, and a domain very similar to www.secrutiny.com appears; however, it is a spoof website that hoodwinks users into clicking due to its substantial similarity with the genuine domain. This same domain could then be used for phishing, URL hijacking, fraud or corporate espionage. Additionally, dnstwister can test whether the MX host (mail server) can be utilised to intercept misdirected emails.
Secrutiny’s Security Operations Analyst and Developer, Dan Craven, said: “DNStwister can be a very helpful tool in seeing what your current potential phishing vectors are. It also works as a preventative step to see what domains are similar, which you may want to purchase to prevent others from launching domain attacks against your business, including some examples which may have been overlooked. Take Secrutiny…
- secrutinÿ.com (xn--secrutin-56a.com)
- secrutinʏ.com (xn--secrutin-04d.com)
- secrutiný.com (xn--secrutin-n6a.com)
…we can see that by throwing in some other languages that you could have a very similar phishing domain which would be quite a convincing URL to be used either against your business, customers or supply chain.”
DNStwister’s email notification set-up means you don’t have to keep returning to the website to conduct searches. Via email, DNStwister will alert you within 24-hours if a new domain has been registered similar to yours, if an existing domain has altered its IP address, or has been unregistered. There is also the option to ‘ignore domains that change all the time’; this reduces important alerts getting lost in the noise.
As a Technical Consultant at Secrutiny, Jeremy Hughes is mindful that spoofed domains could lead to (at a minimum) reputational damage. He uses DNStwister with his clients due to its speed, simple functionality, and ability to provide an API to automate the process.
Other key features of DNStwister include:
- GeoIP location information.
- Extra domain deviations via dictionary files.
- Ability to catch HTTP and SMTP service banners.
- Multithreaded job distribution.
- Output in CSV and JSON format.
- Live phishing webpage detection.
- A myriad of efficient domain fuzzing algorithms.
Find out if your domain name is being exploited by heading to dnstwister, and subscribing to receive regular alerts.
EDR/NDR/XDR – It’s time we explained the differences, removed the fog, and identified the gaps and, therefore, the blind spots.
It’s World Backup Day 2021, a simple reminder that it is always better to have a second copy. Read our verdict on the importance of data backups and best practices to protect your organisation’s data.
Recent exploitations of on-premises Microsoft Exchange Server products have been highlighted starting around Mar-3rd utilising zero-day exploits. If exploited, attackers could execute arbitrary code on vulnerable Exchange Servers; this allows attackers to gain persistent system level access to the servers, mailbox accesses and credential level access on the Exchange server.