docs > FAQ
What is dnstwister?
dnstwister generates a list of domain names that are similar to one that you provide, checking to see if any of them are registered with DNS A or MX records.
A search for 'example.com' will generate a list with domains like:
- cxample.com
- éxample.com (xn--xample-9ua.com)
- wwexample.com
- 4xample.com
As well many others.
Each one of those domains is "similar" to 'example.com' because it only differs by a small aspect. For instance, '4xample.com' is in the list because '4' and 'e' are close on the keyboard and a mistyping of 'example.com' could result in '4xample.com'. A modified version of Marcin Ulikowski's dnstwist DNS fuzzing library forms the backbone of this domain list generation algorithm.
dnstwister then attempts to resolve DNS A and MX records for each similar domain, the existence of either of these DNS records being an indication that the domain has been registered.
Why use dnstwister?
dnstwister can tell you if someone may be using a domain like yours for malicious purposes like phishing or trademark infringement.
As an example, as the owner of the domain dnstwister.report I would be very interested to know if someone registered the ‘dnstw1ster.report’ domain and started sending malicious password-reset emails to users.
dnstwister makes it trivial to answer that exact question.
Why should I subscribe for dnstwister alerts?
So you don’t have to keep coming back and running searches, dnstwister can also alert you via email within 24 hours if a new domain is registered like yours, if an existing domain has changed IP address or has even been unregistered.
See our subscriptions documentation and plan options.
What is difference between "dnstwister" and "dnstwist"?
dnstwist is a Python DNS fuzzing threat intelligence tool built by Marcin Ulikowski.
dnstwister started life in 2015 as an open-source effort to greatly broaden the audience of dnstwist by offering it's power through a web interface. Over time this open source effort forked into the SaaS offering dnstwister.report is today with the addition of a subscription-based alerting service.
dnstwister uses a modified version of the dnstwist library as part of its core still, as well as a JavaScript reimplementation for some features. In keeping with the dnstwist's Apache licence, the version of the dnstwist Python library currently used by dnstwister is always available here on GitHub.