What is this?
Spoofpoint is a domain monitoring tool that allows you to generate domains names one character off of your domain that could have been registered by an attacker attempting to get a domain that looks like yours, check a single domain to see if it is registered, or check a precompiled list of domains to see if they exist.
Install
Debian
sudo apt-get install whois bind9-dnsutils
git clone https://github.com/grahamhelton/spoofpoint
cd spoofpoint
./spoofpoint -i <inputlist> -d <singledomain>
Arch
sudo pacman -S whois bind9-dnsutils
git clone https://github.com/grahamhelton/spoofpoint
cd spoofpoint
./spoofpoint -i <inputlist> -d <singledomain>
Usage
Generate domains names one character off of your domain that could have been registered by an attacker attempting to get a domain that looks like yours.
./spoofpoint -g <yourdomain.com>
Check a list of domains your already have.
./spoofpoint -i <yourdomain.com>
Check a single domain
./spoofpoint -d <yourdomain.com>
Who is this meant for?
This is meant for people who are tasked with defending an organization from potential phishing attacks via spoofed domains. There are more advanced free tools out there that use python to generate permutations of your domain such as dnstwist but this tool is a super quick and super lightweight to check up on some domains you are worried about.
Why is this better than <insert big comany's domain monitor tool>
It's probably not, but it does 95% of what those big companies do except it can be done for free in under 5 minutes.
Here are some free tools made by people in the community that are also cool!
- spoofable <- Python from C0nd4
- PSGet-Domain-MailInfo <- Powershell from dotBATmanNO