Analyzing Typosquatting Domains With Dnstwist
Run dnstwist-style typosquatting domain analysis to find look-alike domains that could phish users or squat your brand before or after launch.
Overview
analyzing-typosquatting-domains-with-dnstwist is an agent skill most often used in Ship (also Idea research and Operate monitoring) that walks through dnstwist-based typosquatting domain discovery for brand and phishing
Install
npx skills add https://github.com/mukul975/anthropic-cybersecurity-skills --skill analyzing-typosquatting-domains-with-dnstwistWhat is this skill?
- Focused on analyzing typosquatting permutations with the dnstwist workflow
- Supports brand-protection reviews for solo SaaS and API products with public domains
- Fits Anthropic cybersecurity skills collection for agent-guided offensive-adjacent recon
- Use before launch to enumerate risky cousin domains and after incidents to expand hunts
- Pairs with DNS monitoring and registrar alerts—not a replacement for legal takedown process
Adoption & trust: 1 installs on skills.sh; 14.9k GitHub stars; 2/3 security scanners passed (skills.sh audits); trending (+100% hot-view momentum).
What problem does it solve?
You are launching or operating under a public brand and do not know which typo domains already resolve and could fool your users.
Who is it for?
Solo founders with a live or imminent custom domain who need a structured first pass at cousin-domain risk without hiring a full threat-intel team.
Skip if: Internal-only tools with no public brand, or engagements where you lack authorization to analyze domains related to third-party trademarks.
When should I use this skill?
You need typosquatting domain enumeration and DNS-oriented analysis with dnstwist for brands you are authorized to assess.
What do I get? / Deliverables
You produce a prioritized list of typosquatting candidates and DNS signals to drive defensive registration, monitoring, and incident response follow-ups.
- Typosquatting candidate domain list with permutation rationale
- Notes on resolved vs inactive domains for prioritization
- Recommended follow-ups for monitoring and registrar action
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Typosquatting checks are a defensive security shelf item—you run them when a brand and domain are real enough to be impersonated, typically pre-launch hardening and ongoing monitoring. Security subphase fits because the workflow targets abuse domains and phishing risk, not competitor feature research or generic SEO.
Where it fits
Before buying a domain, generate typosquat variants to see if obvious cousins are already registered by squatters.
Pre-launch, enumerate permutations of your marketing hostname to add defensive registrations and support playbooks.
After a phishing report, re-run dnstwist scopes to find newly active look-alike domains resolving to suspicious IPs.
How it compares
Agent-guided dnstwist typosquatting workflow—not a passive SSL certificate monitor or a generic WHOIS lookup cheat sheet.
Common Questions / FAQ
Who is analyzing-typosquatting-domains-with-dnstwist for?
Solo and indie builders protecting a public product name or domain who want agent-assisted dnstwist analysis instead of ad-hoc manual string guessing.
When should I use analyzing-typosquatting-domains-with-dnstwist?
Use it in Ship security before launch PR, in Idea research when shortlisting brand domains, and in Operate when users report suspicious links or support impersonation.
Is analyzing-typosquatting-domains-with-dnstwist safe to install?
Review the Security Audits panel on this page; only analyze domains you own or have permission to assess, and avoid storing scraped intel in public repos.
SKILL.md
READMESKILL.md - Analyzing Typosquatting Domains With Dnstwist
Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to the Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by the Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of