evilginx2 vs dnstwist

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication (by kgretzky)

Suggest topics

Source Code

Suggest alternative

Edit details

dnstwist

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation (by elceef)

Phishing Typosquatting Domains DNS Osint Idn Fuzzing threat-hunting homograph-attack Scanner threat-intelligence homoglyph

Source Code

dnstwist.it

Suggest alternative

Edit details

InfluxDB - Power Real-Time Data Analytics at Scale

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

www.influxdata.com

featured

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

featured

evilginx2		dnstwist
	Project
30	Mentions	23
10,010	Stars	4,584
-	Growth	-
7.4	Activity	7.6
6 days ago	Latest Commit	about 2 months ago
Go	Language	Python
BSD 3-clause "New" or "Revised" License	License	Apache License 2.0

The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

evilginx2

Posts with mentions or reviews of evilginx2. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-10-10.

Google announces passwordless by default: Make the switch to passkeys
6 projects | news.ycombinator.com | 10 Oct 2023

No, if you break into a site using passkeys, it gives you literally zero information that can be used to authenticate as any of the users. Think about the prevalence of data breaches in the past decade, and the sharp rise in the effectiveness of password stuffing, and think about why this change might be a good idea.
Also even with traditional 2FA, TOTP can be phished. See https://github.com/kgretzky/evilginx2
WebAuthn almost entirely eliminates phishing risk, and Passkeys are a really nice, clean UX for using WebAuthn.
I’ve been stuck on this situation for 3 days, does anyone know how to fix this?
2 projects | /r/github | 17 Sep 2023

So I downloaded this onto my computer https://github.com/kgretzky/evilginx2 and that took while since I’m new to GitHub and I barely know my way around computers. That went fine, i noticed there was another repository that was pretty much an add on to that same software I downloaded earlier “evilginx2” by another creator, this is the link https://github.com/simplerhacking/Evilginx3-Phishlets
friends 2fa being bypassed and Im stumped any advice?
1 project | /r/AskNetsec | 7 Jul 2023

Did your friend clicked on a phising link, if yes a aitm coud be one of the possibilities: https://github.com/kgretzky/evilginx2
MFA Just Casually being bypassed?? Anyone else seeing this?
2 projects | /r/sysadmin | 15 Jun 2023

We had a user compromised simiarly the other day, with what I believe to be https://github.com/kgretzky/evilginx2 now. It stole his session cookie and was able to auth. Fortunately, we have Office 365 Defender and he was flagged immediately on the risky user sign-ins and we were able to block and investigate.
Accounting got phished. Paid out big bucks
3 projects | /r/sysadmin | 31 May 2023

Evilginx kan bypass MFA and hijack your session https://github.com/kgretzky/evilginx2 Only thing that migitates this is fido keys
User compromised despite MFA?
1 project | /r/Office365 | 20 May 2023
Best way to capture web app traffic for later analysis?
1 project | /r/AskNetsec | 4 Apr 2023

You can try this for web app traffic MIMD: https://github.com/kgretzky/evilginx2
Main channel hacked
1 project | /r/LinusTechTips | 23 Mar 2023
Any Self Hosted alternatives to cloak.ist?
1 project | /r/selfhosted | 19 Mar 2023
MFA Bypass
1 project | /r/sysadmin | 31 Jan 2023

dnstwist

Posts with mentions or reviews of dnstwist. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-11-27.

Have I Been Squatted?
3 projects | news.ycombinator.com | 27 Nov 2023
Domain Permutation - HaveIBeenSquatted & dnstwist
2 projects | /r/cybersecurity | 1 Nov 2023

I recently stumbled upon 2 cool domain permutation tools: HIBS & dnstwist
Accounting got phished. Paid out big bucks
3 projects | /r/sysadmin | 31 May 2023

https://dnstwist.it/ - check your domain now
Phishing campaign defence advice
1 project | /r/sysadmin | 26 May 2023

You can hunt down evil twin domains with https://dnstwist.it/
adjacent domain names
1 project | /r/cybersecurity | 3 Mar 2023
Alternative To Domain Tools
1 project | /r/cybersecurity | 10 Feb 2023
Typosquatting list
1 project | /r/k12sysadmin | 9 Feb 2023

I periodically run dnstwist and add whatever it finds to our block list.
List of 26 services for OSINT | BLUE TEAMS | RED TEAMS
2 projects | /r/Hacking_Tutorials | 3 Feb 2023
God damn. In situations like this how can I detect the fake one? This is truly scary.
7 projects | /r/Bitwarden | 25 Jan 2023

Pi-hole (with every reasonable blocklist I can find) protects me from many of these domains. NextDNS would be another option for DNS-based blocking for people who don't want to administer it themselves. I also plan to use DNSTwist to generate additional blocklists for typo-based phishing that I can plug into the Pi-hole for important sites.
Google Search Ads showing fake bitwarden web vault site as top result.
1 project | /r/Bitwarden | 24 Jan 2023

What are some alternatives?

When comparing evilginx2 and dnstwist you can also consider the following projects:

Modlishka - Modlishka. Reverse Proxy.

opensquat - The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains.

muraena - Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.

dnschef - DNSChef - DNS proxy for Penetration Testers and Malware Analysts

awesome-lnurl - A curated list of awesome lnurl things.

urlcrazy - Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.

css-only-chat - A truly monstrous async web chat using no JS whatsoever on the frontend

octoDNS - Tools for managing DNS across multiple providers

evilgophish - evilginx3 + gophish

amass - In-depth attack surface mapping and asset discovery

htmx - </> htmx - high power tools for HTML

WhatBreach - OSINT tool to find breached emails, databases, pastes, and relevant information

evilginx2 vs Modlishka dnstwist vs opensquat evilginx2 vs muraena dnstwist vs dnschef evilginx2 vs awesome-lnurl dnstwist vs urlcrazy evilginx2 vs css-only-chat dnstwist vs octoDNS evilginx2 vs evilgophish dnstwist vs amass evilginx2 vs htmx dnstwist vs WhatBreach

Compare evilginx2 vs dnstwist and see what are their differences.

evilginx2

dnstwist

evilginx2

dnstwist

What are some alternatives?