DomainTwistex.Twist (domaintwistex v0.9.0)

Provides high-level domain analysis functionality by combining permutation generation with concurrent domain validation checks.

This module builds upon the DomainTwistex.Utils functionality to provide comprehensive domain analysis tools for identifying potential typosquatting and domain abuse scenarios.

Summary

Functions

analyze_chunk(permutations, domain, opts \\ [])

Analyzes a specific chunk of permutations.

analyze_distributed(domain, opts \\ [])

Distributes analysis across connected Erlang nodes.

analyze_domain(domain, opts \\ [])

Analyzes a domain by generating permutations and checking them concurrently.

cluster_info()

Returns info about the current distributed setup.

get_live_mx_domains(domain, opts \\ [])

Filters domain analysis results to return only permutations with valid MX records.

get_permutations(domain)

Returns all permutations for a domain without checking them.

split_for_nodes(domain, num_chunks)

Splits permutations into N chunks for distributed processing.

Functions

analyze_chunk(permutations, domain, opts \\ [])

Analyzes a specific chunk of permutations.

Use this on each node to process its assigned chunk.

Parameters

  • permutations - List of permutation maps to check
  • domain - Original domain (for distance calculation)
  • opts - Same options as analyze_domain/2

Example

# On node 1:
chunks = DomainTwistex.Twist.split_for_nodes("abbvie.com", 3)
{0, my_chunk} = Enum.at(chunks, 0)
results = DomainTwistex.Twist.analyze_chunk(my_chunk, "abbvie.com")

analyze_distributed(domain, opts \\ [])

Distributes analysis across connected Erlang nodes.

Automatically splits work across all connected nodes + current node.

Parameters

  • domain - Domain to analyze
  • opts - Options:

    • :nodes - List of nodes to use (default: [node() | Node.list()])

    • :max_concurrency - Per-node concurrency
    • :timeout - Per-domain timeout

Example

# First connect nodes:
Node.connect(:"node2@192.168.1.10")
Node.connect(:"node3@192.168.1.11")

# Then distribute:
results = DomainTwistex.Twist.analyze_distributed("abbvie.com")

Returns

Combined results from all nodes

analyze_domain(domain, opts \\ [])

Analyzes a domain by generating permutations and checking them concurrently.

Generates all permutations for the given domain, then resolves each one with parallel DNS, WHOIS, and server checks. Filters out the original domain and wildcard-only results (wildcard + no public IPs).

Parameters

  • domain - String representing the base domain to analyze (e.g., "example.com")
  • opts - Keyword list of options:
    • :max_concurrency - Maximum number of concurrent tasks (default: System.schedulers_online() * 2)
    • :timeout - Timeout in milliseconds for each task (default: 15000)
    • :ordered - Whether to maintain permutation order in results (default: false)
    • :whois - Enable WHOIS/RDAP lookups (default: true)

Returns

A map with the following keys:

* :domain - The original domain string
* :original - Resolved baseline data for the original domain (without fuzzy scores)
* :permutations - List of resolvable permutation results (excluding wildcards with no public IPs)
* :stats - Map with :total (permutations generated) and :resolvable (permutations that resolved)

Examples

```elixir
iex> DomainTwistex.Twist.analyze_domain("example.com")
%{
  domain: "example.com",
  original: %{fqdn: "example.com", resolvable: true, ...},
  permutations: [
    %{kind: "Tld", fqdn: "example.co.uk", ip_addresses: [...], ...},
    ...
  ],
  stats: %{total: 9541, resolvable: 42}
}

# With custom options
iex> DomainTwistex.Twist.analyze_domain("example.com", max_concurrency: 50, whois: true)
```

Performance Considerations

  • Higher max_concurrency values can improve speed but may trigger rate limiting
  • Timeout values should be adjusted based on network conditions
  • Setting ordered: true may impact performance for large result sets

cluster_info()

Returns info about the current distributed setup.

Example

iex> DomainTwistex.Twist.cluster_info()
%{
  current_node: :"node1@127.0.0.1",
  connected_nodes: [:"node2@127.0.0.1"],
  total_nodes: 2
}

get_live_mx_domains(domain, opts \\ [])

Filters domain analysis results to return only permutations with valid MX records.

This function is particularly useful for identifying potentially malicious domains that are set up for email operations, which could be used for phishing attacks.

Parameters

  • domain - String representing the base domain to analyze
  • opts - Keyword list of options (same as analyze_domain/2)

Returns

A map with the same shape as analyze_domain/2, but permutations filtered to only those with MX records. Stats includes :mx_count.

Examples

```elixir
iex> DomainTwistex.Twist.get_live_mx_domains("google.com")
%{
  domain: "google.com",
  original: %{...},
  permutations: [%{kind: "Tld", mx_records: [%{priority: 0, server: "smtp.google.com"}], ...}],
  stats: %{total: 9541, resolvable: 42, mx_count: 12}
}
```

get_permutations(domain)

Returns all permutations for a domain without checking them.

Useful for splitting work across nodes.

Example

iex> perms = DomainTwistex.Twist.get_permutations("example.com")
iex> length(perms)
4523

split_for_nodes(domain, num_chunks)

Splits permutations into N chunks for distributed processing.

Parameters

  • domain - The domain to generate permutations for
  • num_chunks - Number of chunks (typically = number of nodes)

Returns

List of {chunk_index, permutations} tuples

Example

iex> chunks = DomainTwistex.Twist.split_for_nodes("example.com", 3)
iex> length(chunks)
3
iex> {index, perms} = hd(chunks)