Happy slice of mcp pizzaMCP.pizza
Fire in da houseTop Tip:Paying $100+ per month for Perplexity, MidJourney, Runway, ChatGPT and other tools is crazy - get all your AI tools in one site starting at $15 per month with Galaxy AI Fire in da houseCheck it out free

mcp-dnstwist

MCP.Pizza Chef: BurtTheCoder

The mcp-dnstwist is an MCP server that integrates the powerful DNS fuzzing tool dnstwist into the Model Context Protocol ecosystem. It analyzes domain permutations to detect typosquatting, phishing attempts, and corporate espionage risks by identifying potentially malicious domains. Designed for seamless use with MCP-compatible applications like Claude Desktop, it provides real-time, structured DNS security insights. This server is intended for legitimate security research, emphasizing ethical use and compliance with DNS policies to prevent abuse.

Use This MCP server To

Detect typosquatting domains for security audits Identify phishing domains targeting organizations Analyze domain permutations for threat intelligence Integrate DNS fuzzing into AI security workflows Monitor brand domain abuse and impersonation Support corporate espionage detection efforts

README

DNStwist MCP Server

smithery badge

A Model Context Protocol (MCP) server for dnstwist, a powerful DNS fuzzing tool that helps detect typosquatting, phishing, and corporate espionage. This server provides tools for analyzing domain permutations and identifying potentially malicious domains. It is designed to integrate seamlessly with MCP-compatible applications like Claude Desktop.

mcp-dnstwist MCP server

⚠️ Warning

This tool is designed for legitimate security research purposes. Please:

  • Only analyze domains you own or have permission to test
  • Respect rate limits and DNS server policies
  • Use responsibly and ethically
  • Be aware that some DNS servers may rate-limit or block automated queries
  • Consider the impact on DNS infrastructure when running large scans

Requirements

  • Node.js (v18 or later)
  • Docker
  • macOS, Linux, or Windows with Docker Desktop installed

Quick Start

Installing via Smithery

To install DNStwist for Claude Desktop automatically via Smithery:

npx -y @smithery/cli install @burtthecoder/mcp-dnstwist --client claude

Installing Manually

  1. Install Docker:

  2. Install the server globally via npm:

npm install -g mcp-dnstwist
  1. Add to your Claude Desktop configuration file:
{
  "mcpServers": {
    "dnstwist": {
      "command": "mcp-dnstwist"
    }
  }
}

Configuration file location:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json
  1. Restart Claude Desktop

Alternative Setup (From Source)

If you prefer to run from source or need to modify the code:

  1. Clone and build:
git clone <repository_url>
cd mcp-dnstwist
npm install
npm run build
  1. Add to your Claude Desktop configuration:
{
  "mcpServers": {
    "dnstwist": {
      "command": "node",
      "args": ["/absolute/path/to/mcp-dnstwist/build/index.js"]
    }
  }
}

Features

  • Domain Fuzzing: Generate domain permutations using various algorithms
  • Registration Check: Verify if permutated domains are registered
  • DNS Analysis: Check A, AAAA, MX, and NS records
  • Web Presence: Capture HTTP banner information
  • WHOIS Data: Retrieve registration dates and registrar information
  • Phishing Detection: Generate fuzzy hashes of web pages
  • Configurable: Custom DNS servers and parallel processing
  • Multiple Formats: Support for json, csv, and list output formats

Tools

Domain Fuzzing Tool

  • Name: fuzz_domain
  • Description: Generate and analyze domain permutations to detect potential typosquatting, phishing, and brand impersonation
  • Parameters:
    • domain (required): Domain name to analyze (e.g., example.com)
    • nameservers (optional, default: "1.1.1.1"): Comma-separated list of DNS servers
    • threads (optional, default: 50): Number of threads for parallel processing
    • format (optional, default: "json"): Output format (json, csv, list)
    • registered_only (optional, default: true): Show only registered domains
    • mxcheck (optional, default: true): Check for MX records
    • ssdeep (optional, default: false): Generate fuzzy hashes of web pages
    • banners (optional, default: true): Capture HTTP banner information

Example:

{
  "domain": "example.com",
  "nameservers": "1.1.1.1,8.8.8.8",
  "threads": 50,
  "format": "json",
  "registered_only": true,
  "mxcheck": true,
  "banners": true
}

Troubleshooting

Docker Issues

  1. Verify Docker is installed and running:
docker --version
docker ps
  1. Check Docker permissions:
    • Ensure your user has permissions to run Docker commands
    • On Linux, add your user to the docker group: sudo usermod -aG docker $USER

Common Issues

  1. DNS resolution problems:

    • Verify DNS servers are accessible
    • Try alternative DNS servers (e.g., 8.8.8.8)
    • Check for rate limiting or blocking

  2. Performance issues:

    • Adjust thread count based on system capabilities
    • Consider network bandwidth and latency
    • Monitor DNS server response times

  3. After fixing any issues:

    • Save the configuration file
    • Restart Claude Desktop

Error Messages

  • "Docker is not installed or not running": Install Docker and start the Docker daemon
  • "Failed to parse dnstwist output": Check if the domain is valid and the format is correct
  • "Error executing dnstwist": Check Docker logs and ensure proper permissions
  • "DNS server not responding": Verify DNS server accessibility and try alternative servers

Contributing

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

License

This project is licensed under the MIT License - see the LICENSE file for details.

mcp-dnstwist FAQ

How do I install the mcp-dnstwist server?
You can install mcp-dnstwist by cloning its GitHub repository and following the setup instructions provided in the README. It requires Python and dependencies listed there.
Can mcp-dnstwist be used with any MCP host?
Yes, mcp-dnstwist is designed to integrate with any MCP-compatible host, including popular clients like Claude Desktop, enabling seamless DNS fuzzing capabilities.
What permissions are required to use mcp-dnstwist?
You should only analyze domains you own or have explicit permission to test to comply with ethical and legal standards.
How does mcp-dnstwist handle rate limiting?
The server respects DNS server rate limits and policies to avoid abuse and ensure responsible usage during domain fuzzing operations.
Is mcp-dnstwist suitable for automated security workflows?
Yes, it can be integrated into automated AI workflows to provide real-time detection of malicious domain permutations.
What kind of domains can mcp-dnstwist analyze?
It analyzes domain permutations related to your input domains, focusing on detecting typosquatting, phishing, and espionage-related threats.
Does mcp-dnstwist support multiple LLM providers?
While mcp-dnstwist itself is an MCP server, it can be used with MCP clients that support models from OpenAI, Claude, Gemini, and others for enhanced analysis.
How do I ensure ethical use of mcp-dnstwist?
Use the tool only for domains you own or have permission to test, respect DNS policies, and avoid any unauthorized scanning or probing.