DNStwist MCP Server

A Model Context Protocol (MCP) server for dnstwist, a powerful DNS fuzzing tool that helps detect typosquatting, phishing, and corporate espionage. This server provides tools for analyzing domain permutations and identifying potentially malicious domains. It is designed to integrate seamlessly with MCP-compatible applications like Claude Desktop.

⚠️ Warning

This tool is designed for legitimate security research purposes. Please:

• Only analyze domains you own or have permission to test
• Respect rate limits and DNS server policies
• Use responsibly and ethically
• Be aware that some DNS servers may rate-limit or block automated queries
• Consider the impact on DNS infrastructure when running large scans

Requirements

• Node.js (v18 or later)
• Docker
• macOS, Linux, or Windows with Docker Desktop installed

Quick Start

Installing via Smithery

To install DNStwist for Claude Desktop automatically via Smithery:

npx -y @smithery/cli install @burtthecoder/mcp-dnstwist --client claude

Installing Manually

1. Install Docker:

   • macOS: Install Docker Desktop
   • Linux: Follow the Docker Engine installation guide

2. Install the server globally via npm:

npm install -g mcp-dnstwist

3. Add to your Claude Desktop configuration file:

{
  "mcpServers": {
    "dnstwist": {
      "command": "mcp-dnstwist"
    }
  }
}

Configuration file location:

• macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
• Windows: %APPDATA%\Claude\claude_desktop_config.json

4. Restart Claude Desktop

Alternative Setup (From Source)

If you prefer to run from source or need to modify the code:

1. Clone and build:

git clone <repository_url>
cd mcp-dnstwist
npm install
npm run build

2. Add to your Claude Desktop configuration:

{
  "mcpServers": {
    "dnstwist": {
      "command": "node",
      "args": ["/absolute/path/to/mcp-dnstwist/build/index.js"]
    }
  }
}

Features

• Domain Fuzzing: Generate domain permutations using various algorithms
• Registration Check: Verify if permutated domains are registered
• DNS Analysis: Check A, AAAA, MX, and NS records
• Web Presence: Capture HTTP banner information
• WHOIS Data: Retrieve registration dates and registrar information
• Phishing Detection: Generate fuzzy hashes of web pages
• Configurable: Custom DNS servers and parallel processing
• Multiple Formats: Support for json, csv, and list output formats

Tools

Domain Fuzzing Tool

• Name: fuzz_domain
• Description: Generate and analyze domain permutations to detect potential typosquatting, phishing, and brand impersonation
• Parameters:
  • domain (required): Domain name to analyze (e.g., example.com)
  • nameservers (optional, default: "1.1.1.1"): Comma-separated list of DNS servers
  • threads (optional, default: 50): Number of threads for parallel processing
  • format (optional, default: "json"): Output format (json, csv, list)
  • registered_only (optional, default: true): Show only registered domains
  • mxcheck (optional, default: true): Check for MX records
  • ssdeep (optional, default: false): Generate fuzzy hashes of web pages
  • banners (optional, default: true): Capture HTTP banner information

Example:

{
  "domain": "example.com",
  "nameservers": "1.1.1.1,8.8.8.8",
  "threads": 50,
  "format": "json",
  "registered_only": true,
  "mxcheck": true,
  "

... [View full README on GitHub](https://github.com/BurtTheCoder/mcp-dnstwist#readme)