mcp-dnstwist
by: BurtTheCoder
MCP server for dnstwist, a powerful DNS fuzzing tool that helps detect typosquatting, phishing, and corporate espionage.
📌Overview
Purpose: To provide a Model Context Protocol (MCP) server that enhances dnstwist's capabilities for detecting typosquatting, phishing, and corporate espionage.
Overview: The DNStwist MCP Server serves as an advanced DNS fuzzing tool, facilitating the analysis of domain permutations to uncover potentially malicious domains. It integrates seamlessly with MCP-compatible applications, allowing users to perform legitimate security research with a focus on ethical usage.
Key Features:
-
Domain Fuzzing: Generates domain permutations using various algorithms to detect typosquatting and brand impersonation.
-
Registration Check: Verifies the registration status of permutated domains, helping identify potential threats.
-
DNS Analysis: Supports checking A, AAAA, MX, and NS records to provide a comprehensive view of domain configuration.
-
Web Presence Capture: Retrieves HTTP banner information for further analysis of domains.
-
WHOIS Data Retrieval: Accesses registration dates and registrar details for better target identification.
-
Phishing Detection: Creates fuzzy hashes of web pages to assist in identifying phishing attempts.
-
Configurable Options: Allows customization of DNS servers and supports parallel processing for efficiency.
-
Multiple Output Formats: Delivers results in JSON, CSV, and list formats for versatile data handling.
DNStwist MCP Server
A Model Context Protocol (MCP) server for dnstwist, a powerful DNS fuzzing tool that helps detect typosquatting, phishing, and corporate espionage. This server provides tools for analyzing domain permutations and identifying potentially malicious domains. It is designed to integrate seamlessly with MCP-compatible applications like Claude Desktop.
⚠️ Warning
This tool is intended for legitimate security research purposes only. Please:
- Analyze only domains you own or have permission to test
- Respect rate limits and DNS server policies
- Use responsibly and ethically
- Be aware some DNS servers may rate-limit or block automated queries
- Consider the impact on DNS infrastructure during large scans
Requirements
- Node.js (v18 or later)
- Docker
- macOS, Linux, or Windows with Docker Desktop installed
Quick Start
Installing via Smithery
To install DNStwist for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install @burtthecoder/mcp-dnstwist --client claude
Installing Manually
-
Install Docker:
- macOS: Install Docker Desktop
- Linux: Follow the Docker Engine installation guide
-
Install the server globally via npm:
npm install -g mcp-dnstwist
- Add to your Claude Desktop configuration file:
{
"mcpServers": {
"dnstwist": {
"command": "mcp-dnstwist"
}
}
}
Configuration file location:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json
- Windows:
%APPDATA%\Claude\claude_desktop_config.json
- Restart Claude Desktop
Alternative Setup (From Source)
To run from source or modify the code:
- Clone and build:
git clone <repository_url>
cd mcp-dnstwist
npm install
npm run build
- Add to your Claude Desktop configuration:
{
"mcpServers": {
"dnstwist": {
"command": "node",
"args": ["/absolute/path/to/mcp-dnstwist/build/index.js"]
}
}
}
Features
- Domain Fuzzing: Generate domain permutations using various algorithms
- Registration Check: Verify if permutated domains are registered
- DNS Analysis: Check A, AAAA, MX, and NS records
- Web Presence: Capture HTTP banner information
- WHOIS Data: Retrieve registration dates and registrar information
- Phishing Detection: Generate fuzzy hashes of web pages
- Configurable: Custom DNS servers and parallel processing
- Multiple Formats: Supports JSON, CSV, and list output formats
Tools
Domain Fuzzing Tool
- Name:
fuzz_domain
- Description: Generate and analyze domain permutations to detect potential typosquatting, phishing, and brand impersonation
- Parameters:
domain
(required): Domain name to analyze (e.g., example.com)nameservers
(optional, default: "1.1.1.1"): Comma-separated list of DNS serversthreads
(optional, default: 50): Number of threads for parallel processingformat
(optional, default: "json"): Output format (json, csv, list)registered_only
(optional, default: true): Show only registered domainsmxcheck
(optional, default: true): Check for MX recordsssdeep
(optional, default: false): Generate fuzzy hashes of web pagesbanners
(optional, default: true): Capture HTTP banner information
Example input:
{
"domain": "example.com",
"nameservers": "1.1.1.1,8.8.8.8",
"threads": 50,
"format": "json",
"registered_only": true,
"mxcheck": true,
"banners": true
}
Troubleshooting
Docker Issues
- Verify Docker is installed and running:
docker --version
docker ps
- Check Docker permissions:
- Ensure your user has permission to run Docker commands
- On Linux, add your user to the docker group:
sudo usermod -aG docker $USER
Common Issues
-
DNS resolution problems:
- Verify DNS servers are accessible
- Try alternative DNS servers (e.g., 8.8.8.8)
- Check for rate limiting or blocking
-
Performance issues:
- Adjust thread count based on system capabilities
- Consider network bandwidth and latency
- Monitor DNS server response times
After fixing issues:
- Save the configuration file
- Restart Claude Desktop
Error Messages
- Docker is not installed or not running: Install Docker and start the Docker daemon
- Failed to parse dnstwist output: Check if the domain is valid and the output format is correct
- Error executing dnstwist: Check Docker logs and ensure proper permissions
- DNS server not responding: Verify DNS server accessibility and try alternative servers
Contributing
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature
) - Commit your changes (
git commit -m 'Add amazing feature'
) - Push to the branch (
git push origin feature/amazing-feature
) - Open a Pull Request
License
This project is licensed under the MIT License.