DNSTwist
Analyzes domains for typosquatting and phishing threats by generating domain permutations and checking their registration status. Uses Docker-based dnstwist tool to identify potentially malicious domains.
Integrates with dnstwist to automate DNS fuzzing for detecting typosquatting, phishing, and corporate espionage threats.
What it does
- Generate domain permutations using various fuzzing techniques
- Check registration status of suspicious domains
- Detect typosquatting attempts
- Identify phishing domains
- Analyze domains for corporate espionage threats
- Export domain analysis results
Best for
About DNSTwist
DNSTwist is a community-built MCP server published by burtthecoder that provides AI assistants with tools and capabilities via the Model Context Protocol. DNSTwist automates DNS fuzzing to detect typosquatting, phishing, and espionage threats, keeping your domains secure. It is categorized under auth security.
How to install
You can install DNSTwist in your AI client of choice. Use the install panel on this page to get one-click setup for Cursor, Claude Desktop, VS Code, and other MCP-compatible clients. This server runs locally on your machine via the stdio transport.
License
DNSTwist is released under the MIT license. This is a permissive open-source license, meaning you can freely use, modify, and distribute the software.
DNStwist MCP Server
A Model Context Protocol (MCP) server for dnstwist, a powerful DNS fuzzing tool that helps detect typosquatting, phishing, and corporate espionage. This server provides tools for analyzing domain permutations and identifying potentially malicious domains. It is designed to integrate seamlessly with MCP-compatible applications like Claude Desktop.
⚠️ Warning
This tool is designed for legitimate security research purposes. Please:
- Only analyze domains you own or have permission to test
- Respect rate limits and DNS server policies
- Use responsibly and ethically
- Be aware that some DNS servers may rate-limit or block automated queries
- Consider the impact on DNS infrastructure when running large scans
Requirements
- Node.js (v18 or later)
- Docker
- macOS, Linux, or Windows with Docker Desktop installed
Quick Start
Installing via Smithery
To install DNStwist for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install @burtthecoder/mcp-dnstwist --client claude
Installing Manually
-
Install Docker:
- macOS: Install Docker Desktop
- Linux: Follow the Docker Engine installation guide
-
Install the server globally via npm:
npm install -g mcp-dnstwist
- Add to your Claude Desktop configuration file:
{
"mcpServers": {
"dnstwist": {
"command": "mcp-dnstwist"
}
}
}
Configuration file location:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
- Restart Claude Desktop
Alternative Setup (From Source)
If you prefer to run from source or need to modify the code:
- Clone and build:
git clone <repository_url>
cd mcp-dnstwist
npm install
npm run build
- Add to your Claude Desktop configuration:
{
"mcpServers": {
"dnstwist": {
"command": "node",
"args": ["/absolute/path/to/mcp-dnstwist/build/index.js"]
}
}
}
Features
- Domain Fuzzing: Generate domain permutations using various algorithms
- Registration Check: Verify if permutated domains are registered
- DNS Analysis: Check A, AAAA, MX, and NS records
- Web Presence: Capture HTTP banner information
- WHOIS Data: Retrieve registration dates and registrar information
- Phishing Detection: Generate fuzzy hashes of web pages
- Configurable: Custom DNS servers and parallel processing
- Multiple Formats: Support for json, csv, and list output formats
Tools
Domain Fuzzing Tool
- Name:
fuzz_domain - Description: Generate and analyze domain permutations to detect potential typosquatting, phishing, and brand impersonation
- Parameters:
domain(required): Domain name to analyze (e.g., example.com)nameservers(optional, default: "1.1.1.1"): Comma-separated list of DNS serversthreads(optional, default: 50): Number of threads for parallel processingformat(optional, default: "json"): Output format (json, csv, list)registered_only(optional, default: true): Show only registered domainsmxcheck(optional, default: true): Check for MX recordsssdeep(optional, default: false): Generate fuzzy hashes of web pagesbanners(optional, default: true): Capture HTTP banner information
Example:
{
"domain": "example.com",
"nameservers": "1.1.1.1,8.8.8.8",
"threads": 50,
"format": "json",
"registered_only": true,
"mxcheck": true,
"banners": true
}
Troubleshooting
Docker Issues
- Verify Docker is installed and running:
docker --version
docker ps
- Check Docker permissions:
- Ensure your user has permissions to run Docker commands
- On Linux, add your user to the docker group:
sudo usermod -aG docker $USER
Common Issues
-
DNS resolution problems:
- Verify DNS servers are accessible
- Try alternative DNS servers (e.g., 8.8.8.8)
- Check for rate limiting or blocking
-
Performance issues:
- Adjust thread count based on system capabilities
- Consider network bandwidth and latency
- Monitor DNS server response times
-
After fixing any issues:
- Save the configuration file
- Restart Claude Desktop
Error Messages
- "Docker is not installed or not running": Install Docker and start the Docker daemon
- "Failed to parse dnstwist output": Check if the domain is valid and the format is correct
- "Error executing dnstwist": Check Docker logs and ensure proper permissions
- "DNS server not responding": Verify DNS server accessibility and try alternative servers
Contributing
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
License
This project is licensed under the MIT License - see the LICENSE file for details.
Alternatives
Related Skills
Browse all skillsExpert in secure backend coding practices specializing in input validation, authentication, and API security. Use PROACTIVELY for backend security implementations or security code reviews.
Firebase gives you a complete backend in minutes - auth, database, storage, functions, hosting. But the ease of setup hides real complexity. Security rules are your last line of defense, and they're often wrong. Firestore queries are limited, and you learn this after you've designed your data model. This skill covers Firebase Authentication, Firestore, Realtime Database, Cloud Functions, Cloud Storage, and Firebase Hosting. Key insight: Firebase is optimized for read-heavy, denormalized data. I
Comprehensive backend development skill for building scalable backend systems using NodeJS, Express, Go, Python, Postgres, GraphQL, REST APIs. Includes API scaffolding, database optimization, security implementation, and performance tuning. Use when designing APIs, optimizing database queries, implementing business logic, handling authentication/authorization, or reviewing backend code.
This skill should be used when the user requests to generate, create, or add Row-Level Security (RLS) policies for Supabase databases in multi-tenant or role-based applications. It generates comprehensive RLS policies using auth.uid(), auth.jwt() claims, and role-based access patterns. Trigger terms include RLS, row level security, supabase security, generate policies, auth policies, multi-tenant security, role-based access, database security policies, supabase permissions, tenant isolation.
Implement secure API design patterns including authentication, authorization, input validation, rate limiting, and protection against common API vulnerabilities
Send and draft professional emails with seasonal HTML formatting, authentic writing style, contact lookup via Google Contacts, security-first approach, and Google Gmail API via Ruby CLI. This skill should be used for ALL email operations (mandatory per RULES.md).