MCP server for dnstwist, a powerful DNS fuzzing tool that helps detect typosquatting, phishing, and corporate espionage.
https://github.com/BurtTheCoder/mcp-dnstwistYour company's domain is under constant attack. Every day, bad actors register variations of your brand - you-company.com, yourcompany-secure.net, yourcompany.org - setting up phishing sites, stealing credentials, and damaging your reputation.
Traditional domain monitoring tools live in separate dashboards, require manual checks, and generate reports you have to interpret. But what if you could analyze domain threats conversationally, right inside Claude?
The mcp-dnstwist server brings enterprise-grade domain analysis directly into your AI workflow. Instead of jumping between security tools, you simply ask Claude: "Check if anyone's squatting on our domain" or "Analyze suspicious domains targeting our customers."
Behind the scenes, it runs dnstwist - the industry-standard tool used by security teams worldwide - generating comprehensive domain permutations and checking their registration status, DNS records, and web presence.
Immediate Threat Detection: Ask Claude to scan your domain and get results in seconds. No more waiting for scheduled reports or manual tool execution.
Conversational Analysis: Instead of parsing JSON output, you get human-readable insights. "Found 47 registered permutations, 12 with active websites, 3 requiring immediate investigation."
Contextual Intelligence: Claude can correlate findings with your security policies, compare against previous scans, and suggest specific actions based on threat severity.
Zero Learning Curve: Your team already knows how to talk to Claude. No training required on new security tools or dashboards.
Daily Brand Monitoring: "Scan acme-corp.com for new typosquatting domains registered in the last week." Get instant alerts when attackers register domains targeting your brand.
Incident Response: During a phishing campaign, ask "Check all permutations of our domain for active websites and SSL certificates." Quickly identify the full scope of an attack.
Acquisition Due Diligence: "Analyze potential domain threats for startup-name.com before we acquire them." Understand the domain security landscape before deals close.
Customer Protection: "Check if any domains are impersonating our client's banking site." Proactively identify threats targeting your customers.
Trademark Monitoring: Generate comprehensive domain lists for legal teams pursuing trademark violations.
Setup takes 5 minutes:
npx -y @smithery/cli install @burtthecoder/mcp-dnstwist --client claude
No Docker knowledge required, no complex configurations. The server handles dnstwist execution, DNS queries, and result formatting automatically.
Once configured, domain analysis becomes as natural as any other Claude conversation. The server provides configurable DNS servers, parallel processing control, and multiple output formats - all accessible through simple conversational requests.
This isn't just domain enumeration. You get:
The combination of dnstwist's powerful fuzzing algorithms with Claude's analytical capabilities creates a domain security solution that scales from quick spot checks to comprehensive brand monitoring.
Built with Docker isolation, configurable rate limiting, and responsible scanning practices. The server respects DNS infrastructure, implements proper timeouts, and includes safety warnings about ethical usage.
Whether you're a security engineer protecting enterprise brands or a consultant monitoring client domains, mcp-dnstwist transforms domain analysis from a separate workflow into a natural extension of your AI-powered security toolkit.
Your domain's security is only as strong as your ability to monitor it. Make that monitoring conversational, immediate, and intelligent.