playbooks

home / mcp / dnstwist mcp server

DNStwist MCP Server

MCP server for dnstwist, a powerful DNS fuzzing tool that helps detect typosquatting, phishing, and corporate espionage.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "burtthecoder-mcp-dnstwist": {
      "command": "mcp-dnstwist",
      "args": []
    }
  }
}

DNStwist MCP Server provides an MCP endpoint for analyzing domain permutations generated by dnstwist. It enables security-focused applications to fuzz domains, check registrations, inspect DNS records, and assess web presence to help detect typosquatting, phishing, and brand impersonation—all through MCP-compatible clients like Claude Desktop.

How to use

You will run one or more MCP endpoints that represent the DNStwist server and then connect your MCP client to those endpoints. Use the client to request domain permutation analysis for a target domain, along with optional checks and output formats. You can run the server locally and point your client to it, or connect to a configured remote MCP endpoint if provided.

How to install

Prerequisites you need before installing are Node.js version 18 or later and Docker installed on your machine.

Option A — Install as an MCP server locally using Claude Desktop configuration (recommended for quick setup) paragraph text not code.

{
  "mcpServers": {
    "dnstwist": {
      "command": "mcp-dnstwist",
      "args": []
    }
  }
}

Option B — Install from source and run the server locally.

git clone <repository_url>
cd mcp-dnstwist
npm install
npm run build

After building, wire up the Claude Desktop configuration to run the compiled index with Node.

{
  "mcpServers": {
    "dnstwist": {
      "command": "node",
      "args": ["/absolute/path/to/mcp-dnstwist/build/index.js"]
    }
  }
}

Commands summarized for convenience.

# Quick install via Claude Desktop (local MCP server)
npm install -g mcp-dnstwist
# Or run from source after building
npm install
npm run build
node /absolute/path/to/mcp-dnstwist/build/index.js

Additional configuration and notes

Configuration is used to connect Claude Desktop (or other MCP clients) to the DNStwist MCP server. The example below shows how to add the server to Claude Desktop’s config.

{
  "mcpServers": {
    "dnstwist": {
      "command": "mcp-dnstwist"
    }
  }
}

Security and usage notes

This tool is intended for legitimate security research. Only analyze domains you own or have explicit permission to test. Respect rate limits, comply with DNS server policies, and be mindful of the potential impact on DNS infrastructure when running large scans.

Troubleshooting

If you encounter issues, verify Docker and Node.js are correctly installed, ensure the MCP server command is reachable, and check the path to the built index.js when running from source.

Common problems include DNS resolution failures, rate limiting, and permission errors running Docker or the MCP server. Adjust DNS servers, reduce thread counts, and ensure your user has the necessary rights to execute the server.

Tools and capabilities

The DNStwist MCP server exposes a Domain Fuzzing capability that generates domain permutations, with options to filter by registration, check MX records, capture HTTP banners, retrieve WHOIS data, and output results in json, csv, or list formats.

Available tools

fuzz_domain

Domain Fuzzing Tool: Generate and analyze domain permutations to detect potential typosquatting, phishing, and brand impersonation