Subdomain API
Server Details
Find known subdomains of a domain. Passive data; may include historic entries. List or count.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.8/5 across 2 of 2 tools scored.
The two tools have clearly distinct purposes: one returns only a count, the other returns a list. There is no overlap in functionality.
Both tools follow the consistent verb_noun pattern using snake_case: count_subdomains and find_subdomains.
With only two tools, the API is minimal. While it covers the basic operations for the domain, it is borderline thin for a comprehensive subdomain API.
The API provides count and list operations but lacks features like filtering, subdomain details, or export, leaving minor gaps in typical recon workflows.
Available Tools
2 toolscount_subdomainsCount subdomainsARead-onlyIdempotentInspect
Return only the total number of distinct subdomains known for a domain — no list. Cheap and low-token. Use when the user asks "how many subdomains" or you only need the size of the attack surface. Count includes historic subdomains that may no longer be live. It is a point-in-time figure that changes over time, so treat it as current-as-of-query, not a fixed value.
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | Root (registrable) domain as a bare hostname, e.g. "example.com". No scheme, path, port, or leading "www." — these are stripped. |
Output Schema
| Name | Required | Description |
|---|---|---|
| total | Yes | Total distinct subdomains known. |
| domain | Yes |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
The description goes beyond annotations by noting that the count includes historic subdomains that may no longer be live and that it is a point-in-time figure. These are important behavioral traits not captured by readOnlyHint, openWorldHint, or idempotentHint.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is concise with two main sentences plus brief clarifying notes. Every sentence adds value, and the most important information (what the tool returns) is front-loaded.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a simple tool with one parameter, strong annotations, and an output schema, the description covers all essential aspects: return value, usage context, behavioral nuance (historic data, point-in-time), and parameter clarification. Nothing missing.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100%, baseline 3. The description adds value by providing an example domain format and clarifying restrictions (no scheme, path, etc.). This extra context is helpful for correct invocation.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description states exactly what the tool does: 'Return only the total number of distinct subdomains known for a domain — no list.' This is a specific verb+resource and clearly distinguishes it from the sibling tool find_subdomains.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
It says 'Use when the user asks "how many subdomains" or you only need the size of the attack surface.' This provides explicit when-to-use guidance, and the contrast with the sibling implies when not to use (when a list is needed).
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
find_subdomainsFind subdomainsARead-onlyIdempotentInspect
List known subdomains (hostnames) of a root domain. Data is passive (not active scanning): results are historic observations and may include subdomains that no longer resolve or are no longer live. Results are a point-in-time snapshot that changes over time as new subdomains are observed — re-query rather than caching the result. Use for attack-surface mapping, security recon, asset inventory, or SEO host discovery. Hostnames are returned most-recently-seen first. The response always reports total (full distinct count known) and a truncated flag, so you can tell when more exist beyond limit.
| Name | Required | Description | Default |
|---|---|---|---|
| limit | No | Max subdomains to return (1-1000, default 200). `total` always reports the full count regardless of this cap. | |
| domain | Yes | Root (registrable) domain as a bare hostname, e.g. "example.com". No scheme, path, port, or leading "www." — these are stripped. |
Output Schema
| Name | Required | Description |
|---|---|---|
| total | Yes | Total distinct subdomains known. |
| domain | Yes | |
| returned | Yes | Number in `subdomains`. |
| truncated | Yes | True if more exist beyond `limit`. |
| subdomains | Yes |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Beyond annotations (readOnlyHint, openWorldHint, idempotentHint), the description discloses that data is passive (not active scanning), results are historic and may include non-resolving subdomains, the snapshot nature, and the ordering (most-recently-seen first). It also explains response fields (total, truncated) and the fact that total always reports the full count despite limit.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is concise and well-structured: it opens with purpose, follows with data source characteristics, then usage context, then ordering, and finally response format. Every sentence adds meaningful information without redundancy.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's moderate complexity (2 parameters, output schema exists), the description covers key aspects: data source, usage, ordering, and response structure (total, truncated). It could optionally describe more output schema fields, but the schema itself handles that. The re-query advice is also valuable for context.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100%. The description adds valuable details: for 'domain', it clarifies the format (bare hostname, no scheme/path/port/leading www) and stripping behavior; for 'limit', it reinforces that 'total' is unaffected by the cap. These go beyond the schema's basic descriptions.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description starts with a specific verb+resource: 'List known subdomains (hostnames) of a root domain.' It clearly distinguishes from the sibling tool 'count_subdomains' by specifying the action of listing rather than counting.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description lists typical use cases: attack-surface mapping, security recon, asset inventory, SEO host discovery. It also provides important context about the data being passive and a point-in-time snapshot, advising against caching. However, it does not explicitly state when not to use this tool or provide direct alternatives beyond the sibling's name.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!