OSINT MCP Server

Implementation Reference

• src/index.ts:242-251 (handler)

  The tool registration and handler implementation for subdomain_enum in the server.

  server.tool(
    "subdomain_enum",
    { domain: z.string().describe("Domain name to find subdomains") },
    async ({ domain }) => {
      const result = await subFinder.find(domain);
      return {
        content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
      };
    }
  );

• src/tools/subdomains.ts:4-35 (helper)

  The actual business logic for finding subdomains using external API clients.

  export class SubdomainFinder {
    private crtSh = new CrtShApiClient();
    private hackerTarget = new HackerTargetApiClient();
  
    async find(domain: string): Promise<string[]> {
      const [crtResult, htResult] = await Promise.allSettled([
        this.crtSh.getCertificates(domain),
        this.hackerTarget.getSubdomains(domain),
      ]);
  
      const subdomains = new Set<string>();
  
      if (crtResult.status === "fulfilled") {
        crtResult.value.forEach(cert => {
          cert.name_value.split("\n").forEach(name => {
            const cleaned = name.trim().toLowerCase();
            if (cleaned.endsWith(domain)) {
              subdomains.add(cleaned);
            }
          });
        });
      }
  
      if (htResult.status === "fulfilled") {
        htResult.value.forEach(item => {
          subdomains.add(item.domain.toLowerCase());
        });
      }
  
      return Array.from(subdomains).sort();
    }
  }