Skip to main content
Glama

check_subdomain_takeover

Read-onlyIdempotent

Scan subdomains for dangling CNAMEs pointing to deprovisioned cloud services to detect subdomain takeover vulnerabilities.

Instructions

Sweep subdomains for dangling CNAMEs pointing to deprovisioned cloud services that could be claimed by an attacker (subdomain takeover vulnerabilities). Detects 16 provider families (AWS S3/CloudFront, Azure Front Door/CDN/Blob/App Service, GCP Cloud Storage, Heroku, GitHub Pages, Vercel, Firebase, Shopify, etc.). Use when asked if subdomains are pointing to deprovisioned cloud services. Pair with discover_subdomains for full inventory.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
domainYesDomain to check (e.g., example.com).
formatNoOutput verbosity. Auto-detected if omitted.
subdomainsNoOptional explicit subdomain list (full FQDNs or short labels). When provided (deduped, capped at 1000), this list is swept instead of the 15-name built-in. Source from Certificate-Transparency enumeration or brand-audit discovery.
force_refreshNoBypass cache and run a fresh check. Useful after DNS changes.

Output Schema

TableJSON Schema
NameRequiredDescriptionDefault
scoreYes
passedYes
categoryYes
findingsYes
Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations already declare readOnlyHint, idempotentHint, destructiveHint. Description adds value by specifying detection scope (16 provider families) and cache behavior via force_refresh. No contradictions, and it enriches the behavioral profile.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two sentences directly conveying purpose and usage. No filler, front-loaded with the core action. Every sentence earns its place.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Covers the tool's purpose, scope, and usage context. With an output schema present, return values need not be described. Minor gap: not explicitly stating output format or pagination, but overall complete for a detection tool.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Input schema has 100% coverage with detailed descriptions for all 4 parameters. Description doesn't elaborate on parameters beyond what schema provides, but that's acceptable given the schema richness. Baseline 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Description uses specific verb 'sweep' and resource 'subdomains', clearly stating the goal: detecting dangling CNAMEs pointing to deprovisioned cloud services. It enumerates 16 provider families, making the tool distinct from siblings like check_subdomailing.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly states when to use ('when asked if subdomains are pointing to deprovisioned cloud services') and suggests pairing with discover_subdomains for full inventory. Lacks explicit when-not-to-use guidance, but the context is clear.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/MadaBurns/bv-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server