Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| ST_API_KEY | No | API key for SecurityTrails to enable 3 SecurityTrails tools. | |
| VT_API_KEY | No | API key for VirusTotal to enable 4 VirusTotal tools. | |
| CENSYS_API_ID | No | API ID for Censys to enable 3 Censys tools. | |
| SHODAN_API_KEY | No | API key for Shodan to enable 4 Shodan tools. | |
| CENSYS_API_SECRET | No | API secret for Censys. Required if CENSYS_API_ID is provided. |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| dns_lookup | Resolve DNS records for a domain. Supports A, AAAA, MX, TXT, NS, SOA, CNAME, SRV record types. |
| dns_reverse | Perform reverse DNS (PTR) lookup for an IP address. Returns associated hostnames. |
| dns_email_security | Analyze email security posture: SPF, DMARC, DKIM records with risk assessment and recommendations. Checks common DKIM selectors (google, selector1, selector2, k1, etc.). |
| dns_spf_chain | Recursively resolve SPF include chain. Shows all included domains, IP ranges, detected services (Google Workspace, Microsoft 365, SendGrid, etc.), and RFC 7208 lookup limit compliance. |
| dns_srv_discover | Discover SRV records and common service CNAMEs for a domain. Probes for SIP, XMPP, Autodiscover, LDAP, Kerberos, CalDAV, CardDAV, and checks CNAMEs for autodiscover, lyncdiscover, OWA, ADFS, etc. |
| dns_wildcard_check | Check if a domain has wildcard DNS configured by resolving a random subdomain. |
| whois_domain | RDAP/WHOIS lookup for a domain. Returns registrar, registration/expiration dates, nameservers, and contact entities. |
| whois_ip | RDAP/WHOIS lookup for an IP address. Returns network name, CIDR range, country, and responsible entities. |
| crtsh_search | Search Certificate Transparency logs via crt.sh. Returns unique subdomains and certificate details (issuer, validity, SANs). |
| shodan_host | Get Shodan host details for an IP: open ports, services, banners, vulns, OS, ASN, geolocation. Requires SHODAN_API_KEY. |
| shodan_search | Search Shodan for hosts matching a query (e.g. 'apache port:443 country:US'). Requires SHODAN_API_KEY. |
| shodan_dns_resolve | Resolve hostnames to IPs using Shodan's DNS resolver. Requires SHODAN_API_KEY. |
| shodan_exploits | Search Shodan's exploit database for public exploits matching a query. Requires SHODAN_API_KEY. |
| vt_domain | VirusTotal domain analysis: reputation score, detection stats, categories, registrar, DNS records. Requires VT_API_KEY. |
| vt_ip | VirusTotal IP analysis: reputation, detection stats, country, ASN, network. Requires VT_API_KEY. |
| vt_subdomains | Enumerate subdomains for a domain via VirusTotal. Requires VT_API_KEY. |
| vt_url | Submit a URL to VirusTotal for scanning and get analysis results (malicious/suspicious/harmless). Requires VT_API_KEY. |
| st_subdomains | Enumerate subdomains for a domain via SecurityTrails. Returns FQDNs. Requires ST_API_KEY. |
| st_dns_history | Get historical DNS records for a domain via SecurityTrails. Shows first/last seen dates, values, and organizations. Requires ST_API_KEY. |
| st_whois | Enhanced WHOIS lookup via SecurityTrails with registrant/admin/technical contacts. Requires ST_API_KEY. |
| censys_hosts | Search Censys for hosts matching a query. Returns IPs, services, ports, location, ASN. Requires CENSYS_API_ID + CENSYS_API_SECRET. |
| censys_host_details | Get detailed Censys host information for a single IP: all services, certificates, OS, location, ASN. Requires CENSYS_API_ID + CENSYS_API_SECRET. |
| censys_certificates | Search Censys certificate database. Returns certificate fingerprints, subjects, issuers, validity, and SANs. Requires CENSYS_API_ID + CENSYS_API_SECRET. |
| geoip_lookup | Geolocate an IP address: country, city, ISP, ASN, proxy/hosting/mobile detection. Uses ip-api.com (free, no API key). |
| geoip_batch | Batch geolocate up to 100 IP addresses at once. Uses ip-api.com (free, no API key). |
| bgp_asn | Look up ASN details and announced IPv4/IPv6 prefixes via BGPView. Returns ASN name, description, contacts, and all announced prefixes. |
| bgp_ip | Look up BGP routing information for an IP address. Returns matching prefixes, ASNs, and RIR allocation. |
| bgp_prefix | Look up details for a specific IP prefix/CIDR. Returns announcing ASNs, name, country, and RIR. |
| wayback_urls | Search Wayback Machine for archived URLs of a domain. Returns unique URLs with timestamps, status codes, and MIME types. Useful for finding old endpoints, hidden paths, and removed content. |
| wayback_snapshots | Get Wayback Machine snapshot history for a specific URL. Returns timestamps, status codes, and direct archive links. Shows first/last seen dates. |
| hackertarget_hostsearch | Find subdomains and their IPs for a domain via HackerTarget. Free tier: 50 queries/day. |
| hackertarget_reverseip | Reverse IP lookup via HackerTarget — find all domains hosted on an IP. Free tier: 50 queries/day. |
| hackertarget_aslookup | Look up ASN information for an IP or ASN via HackerTarget. Free tier: 50 queries/day. |
| m365_tenant | Discover Microsoft 365 tenant information for a domain. Returns tenant ID, region, and OpenID configuration endpoints. |
| m365_userrealm | Detect authentication type for a domain's Microsoft 365 tenant. Returns namespace type (Managed/Federated), federation brand name, and auth endpoints. |
| osint_list_sources | List all OSINT data sources, their availability, API key requirements, and tool counts. Use this to check which sources are configured. |
| osint_domain_recon | Quick domain reconnaissance combining free sources: DNS (A/MX/NS/TXT), WHOIS, crt.sh subdomains, HackerTarget hosts, and email security analysis. No API keys required. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |