osint-mcp-server

st_whois

Retrieve enhanced WHOIS data including registrant, admin, and technical contacts for any domain using SecurityTrails.

Instructions

Enhanced WHOIS lookup via SecurityTrails with registrant/admin/technical contacts. Requires ST_API_KEY.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`domain`	Yes	Domain to look up

Implementation Reference

src/securitytrails/index.ts:80-107 (handler)

Core handler: Calls SecurityTrails WHOIS API at /domain/{domain}/whois, extracts registrar, dates, nameservers, and contacts (registrant/admin/technical).

export async function stWhois(domain: string, apiKey: string): Promise<StWhoisResult> {
  const data = await stFetch(`/domain/${encodeURIComponent(domain)}/whois`, apiKey);
  const w = data ?? {};

  const contacts: StWhoisResult["contacts"] = [];
  for (const type of ["registrant", "admin", "technical"]) {
    const c = w[type];
    if (c) {
      contacts.push({
        type,
        name: c.name,
        organization: c.organization,
        email: c.email,
        country: c.country,
      });
    }
  }

  return {
    domain,
    registrar: w.registrar?.name,
    createdDate: w.created_date,
    updatedDate: w.updated_date,
    expiresDate: w.expires_date,
    nameservers: w.nameservers ?? [],
    contacts,
  };
}

src/securitytrails/index.ts:30-38 (schema)

Type definition for StWhoisResult interface with domain, registrar, dates, nameservers, and contacts.

interface StWhoisResult {
  domain: string;
  registrar?: string;
  createdDate?: string;
  updatedDate?: string;
  expiresDate?: string;
  nameservers: string[];
  contacts: { type: string; name?: string; organization?: string; email?: string; country?: string }[];
}

src/protocol/tools.ts:260-270 (registration)

Tool registration as ToolDef with name 'st_whois', Zod schema for domain, and execute handler that calls stWhois().

const stWhoisTool: ToolDef = {
  name: "st_whois",
  description: "Enhanced WHOIS lookup via SecurityTrails with registrant/admin/technical contacts. Requires ST_API_KEY.",
  schema: {
    domain: z.string().describe("Domain to look up"),
  },
  execute: async (args, ctx) => {
    const key = requireApiKey(ctx.config.stApiKey, "SecurityTrails", "ST_API_KEY");
    return json(await stWhois(args.domain as string, key));
  },
};

src/protocol/tools.ts:504-507 (registration)
Tool listed in the allTools export array under SecurityTrails section.
```
// SecurityTrails (3)
stSubdomainsTool,
stDnsHistoryTool,
stWhoisTool,
```

src/index.ts:36-40 (registration)

Tool listed in SecurityTrails category requiring ST_API_KEY environment variable.

  { label: "Shodan", env: "SHODAN_API_KEY", tools: ["shodan_host", "shodan_search", "shodan_dns_resolve", "shodan_exploits"] },
  { label: "VirusTotal", env: "VT_API_KEY", tools: ["vt_domain", "vt_ip", "vt_subdomains", "vt_url"] },
  { label: "SecurityTrails", env: "ST_API_KEY", tools: ["st_subdomains", "st_dns_history", "st_whois"] },
  { label: "Censys", env: "CENSYS_API_ID + CENSYS_API_SECRET", tools: ["censys_hosts", "censys_host_details", "censys_certificates"] },
];

Tool Definition Quality

B3.4/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description must fully disclose behavior. It notes the API key requirement but does not explain rate limits, data freshness, response format, or error handling. For a tool with no annotations, this level of detail is insufficient for safe invocation.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is very concise, with two sentences that deliver the key points: the tool's purpose and its requirement. However, it could benefit from a slightly more structured format, such as separating the prerequisite from the functional description.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's simplicity (one parameter, no output schema), the description covers the essential points but lacks context about the response structure or how the contacts are returned. It is adequate for basic usage but incomplete for an agent needing to parse results.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The single parameter 'domain' has 100% schema coverage and a basic description. The tool description adds no additional meaning beyond the schema, such as format expectations or examples. Baseline 3 is appropriate as the schema already provides adequate information.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool performs an 'Enhanced WHOIS lookup' for a domain using SecurityTrails, specifying the types of contacts retrieved (registrant/admin/technical). This differentiates it from sibling tools like 'whois_domain' and 'whois_ip' by emphasizing the source and enhanced data.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description mentions 'Requires ST_API_KEY' as a prerequisite but does not provide explicit guidance on when to use this tool versus alternatives like 'whois_domain'. Usage context is implied by the specification of SecurityTrails, but no exclusions or comparisons are given.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/badchars/osint-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server