vt_domain

vt_domain

Analyze domain reputation and security data using VirusTotal to identify threats, check detection statistics, and review DNS records for reconnaissance.

Instructions

VirusTotal domain analysis: reputation score, detection stats, categories, registrar, DNS records. Requires VT_API_KEY.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`domain`	Yes	Domain to analyze

Implementation Reference

src/virustotal/index.ts:66-88 (handler)

Handler implementation for the vt_domain tool.

export async function vtDomain(domain: string, apiKey: string): Promise<VtDomainResult> {
  const cacheKey = `vt:domain:${domain}`;
  const cached = cache.get(cacheKey);
  if (cached) return cached;

  const data = await vtFetch(`/domains/${encodeURIComponent(domain)}`, apiKey);
  if (!data) throw new Error(`Domain ${domain} not found on VirusTotal`);

  const attrs = data.data?.attributes ?? {};
  const result: VtDomainResult = {
    domain,
    reputation: attrs.reputation ?? 0,
    analysisStats: attrs.last_analysis_stats ?? { malicious: 0, suspicious: 0, undetected: 0, harmless: 0 },
    categories: attrs.categories ?? {},
    registrar: attrs.registrar,
    creationDate: attrs.creation_date,
    lastAnalysisDate: attrs.last_analysis_date,
    dnsRecords: attrs.last_dns_records?.map((r: any) => ({ type: r.type, value: r.value })),
  };

  cache.set(cacheKey, result);
  return result;
}

src/protocol/tools.ts:182-192 (registration)

Tool registration and schema definition for vt_domain.

const vtDomainTool: ToolDef = {
  name: "vt_domain",
  description: "VirusTotal domain analysis: reputation score, detection stats, categories, registrar, DNS records. Requires VT_API_KEY.",
  schema: {
    domain: z.string().describe("Domain to analyze"),
  },
  execute: async (args, ctx) => {
    const key = requireApiKey(ctx.config.vtApiKey, "VirusTotal", "VT_API_KEY");
    return json(await vtDomain(args.domain as string, key));
  },
};

src/virustotal/index.ts:18-27 (schema)

Result interface definition for the vt_domain tool.

interface VtDomainResult {
  domain: string;
  reputation: number;
  analysisStats: VtAnalysisStats;
  categories: Record<string, string>;
  registrar?: string;
  creationDate?: number;
  lastAnalysisDate?: number;
  dnsRecords?: { type: string; value: string }[];
}

osint-mcp-server

Instructions

Input Schema

Implementation Reference

Other Tools

Latest Blog Posts

MCP directory API