vt_subdomains
Enumerate subdomains for a domain using VirusTotal data to identify potential attack surfaces and infrastructure components.
Instructions
Enumerate subdomains for a domain via VirusTotal. Requires VT_API_KEY.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | Domain to enumerate subdomains for | |
| limit | No | Maximum subdomains to return (default: 40) |
Implementation Reference
- src/virustotal/index.ts:117-123 (handler)The implementation of the `vtSubdomains` function which fetches subdomains for a given domain from the VirusTotal API.
export async function vtSubdomains(domain: string, apiKey: string, limit = 40): Promise<VtSubdomainsResult> { const data = await vtFetch(`/domains/${encodeURIComponent(domain)}/subdomains?limit=${limit}`, apiKey); if (!data) return { domain, subdomains: [], total: 0 }; const subdomains: string[] = (data.data ?? []).map((d: any) => d.id); return { domain, subdomains, total: subdomains.length }; } - src/virustotal/index.ts:39-43 (schema)The TypeScript interface defining the result structure for `vt_subdomains`.
interface VtSubdomainsResult { domain: string; subdomains: string[]; total: number; } - src/protocol/tools.ts:206-217 (registration)The registration of the `vt_subdomains` tool within the tool definition framework.
const vtSubdomainsTool: ToolDef = { name: "vt_subdomains", description: "Enumerate subdomains for a domain via VirusTotal. Requires VT_API_KEY.", schema: { domain: z.string().describe("Domain to enumerate subdomains for"), limit: z.number().optional().describe("Maximum subdomains to return (default: 40)"), }, execute: async (args, ctx) => { const key = requireApiKey(ctx.config.vtApiKey, "VirusTotal", "VT_API_KEY"); return json(await vtSubdomains(args.domain as string, key, args.limit as number | undefined)); }, };