You're viewing a demo portfolio

Join the waitlist
PRSM

check_subdomain_takeover

Active

Tool of com.blackveilsecurity/dns

declared in 3.29.5

Sweep subdomains for dangling CNAMEs pointing to deprovisioned cloud services that could be claimed by an attacker (subdomain takeover vulnerabilities). Detects 16 provider families (AWS S3/CloudFront, Azure Front Door/CDN/Blob/App Service, GCP Cloud Storage, Heroku, GitHub Pages, Vercel, Firebase, Shopify, etc.). Use when asked if subdomains are pointing to deprovisioned cloud services. Pair with discover_subdomains for full inventory.

Parameters schema

{
  "type": "object",
  "required": [
    "domain"
  ],
  "properties": {
    "domain": {
      "type": "string",
      "maxLength": 253,
      "minLength": 1,
      "description": "Domain to check (e.g., example.com)."
    },
    "format": {
      "enum": [
        "full",
        "compact"
      ],
      "type": "string",
      "description": "Output verbosity. Auto-detected if omitted."
    },
    "subdomains": {
      "type": "array",
      "items": {
        "type": "string",
        "maxLength": 253,
        "minLength": 1
      },
      "maxItems": 1000,
      "description": "Optional explicit subdomain list (full FQDNs or short labels). When provided (deduped, capped at 1000), this list is swept instead of the 15-name built-in. Source from Certificate-Transparency enumeration or brand-audit discovery."
    },
    "force_refresh": {
      "type": "boolean",
      "description": "Bypass cache and run a fresh check. Useful after DNS changes."
    }
  }
}

What this tool wraps· 1 endpoint

min confidence0.700.50

Parent server

com.blackveilsecurity/dns

https://github.com/MadaBurns/bv-mcp

2/7 registries
View full server →
check_subdomain_takeover — com.blackveilsecurity/dns — PRSM MCP