check_subdomain_takeover
ActiveTool of com.blackveilsecurity/dns
Sweep subdomains for dangling CNAMEs pointing to deprovisioned cloud services that could be claimed by an attacker (subdomain takeover vulnerabilities). Detects 16 provider families (AWS S3/CloudFront, Azure Front Door/CDN/Blob/App Service, GCP Cloud Storage, Heroku, GitHub Pages, Vercel, Firebase, Shopify, etc.). Use when asked if subdomains are pointing to deprovisioned cloud services. Pair with discover_subdomains for full inventory.
Parameters schema
{
"type": "object",
"required": [
"domain"
],
"properties": {
"domain": {
"type": "string",
"maxLength": 253,
"minLength": 1,
"description": "Domain to check (e.g., example.com)."
},
"format": {
"enum": [
"full",
"compact"
],
"type": "string",
"description": "Output verbosity. Auto-detected if omitted."
},
"subdomains": {
"type": "array",
"items": {
"type": "string",
"maxLength": 253,
"minLength": 1
},
"maxItems": 1000,
"description": "Optional explicit subdomain list (full FQDNs or short labels). When provided (deduped, capped at 1000), this list is swept instead of the 15-name built-in. Source from Certificate-Transparency enumeration or brand-audit discovery."
},
"force_refresh": {
"type": "boolean",
"description": "Bypass cache and run a fresh check. Useful after DNS changes."
}
}
}Parent server
com.blackveilsecurity/dns
https://github.com/MadaBurns/bv-mcp
2/7 registries