$ domainlooker

$ Inspect any domain,
in about a second.

A fast command-line suite and MCP server for pulling everything about a domain — registration, DNS, TLS, open ports, and subdomains — as clean tables or structured JSON.

npm i -g domainlooker Get started npm →

Command line

One tool, six views

Run the full report with the bare command, or reach for a single-aspect subcommand when you only need one thing. Add --export-json or --export-csv to any inspect.

CommandWhat it does
domainlooker <domain>Full report — WHOIS, DNS, SSL, ports, and advisories
whois <domain>Registration data via RDAP, with a port-43 WHOIS fallback
dns <domain>A, AAAA, MX, NS, TXT, and SOA records
ssl <domain>Certificate details and days until expiry
ports <domain>Scan common TCP ports and identify services
subdomains <domain>Discover subdomains via certificate transparency + common names
propagation <domain>Check DNS propagation across ~25 resolvers worldwide (--map for a world map)
mcpRun as an MCP server over stdio (below)
Try
domainlooker google.com github.com --subdomains --export-json report.json — inspects both domains in parallel and writes a structured document.

For AI agents

An MCP server, built in

Point any MCP client at domainlooker mcp and your agent can pull domain intelligence directly. inspect_domain results are cached for a few minutes, so repeat calls come back in milliseconds.

// add to your MCP client config
{
  "mcpServers": {
    "domainlooker": {
      "command": "domainlooker",
      "args": ["mcp"]
    }
  }
}
ToolReturns
inspect_domainEverything about a domain in one structured object (opt into ports/subdomains)
whois_lookupRegistrar, dates, name servers, status
dns_recordsAll DNS record types
ssl_certificateTLS certificate and expiry
scan_portsOpen ports and identified services
find_subdomainsDiscovered subdomains and their sources
dns_propagationPer-resolver answers worldwide + an in-sync percentage
Safe by default
Every MCP tool refuses IP literals and any host that resolves to a private, loopback, or link-local address — so an agent can't turn the server into an internal-network scanner.

Global view

Watch DNS propagate worldwide

After you change a record, propagation queries ~25 public resolvers across every inhabited continent — regional ISP resolvers plus the global anycast providers — and shows which are already in sync. It also surfaces GeoDNS differences, where regions legitimately return different answers.

# table of resolver answers + % in sync
domainlooker propagation example.com

# + a self-contained world map (crosses flip to ticks as regions sync)
domainlooker propagation example.com --map world.html

Performance

Fast on purpose

Every lookup runs in parallel, WHOIS uses RDAP (HTTP/JSON) before falling back to port-43, and timeouts are tight. The full report is bounded by its slowest single lookup, not their sum.

~1–2sFull report — WHOIS, DNS, SSL, and a port scan, in parallel
~0.9sQuick mode — registration, DNS, and TLS with the scan skipped
~2msCached — a repeat inspect_domain over MCP

Structured output

Tables for you, JSON for everything else

The CLI prints clean tables; --export-json writes a versioned schema with per-source status, a DNS summary, certificate validation, and rule-based advisories — ready to feed into automation.

{
  "domain": "github.com",
  "status": "success",
  "whois":  { "status": "success", "data": { "registrar": "MarkMonitor Inc." } },
  "dns":    { "status": "success", "data": { /* records + summary */ } },
  "ssl":    { "status": "success", "data": { "validation": { "daysUntilExpiry": 78 } } },
  "threatAssessment": { "overallRisk": "low" }
}