A fast command-line suite and MCP server for pulling everything about a domain — registration, DNS, TLS, open ports, and subdomains — as clean tables or structured JSON.
Command line
Run the full report with the bare command, or reach for a single-aspect subcommand when you only need one thing. Add --export-json or --export-csv to any inspect.
| Command | What it does |
|---|---|
| domainlooker <domain> | Full report — WHOIS, DNS, SSL, ports, and advisories |
| whois <domain> | Registration data via RDAP, with a port-43 WHOIS fallback |
| dns <domain> | A, AAAA, MX, NS, TXT, and SOA records |
| ssl <domain> | Certificate details and days until expiry |
| ports <domain> | Scan common TCP ports and identify services |
| subdomains <domain> | Discover subdomains via certificate transparency + common names |
| mcp | Run as an MCP server over stdio (below) |
domainlooker google.com github.com --subdomains --export-json report.json — inspects both domains in parallel and writes a structured document.For AI agents
Point any MCP client at domainlooker mcp and your agent can pull domain intelligence directly. inspect_domain results are cached for a few minutes, so repeat calls come back in milliseconds.
// add to your MCP client config { "mcpServers": { "domainlooker": { "command": "domainlooker", "args": ["mcp"] } } }
| Tool | Returns |
|---|---|
inspect_domain | Everything about a domain in one structured object (opt into ports/subdomains) |
whois_lookup | Registrar, dates, name servers, status |
dns_records | All DNS record types |
ssl_certificate | TLS certificate and expiry |
scan_ports | Open ports and identified services |
find_subdomains | Discovered subdomains and their sources |
Performance
Every lookup runs in parallel, WHOIS uses RDAP (HTTP/JSON) before falling back to port-43, and timeouts are tight. The full report is bounded by its slowest single lookup, not their sum.
inspect_domain over MCPStructured output
The CLI prints clean tables; --export-json writes a versioned schema with per-source status, a DNS summary, certificate validation, and rule-based advisories — ready to feed into automation.
{
"domain": "github.com",
"status": "success",
"whois": { "status": "success", "data": { "registrar": "MarkMonitor Inc." } },
"dns": { "status": "success", "data": { /* records + summary */ } },
"ssl": { "status": "success", "data": { "validation": { "daysUntilExpiry": 78 } } },
"threatAssessment": { "overallRisk": "low" }
}