bv-mcp

Open-source DNS & email security scanner. One MCP endpoint, 57 checks, zero install. Cloudflare Workers.

agentic ai ai-tools cloudflare-workers cybersecurity dkim dmarc dns-security typescript

Description

Open-source DNS & email security scanner. One MCP endpoint, 57 checks, zero install. Cloudflare Workers.

README

BLACKVEIL DNS

Know where you stand.

Open-source DNS & email security scanner for Claude, Cursor, VS Code, and MCP clients across Streamable HTTP, stdio, and legacy HTTP+SSE.

Try it in 30 seconds

Claude Desktop (one-click install):

Download the Blackveil DNS extension and open it — all 51 tools available instantly. Verify your download.

Claude Code (one command):

claude mcp add --transport http blackveil-dns https://dns-mcp.blackveilsecurity.com/mcp

Then ask: scan anthropic.com

Smithery (one command):

smithery mcp add MadaBurns/bv-mcp

Verify the endpoint is live:

curl https://dns-mcp.blackveilsecurity.com/health

No install. No API key. One URL for hosted HTTP:

Endpoint   https://dns-mcp.blackveilsecurity.com/mcp
Transport  Streamable HTTP · JSON-RPC 2.0
Auth       None required

Transport support:

Streamable HTTP: POST /mcp, GET /mcp, DELETE /mcp
Native stdio: blackveil-dns-mcp CLI from the blackveil-dns npm package
Legacy HTTP+SSE: GET /mcp/sse bootstrap stream plus POST /mcp/messages?sessionId=...

What you get

80+ checks across 20 categories — SPF, DMARC, DKIM, DNSSEC, SSL/TLS, MTA-STS, NS, CAA, MX, BIMI, TLS-RPT, subdomain takeover, lookalike domains, HTTP security headers, DANE, shadow domains, TXT hygiene, MX reputation, SRV, zone hygiene
Maturity staging — Stage 0-4 classification (Unprotected to Hardened) with score-based capping to prevent inflated labels
Trust surface analysis — detects shared SaaS platforms (Google, M365, SendGrid) and cross-references DMARC enforcement to determine real exposure
Guided remediation — generate_fix_plan produces provider-aware prioritized actions; record generators output ready-to-publish records; validate_fix confirms whether a fix was applied successfully
Supply chain mapping — map_supply_chain correlates DNS signals to build a full third-party dependency graph with trust levels and risk signals
Attack path simulation — simulate_attack_paths enumerates specific paths (spoofing, takeover, hijack) with severity, steps, and mitigations
Compliance mapping — map_compliance maps scan findings to NIST 800-177, PCI DSS 4.0, SOC 2, and CIS Controls
Self-tuning scoring — adaptive weights adjust category importance based on patterns seen across scans via Durable Object telemetry
Per-tier analytics — usage tracking by auth tier with operator API for tier summaries, key-level usage, and daily digests
Passive and read-only — all checks use public Cloudflare DNS-over-HTTPS; no authorization required from the target

Tools

  51 MCP tools · 7 prompts · 6 resources

  Email Auth           Infrastructure        Brand & Threats       Meta
 ────────────         ────────────────       ─────────────────    ──────────────────────
  check_spf            check_dnssec           check_bimi           scan_domain
  check_dmarc          check_ns               check_tlsrpt         batch_scan
  check_dkim           check_caa              check_lookalikes     compare_domains
  check_mta_sts        check_ssl              check_shadow_domains compare_baseline
  check_mx             check_http_security                         explain_finding
  check_mx_reputation  check_dane             Intelligence
  check_subdomailing   check_dane_https      ──────────────       Remediation
                       check_svcb_https       get_benchmark       ──────────────
  DNS Hygiene          check_srv              get_provider_        generate_fix_plan
 ────────────          check_zone_hygiene       insights           generate_spf_record
  check_txt_hygiene    check_resolver_        assess_spoofability  generate_dmarc_record
                         consistency          map_supply_chain     generate_dkim_config
                                              resolve_spf_chain    generate_mta_sts_policy
                                              discover_subdomains  generate_rollout_plan
                                              map_compliance       validate_fix
                                              simulate_attack_paths
                                              analyze_drift

  + check_subdomain_takeover (internal — runs inside scan_domain)

Quality & Reliability

The server is continuously validated using a comprehensive chaos test suite that covers all 9 detected MCP client types:

Interactive clients: claude_code, cursor, vscode, claude_desktop, windsurf (auto-format: compact)
Non-interactive clients: mcp_remote, blackveil_dns_action, bv_claude_dns_proxy, unknown (auto-format: full)

The test suite ensures session stability, authentication precedence, and transport-specific edge cases across Streamable HTTP and Legacy SSE.

Run the chaos tests locally: python3 scripts/chaos/chaos-test-clients.py

Architecture

  MCP Client
      │
      │  POST /mcp (JSON-RPC 2.0)
      │
  ┌───▼──────────────────────┐
  │  Cloudflare Worker       │
  │                          │
  │  Hono ─► Origin check    │
  │       ─► Auth            │
  │       ─► Rate limiting   │
  │       ─► Session mgmt    │
  └───┬──────────────────────┘
      │
  ┌───▼──────────────────────┐
  │  Tool Handlers           │
  │  16 checks in parallel   │
  └───┬──────────────────────┘
      │
  ┌───▼──────────────────────┐
  │  Generic Scoring Engine  │
  │  Three-tier model        │
  └───┬──────────────────────┘
      │
  ┌───▼──────────────────────┐
  │  Cloudflare DoH          │
  │  DNS-over-HTTPS          │
  └──────────────────────────┘

Generic Scoring Engine: Runtime-agnostic, string-keyed three-tier scoring with configurable weights
WASM Policy Engine: High-performance permission and token checks via bv-wasm-core
Reliable Sessions: Hardened tombstone logic prevents race-condition revival of terminated sessions
Adaptive Scoring: Durable Object telemetry adjusts weights based on real-world distributions
Client Awareness: Automatic response formatting (compact vs full) based on client User-Agent

Client setup

The free tier requires no authentication. Authenticated requests bypass per-IP rate limits and follow your tier's daily quota. Three authentication methods are supported:

Header: Authorization: Bearer <KEY>
Query Param: ?api_key=<KEY> (for clients that can't send custom headers — Smithery, Claude Code)
OAuth 2.1: authorization-code flow with PKCE, discovered via /.well-known/oauth-authorization-server — used by the Claude mobile custom connector.

For full hosted setup examples, stdio usage, OAuth setup, and legacy fallback endpoints, see docs/client-setup.md.

Pricing

	Free	Pro	Enterprise
Price	$0	$39/mo	Contact us
Scans/day	75	500	10,000+
Checks/day	200	5,000	Unlimited
Rate limit	50 req/min	None	None
API access	Yes	Yes	Yes
MCP access	Yes	Yes	Yes

Example prompts

These demonstrate core functionality — paste any of them into Claude with the Blackveil DNS connector enabled:

Prompt	What it does
`Scan blackveilsecurity.com and tell me what needs fixing`	Full security audit — score, grade, prioritized findings
`Compare the email security of google.com and microsoft.com`	Side-by-side comparison of two domains' postures
`Generate a DMARC record for example.com with reject policy`	Produces a ready-to-publish DNS record
`What attack paths exist for example.com?`	Enumerates spoofing, takeover, and hijack vectors
`Map example.com's compliance against NIST 800-177`	Maps findings to compliance framework controls

Support

Bug reports & feature requests: GitHub Issues
Security vulnerabilities: security@blackveilsecurity.com (see SECURITY.md)
General questions: GitHub Discussions

Responsible use

This tool is intended for authorized security assessments of domains you own or have explicit permission to test. Do not use it for unauthorized reconnaissance, harassment, or any activity that violates applicable laws. Findings from attack simulation, spoofability, and subdomain discovery tools should be used to improve your own security posture, not to exploit others.

If you discover a vulnerability in a third-party domain, please follow coordinated disclosure practices.

Built and maintained by BLACKVEIL — NZ-owned cybersecurity consultancy.

Release History

Version	Changes	Urgency	Date
v2.9.2	Release 2.9.2	High	4/21/2026
v2.9.1	### Changed - Dev dependencies: bumped `wrangler` to `^4.83.0`. - Repo tooling: added `.intent/` workspace config and new harness scripts (`scripts/context-usage-test.py`, `scripts/conversation-sim.py`, `scripts/output-usage-test.py`) plus tranco scan-result snapshots under `scripts/`. Dev-only; no runtime or published-package impact. - `.gitignore`: removed duplicate `.mcp.json` entry.	High	4/19/2026
v2.9.0	Release v2.9.0	High	4/19/2026
v2.8.1	### Added - Issue tracker triage automation (`.github/workflows/triage-issues.yml`): on `issues: [opened, edited]`, matches six promotional-pattern regexes against title + body; applies `possibly-promotional` label and posts a single automated comment on initial open. Labels only — never auto-closes — so genuine feature requests aren't silently dropped. Workflow reads untrusted event payload fields via `env:` (no expression-injection risk). - Issue template config (`.github/ISSUE_TEMPLA	High	4/18/2026
v2.8.0	### Added - `DohOutcome` discriminated type (`src/lib/dns-types.ts`, `src/lib/dns-transport.ts`): DoH transport now returns a discriminated `{ kind: 'ok'; response } \| { kind: 'error'; reason: 'timeout' \| 'network' \| 'parse' \| 'http' }` outcome. Callers can distinguish transport failures from "no records" results. Legacy `DohResponse \| null` shape still available via `toNullable()`. - Unconfirmed secondary-resolver sentinel (`src/lib/dns-transport.ts`): `confirmWithSecondaryResolvers` r	High	4/18/2026
v2.7.1	### Fixed - `check_svcb_https` wire-format parsing (`packages/dns-checks/src/checks/check-svcb-https.ts`): Cloudflare DoH JSON returns HTTPS (type 65) records in RFC 3597 wire format (`\# <length> <hex>`) rather than the human-readable presentation form. The previous regex-based parsers (`parseAlpn`, `hasEch`, `parsePriority`) only recognised presentation format, so every domain whose HTTPS record was resolved via Cloudflare DoH was incorrectly flagged with `HTTPS record missing ALPN parame	Medium	4/13/2026
v2.7.0	### Added - 7 new intelligence tools inspired by [mclose/dns-mcp](https://github.com/mclose/dns-mcp), adapted for Cloudflare Workers: - `check_rbl` — Check MX server IP reputation against 8 DNS-based Real-time Blocklists (Spamhaus ZEN, SpamCop, UCEProtect L1/L2, Mailspike, Barracuda, PSBL, SORBS) - `check_dbl` — Check domain reputation against Spamhaus DBL, URIBL, and SURBL with bitmask return code decoding - `cymru_asn` — Map domain IPs to Autonomous System Numbers via Team Cymru DNS	Medium	4/13/2026
v2.6.7	### Added - Score Stability layers — three targeted mitigations for transient upstream variance that was causing repeat scans of the same domain to occasionally return different scores: - DNSSEC AD flag confirmation probe (`src/tools/check-dnssec.ts`): when the primary Cloudflare resolver reports "DNSSEC validation failing" (AD=false with DNSKEY+DS records present), a confirmation query is fired to Google DoH. If Google confirms AD=true, the check re-runs with the corrected flag. Reso	Medium	4/10/2026
v2.6.5	Release 2.6.5	Medium	4/9/2026
v2.3.5	### Fixed - Lint error — removed unused `interactive` variable in tool handler introduced in v2.3.4. - vite 8.0.4 → 8.0.5 — patched 3 high-severity CVEs (path traversal, fs.deny bypass, WebSocket file read).	Medium	4/6/2026
v2.3.2	### Added - Expanded test coverage — new test files for tool handler dispatch, MCP execute flow, output sanitization, tool execution logging, and security audit assertions (+4,000 lines). - Tranco benchmark scripts — `scripts/tranco-scan.mjs` (top-1000 scan) and `scripts/tranco-deep-scan.mjs` (29-tool deep analysis) for production performance benchmarking. ### Fixed - Hardcoded API key removed — Tranco scripts now read `BV_API_KEY` from environment variable instead of embedding cre	Medium	4/6/2026
v2.2.1	Release 2.2.1	Medium	4/5/2026
v2.1.28	Release 2.1.28	Medium	4/4/2026
v2.1.27	Release 2.1.27	Medium	4/4/2026
v2.1.25	Release 2.1.25	Medium	4/3/2026
v2.1.24	Release 2.1.24	Medium	4/3/2026
v2.1.23	Release 2.1.23	Medium	4/3/2026
v2.1.22	Release 2.1.22	Medium	4/1/2026
v2.1.18	Release v2.1.18	Medium	4/1/2026
v2.1.17	### Changed - CLAUDE.md: documented `?api_key=` query param auth, SPF `~all` soft-fail downgrade rule, and Smithery listing/configSchema integration.	Medium	4/1/2026
v2.1.16	### Changed - Documentation: updated Claude Code API key setup to use `?api_key=` query parameter as primary method; added Smithery connection instructions; updated test count.	Medium	4/1/2026
v2.1.15	Release 2.1.15	Medium	4/1/2026
v2.1.14	Release 2.1.14	Medium	4/1/2026
v2.1.13	Release 2.1.13	Medium	3/31/2026
v2.1.12	Release 2.1.12	Medium	3/31/2026
v2.1.11	Release 2.1.11	Medium	3/31/2026
v2.1.10	Release 2.1.10	Medium	3/30/2026
v2.1.0	## What's New 8 new tools bringing the total to 41 MCP tools. Major focus on intelligence, remediation, and compliance. ### New Intelligence Tools - `resolve_spf_chain` — Recursive SPF include tree with DNS lookup counting against RFC 7208 10-lookup limit - `discover_subdomains` — CT log subdomain discovery via `bv-certstream-worker` service binding (cached, no rate limiting) with crt.sh fallback - `map_supply_chain` — Third-party dependency graph correlating SPF, NS, TXT verif	Medium	3/30/2026
v2.0.7	## Security Fixes All findings from the v2.0.6 security audit have been resolved. ### HIGH - Method name reflection (`dispatch.ts`) — User-controlled JSON-RPC method names were reflected verbatim in error responses, creating an injection vector for downstream clients. Now uses static `'Method not found'` message. - ReDoS in post-processing (`post-processing.ts`) — The regex `/(no\s+.+\s+record\|...)/ ` in `isMissingRecordFinding()` contained a catastrophic backtracking pattern that cou	Medium	3/26/2026
v2.0.6	## Highlights - Session hardening — Memory leak fix, ID format validation, re-initialize invalidation, legacy SSE stream cap - Cache improvements — `force_refresh` + `cacheTtlSeconds` propagate to per-check caches, deferred scan cache writes - Structured logging — All KV/DO fallback paths use `logError()` instead of `console.warn()`, visible to alerting pipeline - Scoring accuracy — Maturity stage score-capping, DANE finding deduplication, BIMI non-mail domain text - **Security	Medium	3/26/2026
v1.4.3	## Highlights This release adds intelligence features, guided remediation, interaction scoring, and context-optimized schemas — building on the v1.2.0 transport foundation. ### Intelligence Layer (Phase 2-3) - `get_benchmark` — percentile rankings and 7-day trend analysis from anonymized scan telemetry - `get_provider_insights` — provider cohort score comparisons - `assess_spoofability` — composite 0-100 email spoofability score from SPF trust surface, DMARC enforce	Low	3/21/2026
v1.2.0	## What's New Universal MCP transport support — three first-party transports, all driven by a single shared executor. ### Transport Matrix \| Transport \| Endpoint \| Use Case \| \|-----------\|----------\|----------\| \| Streamable HTTP \| `POST /mcp` \| Modern MCP clients (VS Code, Cursor, Claude Code) \| \| Native stdio \| `blackveil-dns-mcp` CLI \| Local-only clients (Claude Desktop) \| \| Legacy HTTP+SSE \| `GET /mcp/sse` + `POST /mcp/messages` \| Older MCP clients \| ### Highlights - **Sh	Low	3/13/2026
v1.0.0	## Blackveil DNS v1.0.0 Open-source DNS & email security scanner running on Cloudflare Workers. ### Features - 11 MCP tools: SPF, DMARC, DKIM, DNSSEC, SSL/TLS, MTA-STS, NS, CAA, MX checks + full domain scan - Subdomain takeover detection with confidence-based verification - 0-100 security scoring with letter grades (A+ through F) - Plain-English explanations using everyday analogies — guest lists, wax seals, padlocks - 55+ detail-aware explanations that match specific findi	Low	3/8/2026

Dependencies & License Audit

Loading dependencies...

Similar Packages

terminal-mcp🖥️ Enhance your terminal interactions by allowing AI to see and control your session for real-time debugging and automation.main@2026-04-21

claude-code-safety-net🛡️ Enhance code safety with Claude Code Safety Net, a tool designed to identify and mitigate risks in your codebase effectively.main@2026-04-21

codex-mcp-server🚀 Connect your IDE or AI assistant to the Codex CLI with this open-source MCP server for efficient automation and robust code analysis.main@2026-04-21

mcp-ts-coreAgent-native TypeScript framework for building MCP servers. Build tools, not infrastructure.main@2026-04-21

photonDefine intent once. Photon turns a single TypeScript file into CLI tools, MCP servers, and web interfaces.v1.23.1