MCP Tool · Validation
subdomain_takeover_check
Given a subdomain, resolve its CNAME and test whether the target is a dangling third-party service (GitHub Pages, Heroku, S3, Fastly, Shopify, Pantheon, Ghost, Tumblr, Wufoo, Tilda).
Input
| Name | Type | Required | Description |
|---|---|---|---|
| subdomain | string | yes | Subdomain to check (e.g. shop.example.com). |
REST API
curl -H "Authorization: Bearer sic_..." \
-H "Content-Type: application/json" \
-X POST https://sicenter.io/api/tools/subdomain_takeover_check \
-d '{"subdomain":"<string>"}'MCP server
# MCP — call from Claude Desktop, Cursor, or any MCP client
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "subdomain_takeover_check",
"arguments": {
"subdomain": "<string>"
}
}
}Endpoint: https://sicenter.io/api/mcp. See /mcp for connection guides for Claude Desktop, Cursor, and custom orchestrators.
More tools in Validation
- spoofing_simulatorOffline SPF/DMARC/DKIM analysis for an asset — computes a spoof-risk score (0-100) and a safe/mitigated/vulnerable verdict with no email sent.
- cred_leak_confirmPassively checks whether emails associated with an asset appear in known breach datasets (HIBP v3). No passwords are retrieved or replayed — read-only breach metadata only.
- exposure_confirmRe-validates a finding's exposed port with a single TCP connect (no payload). Returns whether the service is still publicly reachable.
- cloud_config_auditDetect cloud misconfigurations via passive HTTP header inspection: CDN fingerprints, direct-S3 serving, overly permissive CORS. HEAD + OPTIONS only — no authentication required.
Browse the full MCP server documentation or jump to the API key management page in your dashboard.