/ audit · 05
Domain Inspector
DNS, WHOIS, HTTP redirects, TLS certificate and email security (SPF / DMARC / MTA-STS) of a domain — resolved live.
Lookup
// Enter a domain to run the lookup.
Coverage
- A / AAAA — IPv4 / IPv6
- MX — mail servers, priority
- TXT — SPF, DKIM, DMARC, verifications
- NS — domain nameservers
- CNAME / SOA — aliases, start of authority
- CAA — certificate authorities (if supported)
- whois — registrar, dates, status, nameservers
- TLS — subject, issuer, validity, SAN, days remaining
- email — SPF, DMARC, MTA-STS detected via DNS TXT
- redirects — http/https + www follow, up to 10 hops
- DNSSEC — DS, DNSKEY, AD flag (Cloudflare DoH)
- PTR / GeoIP / ASN — PTR, country, ASN, hosting
- SPF / DMARC / DKIM — SPF policy, DMARC parsing, DKIM probing
- MTA-STS / TLS-RPT / BIMI — MTA-STS HTTPS policy, TLS-RPT reports, BIMI logo
- Supported TLS versions — TLS 1.0/1.1/1.2/1.3 supported
- HTTPS RR / SVCB / TLSA — modern DNS records
- MX health — MX resolution, MX-as-CNAME detection
- External ownership verifications — ownership verifications (Google, M365, Facebook…)
- Discovered subdomains — exposed common subdomains
- Recommendations — prioritized by impact