When you command many domains or even just a few domains, what tools do you use to understand the various services your domain uses?
Domain profiler is a tool by Joël Franusic that generates profile reports on “Decisions that cost money”. It leverages information from various sources such as Whois, DNS, SSL, ASN and more to determine what decisions have been made regarding a domain or list of domains.
These decisions fall into two categories:
Decisions that cost money
- Where the website is hosted?
- Where DNS is hosted?
- Where email is hosted?
- What is the registrar of the domain?
- Who issued the domain’s SSL certificate (if anybody)?
- What sort of SSL certificate the domain has (if any)?
Decisions that might or might not cost money
- Does the website use an image host like S3 or Imageshack?
- Does the domain have SPF records? If so, what values?
- What TTL do the DNS records have?
- What is the Expiration date for domain?
- What is expiration date for SSL certificate?
- Is there more than one result for the A, MX, or NS records?
- Are services hosted in different Autonomous Systems?
- Are all services (A, MX, NS) in the same AS?
- Does the main webpage have valid XHTML?
- What type of frontend is the domain using?
- What type of mailserver is the domain using?
- Does the domain have a “*” record in DNS?
Take a peek at this example report for Y Combinator domains.
So how do I use it?
There are two tools that ship with the current version of Domain Profiler. Before you get started you’ll need to install Matt Aimonetti’s googlecharts gem.
gem install googlecharts
Next you need to fork it and pull down your copy.
git clone firstname.lastname@example.org:YOURUSERNAME/domain-profiler.git
The first command is a quick gist for a single domain that outputs to the prompt.
Let’s see this in action
$ ./profile thechangelog.com ==========[ thechangelog.com ]========== Web Hosting: (Rackspace) 18.104.22.168 DNS Hosting: (Go Daddy) ns39.domaincontrol.com. ns40.domaincontrol.com. Email Hosting: (Google) 10 ASPMX.L.GOOGLE.com. 20 ALT1.ASPMX.L.GOOGLE.com. 30 ALT2.ASPMX.L.GOOGLE.com. 40 ASPMX2.GOOGLEMAIL.com. 50 ASPMX3.GOOGLEMAIL.com. Domain Registrar: (Go Daddy) SSL Issuer: (none) Common Name: none
The second command reads a file that contains a list of domains and generates an HTML-based report like the Y Combinator report shown above, only this time it’s GitHub.com and a few of their known domains.
Let’s see this in action (assuming the file exists)
$ ./profile-list github-list "GitHub" > github.html Fetching data for github.com: DNS Whois SSL ... Fetching data for jobs.github.com: DNS Whois SSL ... Fetching data for status.github.com: DNS Whois SSL ... Fetching data for shop.github.com: DNS Whois SSL ... Fetching data for develop.github.com: DNS Whois SSL ...
Once the above has completed it’s routine, it dumps the output from the report to
github.html. The trailing “GitHub” on the command adds that as a title to the html output file. Below is an example of what you’ll see.