dns-intelligence
This skill uses Claude hooks which can execute code automatically in response to events. Review carefully before installing.
DNS Intelligence Skill
Purpose
Extract technology signals from DNS records including MX, TXT, NS, CNAME, and SRV records.
Operations
1. query_mx_records
Identify email provider from MX records.
Command:
dig +short MX {domain}
MX Record Detection Patterns:
{
"aspmx.l.google.com": {"service": "Google Workspace", "confidence": 95},
"googlemail.com": {"service": "Google Workspace", "confidence": 95},
"mail.protection.outlook.com": {"service": "Microsoft 365", "confidence": 95},
"pphosted.com": {"service": "Proofpoint", "confidence": 95},
"mimecast.com": {"service": "Mimecast", "confidence": 95},
"mailgun.org": {"service": "Mailgun", "confidence": 95},
"sendgrid.net": {"service": "SendGrid", "confidence": 95},
"amazonses.com": {"service": "AWS SES", "confidence": 95},
"mx.zoho.com": {"service": "Zoho Mail", "confidence": 95},
"secureserver.net": {"service": "GoDaddy Email", "confidence": 90},
"emailsrvr.com": {"service": "Rackspace Email", "confidence": 90},
"messagelabs.com": {"service": "Symantec Email Security", "confidence": 90},
"barracudanetworks.com": {"service": "Barracuda Email Security", "confidence": 90}
}
2. query_txt_records
Find service verification tokens in TXT records.
Command:
dig +short TXT {domain}
TXT Record Detection Patterns:
{
"google-site-verification=": {"service": "Google Search Console / Workspace", "confidence": 95},
"MS=ms": {"service": "Microsoft 365", "confidence": 95},
"facebook-domain-verification=": {"service": "Meta Business Suite", "confidence": 95},
"atlassian-domain-verification=": {"service": "Jira/Confluence Cloud", "confidence": 95},
"stripe-verification=": {"service": "Stripe", "confidence": 95},
"docusign=": {"service": "DocuSign", "confidence": 95},
"slack-domain-verification=": {"service": "Slack", "confidence": 95},
"zendesk-domain-verification=": {"service": "Zendesk", "confidence": 95},
"hubspot-developer-verification=": {"service": "HubSpot", "confidence": 95},
"apple-domain-verification=": {"service": "Apple Business", "confidence": 95},
"amazonses:": {"service": "AWS SES", "confidence": 95},
"mailchimp": {"service": "Mailchimp", "confidence": 90},
"pardot": {"service": "Salesforce Pardot", "confidence": 95},
"v=spf1": {"service": "SPF Record", "confidence": 100},
"v=DMARC1": {"service": "DMARC", "confidence": 100},
"DKIM1": {"service": "DKIM", "confidence": 100},
"have-i-been-pwned-verification=": {"service": "Have I Been Pwned", "confidence": 95},
"status-page-domain-verification=": {"service": "Statuspage", "confidence": 95},
"1password-site-verification=": {"service": "1Password", "confidence": 95}
}
3. query_ns_records
Identify DNS provider from NS records.
Command:
dig +short NS {domain}
NS Record Detection Patterns:
{
"cloudflare.com": {"service": "Cloudflare DNS", "confidence": 95},
"awsdns": {"service": "AWS Route 53", "confidence": 95},
"azure-dns.com": {"service": "Azure DNS", "confidence": 95},
"googledomains.com": {"service": "Google Domains DNS", "confidence": 95},
"dns.google": {"service": "Google Cloud DNS", "confidence": 95},
"ns-cloud": {"service": "Google Cloud DNS", "confidence": 90},
"digitalocean.com": {"service": "DigitalOcean DNS", "confidence": 95},
"domaincontrol.com": {"service": "GoDaddy DNS", "confidence": 95},
"name.com": {"service": "Name.com DNS", "confidence": 95},
"namecheap.com": {"service": "Namecheap DNS", "confidence": 95},
"dynect.net": {"service": "Oracle Dyn DNS", "confidence": 95},
"nsone.net": {"service": "NS1 DNS", "confidence": 95},
"ultradns.com": {"service": "UltraDNS", "confidence": 95},
"constellix.com": {"service": "Constellix DNS", "confidence": 95}
}
4. query_cname_records
Detect CDN/hosting delegations from CNAME records.
Command:
dig +short CNAME {subdomain}.{domain}
CNAME Detection Patterns:
{
"cloudfront.net": {"tech": "AWS CloudFront", "type": "CDN", "confidence": 95},
"azureedge.net": {"tech": "Azure CDN", "type": "CDN", "confidence": 95},
"akamaiedge.net": {"tech": "Akamai", "type": "CDN", "confidence": 95},
"fastly.net": {"tech": "Fastly", "type": "CDN", "confidence": 95},
"cdn.cloudflare.net": {"tech": "Cloudflare CDN", "type": "CDN", "confidence": 95},
"netlify.app": {"tech": "Netlify", "type": "Hosting", "confidence": 95},
"vercel.app": {"tech": "Vercel", "type": "Hosting", "confidence": 95},
"vercel-dns.com": {"tech": "Vercel", "type": "Hosting", "confidence": 95},
"herokuapp.com": {"tech": "Heroku", "type": "PaaS", "confidence": 95},
"pages.dev": {"tech": "Cloudflare Pages", "type": "Hosting", "confidence": 95},
"firebaseapp.com": {"tech": "Firebase Hosting", "type": "Hosting", "confidence": 95},
"web.app": {"tech": "Firebase Hosting", "type": "Hosting", "confidence": 95},
"shopify.com": {"tech": "Shopify", "type": "E-commerce", "confidence": 95},
"myshopify.com": {"tech": "Shopify", "type": "E-commerce", "confidence": 95},
"squarespace.com": {"tech": "Squarespace", "type": "Website Builder", "confidence": 95},
"wixsite.com": {"tech": "Wix", "type": "Website Builder", "confidence": 95},
"ghost.io": {"tech": "Ghost", "type": "CMS", "confidence": 95},
"webflow.io": {"tech": "Webflow", "type": "Website Builder", "confidence": 95},
"zendesk.com": {"tech": "Zendesk", "type": "Support", "confidence": 95},
"salesforce.com": {"tech": "Salesforce", "type": "CRM", "confidence": 95}
}
5. query_srv_records
Find enterprise services from SRV records.
Command:
dig +short SRV _sip._tcp.{domain}
dig +short SRV _sipfederationtls._tcp.{domain}
dig +short SRV _xmpp-server._tcp.{domain}
SRV Record Detection Patterns:
{
"_sip._tcp": {"service": "SIP/VoIP", "confidence": 80},
"_sipfederationtls._tcp": {"service": "Microsoft Teams/Skype for Business", "confidence": 95},
"_xmpp-server._tcp": {"service": "XMPP Server (Jabber)", "confidence": 90},
"_caldav._tcp": {"service": "CalDAV Calendar", "confidence": 85},
"_carddav._tcp": {"service": "CardDAV Contacts", "confidence": 85},
"_ldap._tcp": {"service": "LDAP Directory", "confidence": 80}
}
Output
{
"skill": "dns_intelligence",
"domain": "string",
"results": {
"mx_records": [
{
"priority": "number",
"exchange": "string",
"service_detected": "Google Workspace",
"confidence": 95
}
],
"txt_records": [
{
"value": "string",
"service_detected": "string",
"record_type": "verification|spf|dkim|dmarc|other",
"confidence": "number"
}
],
"ns_records": [
{
"nameserver": "string",
"service_detected": "string",
"confidence": "number"
}
],
"cname_records": [
{
"subdomain": "string",
"target": "string",
"service_detected": "string",
"service_type": "CDN|Hosting|PaaS|Other",
"confidence": "number"
}
],
"srv_records": [
{
"service": "string",
"protocol": "string",
"target": "string",
"service_detected": "string",
"confidence": "number"
}
],
"services_summary": {
"email_provider": "string",
"dns_provider": "string",
"cdn_provider": "string",
"hosting_provider": "string",
"third_party_services": ["array"]
}
},
"evidence": [
{
"type": "dns_record",
"record_type": "MX|TXT|NS|CNAME|SRV",
"query": "string",
"response": "string",
"timestamp": "ISO-8601"
}
]
}
Rate Limiting
- DNS queries: No hard limit (local resolver)
- 2 second delay between batches of queries
- Respect DNS TTL values
Error Handling
- NXDOMAIN: Record doesn't exist (not an error)
- SERVFAIL: DNS server error (retry once)
- Timeout: Retry with backup resolver
- Continue with partial results on failures
Security Considerations
- Use public DNS resolvers only
- Do not attempt zone transfers
- Log all queries for audit trail
- Cache results respecting TTL
More from transilienceai/communitytools
hackerone
HackerOne bug bounty automation - parses scope CSVs, deploys parallel pentesting agents for each asset, validates PoCs, and generates platform-ready submission reports. Use when testing HackerOne programs or preparing professional vulnerability submissions.
50reconnaissance
Domain assessment and web application mapping - subdomain discovery, port scanning, endpoint enumeration, API discovery, and attack surface analysis.
40ai-threat-testing
Offensive AI security testing and exploitation framework. Systematically tests LLM applications for OWASP Top 10 vulnerabilities including prompt injection, model extraction, data poisoning, and supply chain attacks. Integrates with pentest workflows to discover and exploit AI-specific threats.
38osint
Open-source intelligence gathering - company repository enumeration, secret scanning, git history analysis, employee footprint, and code exposure discovery.
37social-engineering
Social engineering testing - phishing, pretexting, vishing, and physical security assessment techniques.
37source-code-scanning
Security-focused source code review and SAST. Scans for vulnerabilities (OWASP Top 10, CWE Top 25), CVEs in third-party dependencies/packages, hardcoded secrets, malicious code, and insecure patterns. Use when given source code, a repo path, or asked to "audit", "scan", "review" code security, or "check dependencies for CVEs".
35