scan_domain
Run a comprehensive 8-point security audit on any domain. Checks SPF (email spoofing prevention), DMARC (email authentication policy), SSL/TLS certificate validity, HTTPS redirect enforcement, security headers (X-Frame-Options, Content-Security-Policy, Strict-Transport-Security, X-Content-Type-Options), DNSSEC (DNS integrity), open ports (exposed services on 21/22/23/25/80/443/3306/3389/5432/8080/8443), and MX records. Returns a letter grade A through F, numeric score 0-100, detailed per-check findings with pass/fail status, and a shareable report URL. Takes approximately 8 seconds. Use this when you need a fresh, comprehensive security assessment of a domain before interacting with it.
get_grade
Retrieve the most recent cached security grade for a domain without triggering a new scan. Returns the letter grade (A-F), numeric score (0-100), and timestamp of when the grade was last calculated. Results may be up to 24 hours old. Use this for quick lookups when you need a fast answer and don't require the freshest data — returns in under 200ms compared to ~8s for a full scan.
get_remediation
Get actionable, copy-paste fix instructions for every failing security check on a domain. Returns specific DNS TXT records to add (SPF, DMARC), server configuration snippets (Nginx, Apache, Cloudflare) for security headers and HTTPS redirects, and step-by-step instructions for enabling DNSSEC. Each fix includes the exact record or config to apply and which provider/panel to use. Use this after a scan to give users concrete steps they can hand to their DNS provider or sysadmin.
get_dependencies
Discover all third-party scripts, stylesheets, fonts, images, and iframes loaded by a domain's website. Returns each external resource with its type (script/stylesheet/image/iframe), host, and full URL. Useful for supply-chain risk assessment — reveals what external services the domain depends on and could be compromised through. Also useful for compliance audits and understanding a domain's technology stack.