domain-intel: Research for Claude Code | AI Skill Market | AI Skill Market

AI Skill Market Insights

Real data. Real impact.

Popularity

Rising

Emerging

Active Users

Developers

Time Saved

2+ hrs

Per week

Quality

4/5

Excellent

Be Part of the 0+ Developer Community

Skills give you superpowers. Install in 30 seconds.

Domain Intelligence — Passive OSINT

Passive domain reconnaissance using only Python stdlib. Zero dependencies. Zero API keys. Works on Linux, macOS, and Windows.

Helper script

This skill includes

scripts/domain_intel.py

— a complete CLI tool for all domain intelligence operations.

# Subdomain discovery via Certificate Transparency logs
python3 SKILL_DIR/scripts/domain_intel.py subdomains example.com

# SSL certificate inspection (expiry, cipher, SANs, issuer)
python3 SKILL_DIR/scripts/domain_intel.py ssl example.com

# WHOIS lookup (registrar, dates, name servers — 100+ TLDs)
python3 SKILL_DIR/scripts/domain_intel.py whois example.com

# DNS records (A, AAAA, MX, NS, TXT, CNAME)
python3 SKILL_DIR/scripts/domain_intel.py dns example.com

# Domain availability check (passive: DNS + WHOIS + SSL signals)
python3 SKILL_DIR/scripts/domain_intel.py available coolstartup.io

# Bulk analysis — multiple domains, multiple checks in parallel
python3 SKILL_DIR/scripts/domain_intel.py bulk example.com github.com google.com
python3 SKILL_DIR/scripts/domain_intel.py bulk example.com github.com --checks ssl,dns

SKILL_DIR

is the directory containing this SKILL.md file. All output is structured JSON.

Available commands

Command	What it does	Data source
`subdomains`	Find subdomains from certificate logs	crt.sh (HTTPS)
`ssl`	Inspect TLS certificate details	Direct TCP:443 to target
`whois`	Registration info, registrar, dates	WHOIS servers (TCP:43)
`dns`	A, AAAA, MX, NS, TXT, CNAME records	System DNS + Google DoH
`available`	Check if domain is registered	DNS + WHOIS + SSL signals
`bulk`	Run multiple checks on multiple domains	All of the above

When to use this vs built-in tools

Use this skill for infrastructure questions: subdomains, SSL certs, WHOIS, DNS records, availability
Use
web_search
for general research about what a domain/company does
Use
web_extract
to get the actual content of a webpage
Use
terminal
with
curl -I
for a simple "is this URL reachable" check

Task	Better tool	Why
"What does example.com do?"	`web_extract`	Gets page content, not DNS/WHOIS data
"Find info about a company"	`web_search`	General research, not domain-specific
"Is this website safe?"	`web_search`	Reputation checks need web context
"Check if a URL is reachable"	`terminal` with `curl -I`	Simple HTTP check
"Find subdomains of X"	This skill	Only passive source for this
"When does the SSL cert expire?"	This skill	Built-in tools can't inspect TLS
"Who registered this domain?"	This skill	WHOIS data not in web search
"Is coolstartup.io available?"	This skill	Passive availability via DNS+WHOIS+SSL

Platform compatibility

Pure Python stdlib (

socket

ssl

urllib

json

concurrent.futures

). Works identically on Linux, macOS, and Windows with no dependencies.

crt.sh queries use HTTPS (port 443) — works behind most firewalls
WHOIS queries use TCP port 43 — may be blocked on restrictive networks
DNS queries use Google DoH (HTTPS) for MX/NS/TXT — firewall-friendly
SSL checks connect to the target on port 443 — the only "active" operation

Data sources

All queries are passive — no port scanning, no vulnerability testing:

crt.sh — Certificate Transparency logs (subdomain discovery, HTTPS only)
WHOIS servers — Direct TCP to 100+ authoritative TLD registrars
Google DNS-over-HTTPS — MX, NS, TXT, CNAME resolution (firewall-friendly)
System DNS — A/AAAA record resolution
SSL check is the only "active" operation (TCP connection to target:443)

Notes

WHOIS queries use TCP port 43 — may be blocked on restrictive networks
Some WHOIS servers redact registrant info (GDPR) — mention this to the user
crt.sh can be slow for very popular domains (thousands of certs) — set reasonable expectations
The availability check is heuristic-based (3 passive signals) — not authoritative like a registrar API

Contributed by @FurkanL0

License

MIT

Quick Start

Install Command

mkdir -p ~/.hermes/skills/research/domain-intel && curl -o ~/.hermes/skills/research/domain-intel/SKILL.md https://raw.githubusercontent.com/NousResearch/hermes-agent/main/optional-skills/research/domain-intel/SKILL.md

domain-intel

AI Skill Market Insights

Be Part of the 0+ Developer Community

Domain Intelligence — Passive OSINT

Helper script

Available commands

When to use this vs built-in tools

Platform compatibility

Data sources

Notes

License

Quick Start

Install Command

TEAR & SHARE

Tags

duckduckgo-search

qmd

drug-discovery

gitnexus-explorer

bioinformatics

Channels

Learn

Compare

Company